mirror of
https://github.com/twentyhq/twenty.git
synced 2026-04-18 22:12:14 -04:00
a3f9657b73
## Summary **Step 1 of 2:** Implements the "acting on behalf of user" concept for workflows and agents to prevent permission escalation and maintain proper audit trails. ## Problem Previously, workflows and agents would bypass permissions regardless of who initiated them, allowing users to escalate their privileges by triggering workflows that performed actions they couldn't do directly. ## Solution ### For Workflows Introduced `WorkflowExecutionContext` service that determines execution mode: - **Manual triggers/test button**: Uses user's roleId for permissions, user's identity for `createdBy` - **Automated triggers** (cron, database events, webhooks): Bypasses permissions, uses workflow identity ### For Agents **In Chat:** - Always act on behalf of the user - Use user's roleId for permission checks - Use user's identity for `createdBy` # Step 1 vs Step 2 ### ✅ Step 1 (This PR): Acting on Behalf Concept - Introduced `isActingOnBehalfOfUser` boolean concept - Single roleId used for permission checks (user's OR system bypass) - `createdBy` field properly attributes actions to initiator - Prevents permission escalation in user-initiated flows ### 🔜 Step 2 (Future): Multi-Role Permission Support - Support role intersection: `{ intersection: ['roleA', 'roleB'] }` - Support role union: `{ union: ['roleA', 'roleB', 'roleC'] }` - Enable user+agent collaboration scenarios - Update `WorkspaceEntityManager` and `WorkspaceDatasource` to handle multiple roleIds --------- Co-authored-by: Félix Malfait <felix.malfait@gmail.com>