Skip to content

[permissions] Add permissions check layer in entityManager #11818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

[permissions] Add permissions check layer in entityManager #11818

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
3c9a836
Update WorkspaceEntityManager to integrate permission check
ijreilly Apr 30, 2025
1d2b648
adapt entityManager.createQueryBuilder and bypass checks in seeds
ijreilly Apr 30, 2025
a327c23
update entityManager type
ijreilly Apr 30, 2025
c33a6d0
remove optional arg transactionManager from signature when it is neve…
ijreilly Apr 30, 2025
981a4cb
add test
ijreilly Apr 30, 2025
008d320
Merge branch 'main' of github.com:twentyhq/twenty into perm--repo
ijreilly Apr 30, 2025
4d639be
fix entity manager stale featureFlagMap issue + api key
ijreilly May 2, 2025
6928956
replace comments with explicity type declaration
ijreilly May 2, 2025
180d047
Merge branch 'main' of github.com:twentyhq/twenty into perm--repo
ijreilly May 2, 2025
c722d22
fix + missing methods in WorkspaceSelectQueryBuilder
ijreilly May 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions packages/twenty-server/src/database/commands/data-seed-dev-workspace.command.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { Logger } from '@nestjs/common';

import { Command, CommandRunner } from 'nest-commander';
import { DataSource, EntityManager } from 'typeorm';
import { DataSource } from 'typeorm';

import { seedCoreSchema } from 'src/database/typeorm-seeds/core';
import {
Expand Down Expand Up @@ -43,6 +43,7 @@ import { SURVEY_RESULTS_DATA_SEEDS } from 'src/engine/seeder/data-seeds/survey-r
import { PETS_METADATA_SEEDS } from 'src/engine/seeder/metadata-seeds/pets-metadata-seeds';
import { SURVEY_RESULTS_METADATA_SEEDS } from 'src/engine/seeder/metadata-seeds/survey-results-metadata-seeds';
import { SeederService } from 'src/engine/seeder/seeder.service';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';
import { shouldSeedWorkspaceFavorite } from 'src/engine/utils/should-seed-workspace-favorite';
import { createWorkspaceViews } from 'src/engine/workspace-manager/standard-objects-prefill-data/create-workspace-views';
import { seedViewWithDemoData } from 'src/engine/workspace-manager/standard-objects-prefill-data/seed-view-with-demo-data';
Expand Down Expand Up @@ -169,7 +170,7 @@ export class DataSeedWorkspaceCommand extends CommandRunner {
dataSourceMetadata: DataSourceEntity,
) {
await workspaceDataSource.transaction(
async (entityManager: EntityManager) => {
async (entityManager: WorkspaceEntityManager) => {
const { objectMetadataStandardIdToIdMap } =
await this.objectMetadataService.getObjectMetadataStandardIdToIdMap(
dataSourceMetadata.workspaceId,
Expand Down
8 changes: 5 additions & 3 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/api-key.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,17 @@
import { EntityManager } from 'typeorm';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'apiKey';

const API_KEY_ID = '20202020-f401-4d8a-a731-64d007c27bad';

export const seedApiKey = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks a bit ugly but needed if we want to override EntityManager's createQueryBuilder, + is just in the seeds

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could be an object as an input to avoid that

})
.insert()
.into(`${schemaName}.${tableName}`, ['id', 'name', 'expiresAt'])
.orIgnore()
Expand Down
8 changes: 5 additions & 3 deletions .../twenty-server/src/database/typeorm-seeds/workspace/calendar-channel-event-association.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
import { EntityManager } from 'typeorm';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'calendarChannelEventAssociation';

export const seedCalendarChannelEventAssociations = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/calendar-channel.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,17 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_CONNECTED_ACCOUNT_IDS } from 'src/database/typeorm-seeds/workspace/connected-account';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';
import { CalendarChannelVisibility } from 'src/modules/calendar/common/standard-objects/calendar-channel.workspace-entity';

const tableName = 'calendarChannel';

export const seedCalendarChannels = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/calendar-event-participants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,18 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_PERSON_IDS } from 'src/database/typeorm-seeds/workspace/seedPeople';
import { DEV_SEED_WORKSPACE_MEMBER_IDS } from 'src/database/typeorm-seeds/workspace/workspace-members';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';
import { CalendarEventParticipantResponseStatus } from 'src/modules/calendar/common/standard-objects/calendar-event-participant.workspace-entity';

const tableName = 'calendarEventParticipant';

export const seedCalendarEventParticipants = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
8 changes: 5 additions & 3 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/calendar-events.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
import { EntityManager } from 'typeorm';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'calendarEvent';

export const seedCalendarEvents = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/companies.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_WORKSPACE_MEMBER_IDS } from 'src/database/typeorm-seeds/workspace/workspace-members';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'company';

Expand All @@ -21,11 +20,13 @@ export const DEV_SEED_COMPANY_IDS = {
};

export const seedCompanies = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/connected-account.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_WORKSPACE_MEMBER_IDS } from 'src/database/typeorm-seeds/workspace/workspace-members';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'connectedAccount';

Expand All @@ -11,11 +10,13 @@ export const DEV_SEED_CONNECTED_ACCOUNT_IDS = {
};

export const seedConnectedAccount = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
Comment on lines +17 to +19
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: createQueryBuilder parameters are undefined but used in options object - consider documenting why these parameters are undefined or remove them if not needed

.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 6 additions & 3 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/favorites.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,18 @@
import { EntityManager } from 'typeorm';
import { v4 } from 'uuid';

import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'favorite';

export const seedWorkspaceFavorites = async (
viewIds: string[],
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, ['id', 'viewId', 'position'])
.values(
Expand Down
9 changes: 5 additions & 4 deletions ...wenty-server/src/database/typeorm-seeds/workspace/message-channel-message-associations.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_MESSAGE_CHANNEL_IDS } from 'src/database/typeorm-seeds/workspace/message-channels';
import { DEV_SEED_MESSAGE_IDS } from 'src/database/typeorm-seeds/workspace/messages';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';
import { MessageDirection } from 'src/modules/messaging/common/enums/message-direction.enum';

const tableName = 'messageChannelMessageAssociation';
Expand All @@ -13,11 +12,13 @@ export const DEV_SEED_MESSAGE_CHANNEL_MESSAGE_ASSOCIATION_IDS = {
};

export const seedMessageChannelMessageAssociation = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/message-channels.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_CONNECTED_ACCOUNT_IDS } from 'src/database/typeorm-seeds/workspace/connected-account';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';
import {
MessageChannelSyncStage,
MessageChannelVisibility,
Expand All @@ -15,11 +14,13 @@ export const DEV_SEED_MESSAGE_CHANNEL_IDS = {
};

export const seedMessageChannel = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
Comment on lines +21 to +23
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: createQueryBuilder parameters are undefined but options are provided - consider documenting why these parameters are undefined or remove them if not needed

.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/message-participants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_MESSAGE_IDS } from 'src/database/typeorm-seeds/workspace/messages';
import { DEV_SEED_PERSON_IDS } from 'src/database/typeorm-seeds/workspace/seedPeople';
import { DEV_SEED_WORKSPACE_MEMBER_IDS } from 'src/database/typeorm-seeds/workspace/workspace-members';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'messageParticipant';

Expand All @@ -16,11 +15,13 @@ export const DEV_SEED_MESSAGE_PARTICIPANT_IDS = {
};

export const seedMessageParticipant = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
8 changes: 5 additions & 3 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/message-thread-subscribers.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { EntityManager } from 'typeorm';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'messageThreadSubscriber';

Expand Down Expand Up @@ -26,11 +26,13 @@ export const DEV_SEED_USER_IDS = {
};

export const seedMessageThreadSubscribers = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
8 changes: 5 additions & 3 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/message-threads.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { EntityManager } from 'typeorm';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'messageThread';

Expand All @@ -11,11 +11,13 @@ export const DEV_SEED_MESSAGE_THREAD_IDS = {
};

export const seedMessageThread = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/messages.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_MESSAGE_THREAD_IDS } from 'src/database/typeorm-seeds/workspace/message-threads';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'message';

Expand All @@ -11,11 +10,13 @@ export const DEV_SEED_MESSAGE_IDS = {
};

export const seedMessage = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/opportunities.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_COMPANY_IDS } from 'src/database/typeorm-seeds/workspace/companies';
import { DEV_SEED_PERSON_IDS } from 'src/database/typeorm-seeds/workspace/seedPeople';
import { DEV_SEED_WORKSPACE_MEMBER_IDS } from 'src/database/typeorm-seeds/workspace/workspace-members';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'opportunity';

Expand All @@ -14,11 +13,13 @@ export const DEV_SEED_OPPORTUNITY_IDS = {
};

export const seedOpportunity = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
9 changes: 5 additions & 4 deletions packages/twenty-server/src/database/typeorm-seeds/workspace/seedPeople.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import { EntityManager } from 'typeorm';

import { DEV_SEED_COMPANY_IDS } from 'src/database/typeorm-seeds/workspace/companies';
import { DEV_SEED_WORKSPACE_MEMBER_IDS } from 'src/database/typeorm-seeds/workspace/workspace-members';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';

const tableName = 'person';

Expand All @@ -24,11 +23,13 @@ export const DEV_SEED_PERSON_IDS = {
};

export const seedPeople = async (
entityManager: EntityManager,
entityManager: WorkspaceEntityManager,
schemaName: string,
) => {
await entityManager
.createQueryBuilder()
.createQueryBuilder(undefined, undefined, undefined, {
shouldBypassPermissionChecks: true,
})
.insert()
.into(`${schemaName}.${tableName}`, [
'id',
Expand Down
Loading
Loading