Fix emailThread not loading and rest batch api forbidden

twentyhq · Sep 14, 2024 · a18b998 · a18b998
1 parent 8588612
commit a18b998
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 16 deletions.
diff --git a/...ages/twenty-server/src/engine/api/rest/core/controllers/rest-api-core-batch.controller.ts b/...ages/twenty-server/src/engine/api/rest/core/controllers/rest-api-core-batch.controller.ts
@@ -4,10 +4,11 @@ import { Request, Response } from 'express';
 
 import { RestApiCoreService } from 'src/engine/api/rest/core/rest-api-core.service';
 import { cleanGraphQLResponse } from 'src/engine/api/rest/utils/clean-graphql-response.utils';
+import { JwtAuthGuard } from 'src/engine/guards/jwt-auth.guard';
 import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
 
 @Controller('rest/batch/*')
-@UseGuards(WorkspaceAuthGuard)
+@UseGuards(JwtAuthGuard, WorkspaceAuthGuard)
 export class RestApiCoreBatchController {
   constructor(private readonly restApiCoreService: RestApiCoreService) {}
 

diff --git a/packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts b/packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts
@@ -115,8 +115,12 @@ export class AuthResolver {
   @UseGuards(WorkspaceAuthGuard, UserAuthGuard)
   async generateTransientToken(
     @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
   ): Promise<TransientToken | void> {
-    const workspaceMember = await this.userService.loadWorkspaceMember(user);
+    const workspaceMember = await this.userService.loadWorkspaceMember(
+      user,
+      workspace,
+    );
 
     if (!workspaceMember) {
       return;

diff --git a/packages/twenty-server/src/engine/core-modules/auth/services/auth.service.ts b/packages/twenty-server/src/engine/core-modules/auth/services/auth.service.ts
@@ -32,12 +32,12 @@ import { UserExists } from 'src/engine/core-modules/auth/dto/user-exists.entity'
 import { Verify } from 'src/engine/core-modules/auth/dto/verify.entity';
 import { WorkspaceInviteHashValid } from 'src/engine/core-modules/auth/dto/workspace-invite-hash-valid.entity';
 import { SignInUpService } from 'src/engine/core-modules/auth/services/sign-in-up.service';
+import { EmailService } from 'src/engine/core-modules/email/email.service';
+import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { WorkspaceMember } from 'src/engine/core-modules/user/dtos/workspace-member.dto';
 import { UserService } from 'src/engine/core-modules/user/services/user.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
-import { EmailService } from 'src/engine/core-modules/email/email.service';
-import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 
 import { TokenService } from './token.service';
 
@@ -150,7 +150,10 @@ export class AuthService {
 
     // passwordHash is hidden for security reasons
     user.passwordHash = '';
-    const workspaceMember = await this.userService.loadWorkspaceMember(user);
+    const workspaceMember = await this.userService.loadWorkspaceMember(
+      user,
+      user.defaultWorkspace,
+    );
 
     if (workspaceMember) {
       user.workspaceMember = workspaceMember as WorkspaceMember;

diff --git a/packages/twenty-server/src/engine/core-modules/messaging/timeline-messaging.resolver.ts b/packages/twenty-server/src/engine/core-modules/messaging/timeline-messaging.resolver.ts
@@ -9,7 +9,9 @@ import { TimelineThreadsWithTotal } from 'src/engine/core-modules/messaging/dtos
 import { GetMessagesService } from 'src/engine/core-modules/messaging/services/get-messages.service';
 import { UserService } from 'src/engine/core-modules/user/services/user.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
+import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
+import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
 import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
 import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
 
@@ -50,9 +52,13 @@ export class TimelineMessagingResolver {
   @Query(() => TimelineThreadsWithTotal)
   async getTimelineThreadsFromPersonId(
     @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
     @Args() { personId, page, pageSize }: GetTimelineThreadsFromPersonIdArgs,
   ) {
-    const workspaceMember = await this.userService.loadWorkspaceMember(user);
+    const workspaceMember = await this.userService.loadWorkspaceMember(
+      user,
+      workspace,
+    );
 
     if (!workspaceMember) {
       return;
@@ -72,9 +78,13 @@ export class TimelineMessagingResolver {
   @Query(() => TimelineThreadsWithTotal)
   async getTimelineThreadsFromCompanyId(
     @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
     @Args() { companyId, page, pageSize }: GetTimelineThreadsFromCompanyIdArgs,
   ) {
-    const workspaceMember = await this.userService.loadWorkspaceMember(user);
+    const workspaceMember = await this.userService.loadWorkspaceMember(
+      user,
+      workspace,
+    );
 
     if (!workspaceMember) {
       return;

diff --git a/packages/twenty-server/src/engine/core-modules/user/services/user.service.ts b/packages/twenty-server/src/engine/core-modules/user/services/user.service.ts
@@ -6,13 +6,13 @@ import { TypeOrmQueryService } from '@ptc-org/nestjs-query-typeorm';
 import { Repository } from 'typeorm';
 
 import { TypeORMService } from 'src/database/typeorm/typeorm.service';
+import { ObjectRecordDeleteEvent } from 'src/engine/core-modules/event-emitter/types/object-record-delete.event';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import { WorkspaceService } from 'src/engine/core-modules/workspace/services/workspace.service';
 import {
   Workspace,
   WorkspaceActivationStatus,
 } from 'src/engine/core-modules/workspace/workspace.entity';
-import { ObjectRecordDeleteEvent } from 'src/engine/core-modules/event-emitter/types/object-record-delete.event';
 import { DataSourceService } from 'src/engine/metadata-modules/data-source/data-source.service';
 import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
 import { WorkspaceEventEmitter } from 'src/engine/workspace-event-emitter/workspace-event-emitter';
@@ -32,17 +32,14 @@ export class UserService extends TypeOrmQueryService<User> {
     super(userRepository);
   }
 
-  async loadWorkspaceMember(user: User) {
-    if (
-      user.defaultWorkspace.activationStatus !==
-      WorkspaceActivationStatus.ACTIVE
-    ) {
+  async loadWorkspaceMember(user: User, workspace: Workspace) {
+    if (workspace?.activationStatus !== WorkspaceActivationStatus.ACTIVE) {
       return null;
     }
 
     const workspaceMemberRepository =
       await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
-        user.defaultWorkspaceId,
+        workspace.id,
         'workspaceMember',
       );
 

diff --git a/packages/twenty-server/src/engine/core-modules/user/user.resolver.ts b/packages/twenty-server/src/engine/core-modules/user/user.resolver.ts
@@ -97,8 +97,14 @@ export class UserResolver {
   @ResolveField(() => WorkspaceMember, {
     nullable: true,
   })
-  async workspaceMember(@Parent() user: User): Promise<WorkspaceMember | null> {
-    const workspaceMember = await this.userService.loadWorkspaceMember(user);
+  async workspaceMember(
+    @Parent() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ): Promise<WorkspaceMember | null> {
+    const workspaceMember = await this.userService.loadWorkspaceMember(
+      user,
+      workspace,
+    );
 
     if (workspaceMember && workspaceMember.avatarUrl) {
       const avatarUrlToken = await this.fileService.encodeFileToken({