mukeshs/twenty_crm
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
a0a575fa0b852702693be451b570d8ed1bb26962
twenty_crm/packages/twenty-server/src/engine/metadata-modules/role/role.entity.ts
Marie 1cb60f943e [field-level permissions] Upsert fieldPermission + use fieldPermission to compute permissions (#13050) 
In this PR

- introduction of fieldPermission entity
- addition of upsertFieldPermission in role resolver
- computing of permissions taking fieldPermission into account. In order
to limit what is stored in Redis we only store fields restrictions. For
instance for objectMetadata with id XXX with a restriction on field with
id YYY we store:
`"XXX":{"canRead":true,"canUpdate":false,"canSoftDelete":false,"canDestroy":false,"restrictedFields":{"YYY":{"canRead":false,"canUpdate":null}}}`

---------

Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
2025-07-09 08:47:59 +00:00

83 lines
2.3 KiB
TypeScript
Raw Blame History

import {
Column,
CreateDateColumn,
Entity,
OneToMany,
PrimaryGeneratedColumn,
Relation,
Unique,
UpdateDateColumn,
} from 'typeorm';
import { FieldPermissionEntity } from 'src/engine/metadata-modules/object-permission/field-permission/field-permission.entity';
import { ObjectPermissionEntity } from 'src/engine/metadata-modules/object-permission/object-permission.entity';
import { RoleTargetsEntity } from 'src/engine/metadata-modules/role/role-targets.entity';
import { SettingPermissionEntity } from 'src/engine/metadata-modules/setting-permission/setting-permission.entity';
@Entity('role')
@Unique('IDX_ROLE_LABEL_WORKSPACE_ID_UNIQUE', ['label', 'workspaceId'])
export class RoleEntity {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ nullable: false })
label: string;
@Column({ nullable: false, default: false })
canUpdateAllSettings: boolean;
@Column({ nullable: false, default: false })
canReadAllObjectRecords: boolean;
@Column({ nullable: false, default: false })
canUpdateAllObjectRecords: boolean;
@Column({ nullable: false, default: false })
canSoftDeleteAllObjectRecords: boolean;
@Column({ nullable: false, default: false })
canDestroyAllObjectRecords: boolean;
@Column({ nullable: true, type: 'text' })
description: string;
@Column({ nullable: true })
icon: string;
@Column({ nullable: false, type: 'uuid' })
workspaceId: string;
@CreateDateColumn({ type: 'timestamptz' })
createdAt: Date;
@UpdateDateColumn({ type: 'timestamptz' })
updatedAt: Date;
@Column({ nullable: false, default: true })
isEditable: boolean;
@OneToMany(
() => RoleTargetsEntity,
(roleTargets: RoleTargetsEntity) => roleTargets.role,
)
roleTargets: Relation<RoleTargetsEntity[]>;
@OneToMany(
() => ObjectPermissionEntity,
(objectPermission: ObjectPermissionEntity) => objectPermission.role,
)
objectPermissions: Relation<ObjectPermissionEntity[]>;
@OneToMany(
() => SettingPermissionEntity,
(settingPermission: SettingPermissionEntity) => settingPermission.role,
)
settingPermissions: Relation<SettingPermissionEntity[]>;
@OneToMany(
() => FieldPermissionEntity,
(fieldPermission: FieldPermissionEntity) => fieldPermission.role,
)
fieldPermissions: Relation<FieldPermissionEntity[]>;
}
Reference in New Issue View Git Blame Copy Permalink