Skip to content

[permissions] Remove raw queries and restrict its usage #12360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

[permissions] Remove raw queries and restrict its usage #12360

wants to merge 13 commits into from

Conversation

ijreilly
Copy link
Collaborator

@ijreilly ijreilly commented May 28, 2025
edited
Loading

Closes twentyhq/core-team-issues#748

In the frame of the work on permissions we

  • remove all raw queries possible to use repositories instead
  • forbid usage workspaceDataSource.executeRawQueries()
  • restrict usage of workspaceDataSource.query() to force developers to pass on shouldBypassPermissionChecks to use it.

ijreilly
ijreilly commented May 28, 2025
View reviewed changes
packages/twenty-server/src/database/typeorm-seeds/core/billing/billing-subscription.ts
@@ -3,11 +3,11 @@ import { DataSource } from 'typeorm';
const tableName = 'billingSubscription';

export const seedBillingSubscriptions = async (
workspaceDataSource: DataSource,
dataSource: DataSource,
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clarifying name here and in other files as Datasource is not equal to WorkspaceDataSource, and does not require shouldBypassPermissionCheck indication.

For workspaceDataSource we have implemented permissions and overriden createQueryBuilder(). DataSource is not restricted to a workspace and can perform operations on core + on any workspace. Its usage is restricted to "system" operations.

ijreilly
ijreilly commented May 28, 2025
View reviewed changes
...es/twenty-server/src/engine/core-modules/record-position/services/record-position.service.ts

return isDefined(recordWithMinPosition?.position)
? recordWithMinPosition.position - index - 1
const recordWithMinPosition = await this.findMinPosition(
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thomtrp fyi

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 28, 2025
edited
Loading

🚀 Preview Environment Ready!

Your preview environment is available at: http://bore.pub:24796

This environment will automatically shut down when the PR is closed or after 5 hours.

@ijreilly ijreilly changed the title [permissions] Remove raw queries [permissions] Remove raw queries and restrict its usage May 28, 2025
@ijreilly ijreilly marked this pull request as ready for review May 28, 2025 15:19
greptile-apps[bot]
greptile-apps bot reviewed May 28, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

This PR implements a significant security improvement by removing raw SQL queries and enforcing repository usage with proper permission checks throughout the codebase. The changes affect multiple modules and services across the application.

  • Replaces WorkspaceDataSourceService with TwentyORMGlobalManager in multiple modules, enforcing permission checks through repositories
  • Removes WorkspaceMemberWorkspaceEntity from several modules, suggesting workspace member access is now handled through dedicated repositories
  • Adds shouldBypassPermissionChecks flag requirement for any remaining raw queries in migration/seed files
  • Replaces SelectQueryBuilder with WorkspaceSelectQueryBuilder to ensure proper permission handling in GraphQL queries
  • Removes deprecated utility files like build-record-position-query.util.ts in favor of repository-based implementations

46 file(s) reviewed, 13 comment(s)
Edit PR Review Bot Settings | Greptile

...r/src/engine/core-modules/record-position/services/__tests__/record-position.service.spec.ts
Comment on lines +13 to 17
findOneBy: jest.fn(),
update: jest.fn(),
minimum: jest.fn().mockResolvedValue(1),
maximum: jest.fn().mockResolvedValue(1),
};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Mock repository methods should verify input parameters and return types match the actual repository interface

ijreilly and others added 3 commits May 28, 2025 18:09
@ijreilly @greptile-apps
greptile
a3daec4 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@ijreilly
greptile
80b3050
@ijreilly
add exceptions to filter
3c233e2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement object-level permissions in raw sql and other edge cases
1 participant
@ijreilly