Paul Rastoin bb464b2ffb Forbid other app role extension (#19783) ...

# Introduction
Even though this would not possible through API at the moment, from
neither API metadata or manifest ( as manifest `permissionsFlag`
declarations etc are done from within a declared role )
Prevent any app to create permissions entities over another app role
from the validation engine itself

## `isEditable`
We might wanna deprecate this column at some point from the entity it
self as now the grain would rather be `what app owns that role ?`

---------

Co-authored-by: Charles Bochet <charles@twenty.com>

2026-04-17 12:00:37 +00:00

..

create-twenty-app

Release v1.22.0 for twenty-sdk, twenty-client-sdk, and create-twenty-app (#19751)

2026-04-16 08:29:50 +00:00

twenty-apps

…

twenty-cli

…

twenty-client-sdk

fix(server): workspace member permissions and profile onboarding (#19786)

2026-04-17 09:58:34 +00:00

twenty-companion

…

twenty-docker

…

twenty-docs

…

twenty-e2e-testing

shouldIncludeRecordPageLayouts deprecation (#19774)

2026-04-17 11:32:10 +00:00

twenty-emails

…

twenty-front

Fix AI chat dropzone persisting when dragging file out without dropping (#19794)

2026-04-17 11:43:02 +00:00

twenty-front-component-renderer

Add event forwarding stories to the front component renderer (#19721)

2026-04-16 08:55:49 +00:00

twenty-oxlint-rules

…

twenty-sdk

Surface structured validation errors during application install (#19787)

2026-04-17 11:29:33 +00:00

twenty-server

Forbid other app role extension (#19783)

2026-04-17 12:00:37 +00:00

twenty-shared

fix: replace slow deep-equal with fastDeepEqual to resolve CPU bottleneck (#19771)

2026-04-16 17:23:50 +02:00

twenty-ui

Fix app design 1/2 (#19735)

2026-04-16 09:47:44 +00:00

twenty-utils

…

twenty-website

…

twenty-website-new

[Website] Resolve animations breaking due to renderer context being lost. (#19747)

2026-04-16 08:50:56 +00:00

twenty-zapier

…