@faststore/api 3.88.1 → 3.88.6

package/src/platforms/vtex/resolvers/query.ts

@@ -7,6 +7,7 @@ import type {
   QueryPickupPointsArgs,
   QueryProductArgs,
   QueryProductCountArgs,
+  QueryProductsArgs,
   QueryProfileArgs,
   QueryRedirectArgs,
   QuerySearchArgs,
@@ -14,9 +15,14 @@ import type {
   QueryShippingArgs,
   QueryUserOrderArgs,
   UserOrderFromList,
-  QueryProductsArgs,
 } from '../../../__generated__/schema'
-import { BadRequestError, ForbiddenError, NotFoundError } from '../../errors'
+import {
+  BadRequestError,
+  ForbiddenError,
+  NotFoundError,
+  isForbiddenError,
+  isNotFoundError,
+} from '../../errors'
 import type { CategoryTree } from '../clients/commerce/types/CategoryTree'
 import type { ProfileAddress } from '../clients/commerce/types/Profile'
 import type { SearchArgs } from '../clients/search'
@@ -478,22 +484,39 @@ export const Query = {
         },
       }
     } catch (error) {
-      const result = JSON.parse((error as Error).message).error as {
-        code: string
-        message: string
-        exception: any
+      const errorMessage = (error as Error).message
+
+      let result: {
+        code?: string
+        message?: string
+        exception?: any
+      } = {}
+
+      /** The errorMessage can be in:
+       * JSON format: {"error":{"code":"OMS007","message":"Order Not Found","exception":null}}
+       * Plain text format: "No authorized"
+       * Unknown format
+       */
+      try {
+        const parsed = JSON.parse(errorMessage)
+        result = parsed.error || parsed
+      } catch {
+        result = { message: errorMessage }
       }
 
-      if (result?.message?.toLowerCase()?.includes('order not found')) {
-        throw new NotFoundError(`No order found for id ${orderId}`)
+      const message = result?.message || errorMessage
+
+      if (isNotFoundError(error)) {
+        throw new NotFoundError(`No order found for id ${orderId}. ${message}.`)
       }
 
-      if (result?.message?.toLowerCase()?.includes('acesso negado')) {
+      if (isForbiddenError(error)) {
         throw new ForbiddenError(
-          `You are forbidden to interact with order with id ${orderId}`
+          `You are forbidden to interact with order with id ${orderId}. ${message}.`
         )
       }
 
+      // Fallback for other Errors
       throw error
     }
   },

package/src/platforms/vtex/resolvers/validateSession.ts

@@ -100,19 +100,10 @@ export const validateSession = async (
   const isRepresentative = jwt?.isRepresentative
   const customerId = jwt?.customerId
   const unitId = jwt?.unitId
-  const userId = jwt?.userId
-
-  const [sessionData, canManageOrganization] = await Promise.all([
-    clients.commerce.session(params.toString()).catch(() => null),
-    userId
-      ? clients.commerce.licenseManager
-          .getUserGrantedResources({
-            userId: userId,
-            resourceKey: 'ManageOrganizationAndContract',
-          })
-          .catch(() => false)
-      : false,
-  ])
+
+  const sessionData = await clients.commerce
+    .session(params.toString())
+    .catch(() => null)
 
   const profile = sessionData?.namespaces.profile ?? null
   const shopper = sessionData?.namespaces.shopper ?? null
@@ -165,9 +156,6 @@ export const validateSession = async (
             `${shopper?.firstName?.value ?? ''} ${shopper?.lastName?.value ?? ''}`.trim(),
           userEmail: authentication?.storeUserEmail.value ?? '',
           savedPostalCode: publicData?.postalCode?.value ?? '',
-          permissions: {
-            canManageOrganization,
-          },
         }
       : null,
     marketingData,

package/src/typeDefs/session.graphql

@@ -188,10 +188,6 @@ type StoreSession {
   refreshAfter: String
 }
 
-type StoreB2BPermissions {
-  canManageOrganization: Boolean!
-}
-
 type StoreB2B {
   customerId: String!
   isRepresentative: Boolean
@@ -202,11 +198,6 @@ type StoreB2B {
   userName: String
   userEmail: String
   savedPostalCode: String
-  permissions: StoreB2BPermissions!
-}
-
-input IStoreB2BPermissions {
-  canManageOrganization: Boolean!
 }
 
 input IStoreB2B {
@@ -219,7 +210,6 @@ input IStoreB2B {
   userName: String
   userEmail: String
   savedPostalCode: String
-  permissions: IStoreB2BPermissions!
 }
 
 """