@mondaydotcomorg/monday-authorization 1.1.9-featureliorshonehourjwttoken.465 → 1.1.9-featuremosheauthorizationesm.3695

package/CHANGELOG.md

@@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.2.9] - 2024-10-06
+### Added
+- [`authz/bashanye/add-async-resource-attributes-support`](https://github.com/DaPulse/monday-npm-packages/pull/6859)
+  - `AuthorizationAttributesService` - now supports async upsert and delete - requests sent through SNS-SQS).
+
+## [1.2.3] - 2024-06-10
+### Added
+
+- [`feature/yarden/resource-attributes-api-support-authz-sdk (#5826)`](https://github.com/DaPulse/monday-npm-packages/pull/5826)
+  - `AuthorizationAttributesService` - now supports upsert (`upsertResourceAttributesSync`) and delete (`deleteResourceAttributesSync`) resource attributes in the authorization MS
+
+## [1.2.0] - 2024-01-05
+### Added
+ - `isAuthorized` now return the unauthorized objects - regardless to the unauthorized ids (which may be missing resource ids if resource has no id, like `feature` e.g.)
+
 ## [1.1.0] - 2023-08-09
 
 ### ⚠ BREAKING CHANGES

package/README.md

@@ -136,3 +136,60 @@ const canActionInScopeMultipleResponse: ScopedActionResponseObject[] =
  * ]
  * /
 ```
+
+### Authorization Attributes API
+Authorization attributes have 2 options to get called: sync (http request) and async (send to SNS and consumed asynchronously).  
+When you have to make sure the change in the attributes applied before the function return, please use the sync method, otherwise use the async 
+
+#### Sync method
+Use `AuthorizationAttributesService.upsertResourceAttributesSync` to upsert multiple resource attributes in the authorization MS synchronously.
+
+```ts
+import { AuthorizationAttributesService, ResourceAttributeAssignment, ResourceAttributeResponse } from '@mondaydotcomorg/monday-authorization';
+
+const accountId = 739630;
+const userId = 4;
+const resourceAttributesAssignments: ResourceAttributeAssignment[] = [
+  { resourceId: 18, resourceType: 'workspace', key: 'is_default_workspace', value: 'true' },
+  { resourceId: 23, resourceType: 'board', key: 'board_kind', value: 'private' }
+];
+
+const response: ResourceAttributeResponse = await AuthorizationAttributesService.upsertResourceAttributesSync(accountId, userId, resourceAttributesAssignments);
+```
+
+Use `AuthorizationAttributesService.deleteResourceAttributesSync` to delete single resource's attributes in the authorization MS synchronously.
+
+
+```ts
+import { AuthorizationAttributesService, ResourceAttributeResponse, Resource } from '@mondaydotcomorg/monday-authorization';
+
+const accountId = 739630;
+const userId = 4;
+const resource: Resource = { type: 'workspace', id: 18 };
+const attributeKeys: string[] = ['is_default_workspace', 'workspace_kind'];
+
+const response: ResourceAttributeResponse = await AuthorizationAttributesService.deleteResourceAttributesSync(accountId, userId, resource, attributeKeys);
+```
+
+#### Async method
+use `AuthorizationAttributesService.updateResourceAttributesAsync` to upsert or delete multiple resource attributes at once.
+
+```ts
+import { AuthorizationAttributesService, ResourceAttributeAssignment, ResourceAttributeResponse } from '@mondaydotcomorg/monday-authorization';
+
+const accountId = 739630;
+const appName =  process.env.APP_NAME;
+const callerActionIdentifier = "actions_v2";
+const resourceAttributeOperations: ResourceAttributesOperation[] = [
+  { operationType: 'upsert', resourceId: 18, resourceType: 'workspace', key: 'is_default_workspace', value: 'true' },
+  { operationType: 'delete', resourceId: 23, resourceType: 'board', key: 'board_kind' }
+];
+
+const response: ResourceAttributeResponse = await AuthorizationAttributesService.updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations);
+```
+
+Special notes for asynchronous operations:
+1. There is no guarantee about the order of the updates, so don't do multiple operations on the same key in the same resource.
+2. To update an existing key, just use upsert operation, it'll override previous value.
+3. Requests with a lot of operations might split to chunks that will be consumed either sequence or in parallel, so there might be a timeframe where some of the operations already applied and some not. Eventually all of them will be applied.
+4. If your MS depends on the access to the asynchronous operation, you can use a health check operation `asyncResourceAttributesHealthCheck` that will return false if it can't reach to SNS or can't find the required topic. Note it doesn't check write permissions so make sure your MS have permissions to write to the SNS topic.

package/dist/attributions-service.d.ts

@@ -0,0 +1,3 @@
+export declare function getAttributionsFromApi(): {
+    [key: string]: string;
+};

package/dist/attributions-service.js

@@ -0,0 +1,55 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const authorizationInternalService = require('./authorization-internal-service.js');
+
+const APP_NAME_VARIABLE_KEY = 'APP_NAME';
+const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
+const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
+let didSendFailureLogOnce = false;
+function getAttributionsFromApi() {
+    let callerAppNameFromSdk = {
+        [APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
+    };
+    try {
+        const tridentContext = tridentBackendApi.Api.getPart('context');
+        if (!tridentContext) {
+            return callerAppNameFromSdk;
+        }
+        const { runtimeAttributions } = tridentContext;
+        let runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
+        if (!runtimeAttributionsOutgoingHeaders) {
+            return callerAppNameFromSdk;
+        }
+        const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);
+        const attributionHeadersFromSdk = {};
+        Object.keys(attributionsHeaders).forEach(function (key) {
+            attributionHeadersFromSdk[`${key}${FROM_SDK_HEADER_SUFFIX}`] = attributionsHeaders[key];
+        });
+        return attributionHeadersFromSdk;
+    }
+    catch (error) {
+        if (!didSendFailureLogOnce) {
+            authorizationInternalService.logger.warn({ tag: 'authorization-service', error }, 'Failed to generate attributions headers from the API. Unexpected error while extracting headers. It may be caused by out of date Trident version.');
+            didSendFailureLogOnce = true;
+        }
+        return callerAppNameFromSdk;
+    }
+}
+function getEnvVariable(key) {
+    const envVar = process.env[key] || process.env[key.toUpperCase()] || process.env[key.toLowerCase()];
+    return envVar;
+}
+function tryJsonParse(value) {
+    if (!value) {
+        return value;
+    }
+    try {
+        return JSON.parse(value);
+    }
+    catch (_err) {
+        return value;
+    }
+}
+
+exports.getAttributionsFromApi = getAttributionsFromApi;

package/dist/authorization-attributes-service.d.ts

@@ -0,0 +1,44 @@
+import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
+import { Resource } from './types/general';
+export declare class AuthorizationAttributesService {
+    private static LOG_TAG;
+    /**
+     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
+     * @param accountId
+     * @param userId
+     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
+     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
+     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+     */
+    static upsertResourceAttributes(accountId: number, userId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
+    /**
+     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
+     * @param accountId
+     * @param userId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    static deleteResourceAttributes(accountId: number, userId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    static updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
+    private static sendSingleSnsMessage;
+    private static getSnsTopicArn;
+    private static getResourceAttributesUrl;
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    static asyncResourceAttributesHealthCheck(): Promise<boolean>;
+}

package/dist/authorization-attributes-service.js

@@ -0,0 +1,144 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const chunk = require('lodash/chunk');
+const mondayFetch = require('@mondaydotcomorg/monday-fetch');
+const authorizationInternalService = require('./authorization-internal-service.js');
+const attributionsService = require('./attributions-service.js');
+const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const mondaySns = require('@mondaydotcomorg/monday-sns');
+const constants_sns = require('./constants/sns.js');
+
+const _interopDefault = e => e && e.__esModule ? e : { default: e };
+
+const chunk__default = /*#__PURE__*/_interopDefault(chunk);
+
+class AuthorizationAttributesService {
+    static LOG_TAG = "authorization_attributes";
+    /**
+     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
+     * @param accountId
+     * @param userId
+     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
+     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
+     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+     */
+    static async upsertResourceAttributes(accountId, userId, resourceAttributeAssignments) {
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        const response = await mondayFetch.fetch(this.getResourceAttributesUrl(accountId), {
+            method: 'POST',
+            headers: {
+                Authorization: internalAuthToken,
+                'Content-Type': 'application/json',
+                ...attributionHeaders,
+            },
+            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+            body: JSON.stringify({ resourceAttributeAssignments }),
+        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
+        const responseBody = await response.json();
+        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'upsertResourceAttributesSync');
+        return { attributes: responseBody['attributes'] };
+    }
+    /**
+     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
+     * @param accountId
+     * @param userId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    static async deleteResourceAttributes(accountId, userId, resource, attributeKeys) {
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const url = `${this.getResourceAttributesUrl(accountId)}/${resource.type}/${resource.id}`;
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        const response = await mondayFetch.fetch(url, {
+            method: 'DELETE',
+            headers: {
+                Authorization: internalAuthToken,
+                'Content-Type': 'application/json',
+                ...attributionHeaders,
+            },
+            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+            body: JSON.stringify({ keys: attributeKeys }),
+        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
+        const responseBody = await response.json();
+        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'deleteResourceAttributesSync');
+        return { attributes: responseBody['attributes'] };
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    static async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
+        const topicArn = this.getSnsTopicArn();
+        const sendToSnsPromises = [];
+        const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    static async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
+        const payload = {
+            kind: constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+            payload: {
+                accountId: accountId,
+                callerAppName: appName,
+                callerActionIdentifier: callerActionIdentifier,
+                operations: operations,
+            }
+        };
+        try {
+            await mondaySns.sendToSns(payload, topicArn);
+            return operations;
+        }
+        catch (error) {
+            authorizationInternalService.logger.error({ error, tag: this.LOG_TAG }, "Authorization resource attributes async update: failed to send operations to SNS");
+            return [];
+        }
+    }
+    static getSnsTopicArn() {
+        const arnFromApi = tridentBackendApi.Api.getPart('configurationVariables')?.get(constants_sns.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME).arn;
+        if (arnFromApi) {
+            return arnFromApi;
+        }
+        const jsonArnFromEnv = process.env[constants_sns.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME];
+        const arnFromEnv = JSON.parse(jsonArnFromEnv).arn;
+        if (arnFromEnv) {
+            return arnFromEnv;
+        }
+        throw new Error('Unable to get sns topic arn from env variable');
+    }
+    static getResourceAttributesUrl(accountId) {
+        return `${process.env.AUTHORIZATION_URL}/attributes/${accountId}/resource`;
+    }
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    static async asyncResourceAttributesHealthCheck() {
+        try {
+            const requestedTopicArn = this.getSnsTopicArn();
+            const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
+            const isHealthy = !(!attributes || !("TopicArn" in attributes) || attributes.TopicArn !== requestedTopicArn);
+            if (!isHealthy) {
+                authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: this.LOG_TAG }, "authorization-attributes-service failed in health check");
+            }
+            return isHealthy;
+        }
+        catch (error) {
+            authorizationInternalService.logger.error({ error, tag: this.LOG_TAG }, "authorization-attributes-service got error during health check");
+            return false;
+        }
+    }
+}
+
+exports.AuthorizationAttributesService = AuthorizationAttributesService;

package/dist/authorization-internal-service.d.ts

@@ -0,0 +1,13 @@
+import { Request } from 'express';
+import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
+export declare const logger: import("bunyan");
+export declare class AuthorizationInternalService {
+    static skipAuthorization(requset: Request): void;
+    static markAuthorized(request: Request): void;
+    static failIfNotCoveredByAuthorization(request: Request): void;
+    static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
+    static generateInternalAuthToken(accountId: number, userId: number): string;
+    static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
+    static getRequestFetchOptions(): MondayFetchOptions;
+    static getRequestTimeout(): 60000 | 2000;
+}

package/dist/authorization-internal-service.js

@@ -0,0 +1,80 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const mondayJwt = require('@mondaydotcomorg/monday-jwt');
+const MondayLogger = require('@mondaydotcomorg/monday-logger');
+
+function _interopNamespace(e) {
+if (e && e.__esModule) return e;
+const n = Object.create(null, { [Symbol.toStringTag]: { value: 'Module' } });
+if (e) {
+for (const k in e) {
+if (k !== 'default') {
+const d = Object.getOwnPropertyDescriptor(e, k);
+Object.defineProperty(n, k, d.get ? d : {
+enumerable: true,
+get: () => e[k]
+});
+}
+}
+}
+n.default = e;
+return n;
+}
+
+const MondayLogger__namespace = /*#__PURE__*/_interopNamespace(MondayLogger);
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const defaultMondayFetchOptions = {
+    retries: 3,
+    callback: logOnFetchFail,
+};
+function logOnFetchFail(retriesLeft, error) {
+    if (retriesLeft == 0) {
+        logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
+    }
+    else {
+        logger.info({ retriesLeft, error }, 'Authorization attempt failed due to network issues, trying again');
+    }
+}
+let mondayFetchOptions = defaultMondayFetchOptions;
+const logger = MondayLogger__namespace.getLogger();
+class AuthorizationInternalService {
+    static skipAuthorization(requset) {
+        requset.authorizationSkipPerformed = true;
+    }
+    static markAuthorized(request) {
+        request.authorizationCheckPerformed = true;
+    }
+    static failIfNotCoveredByAuthorization(request) {
+        if (!request.authorizationCheckPerformed && !request.authorizationSkipPerformed) {
+            throw 'Endpoint is not covered by authorization check';
+        }
+    }
+    static throwOnHttpErrorIfNeeded(response, placement) {
+        if (response.ok) {
+            return;
+        }
+        const status = response.status;
+        logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
+        throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
+    }
+    static generateInternalAuthToken(accountId, userId) {
+        return mondayJwt.signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
+    }
+    static setRequestFetchOptions(customMondayFetchOptions) {
+        mondayFetchOptions = {
+            ...defaultMondayFetchOptions,
+            ...customMondayFetchOptions,
+        };
+    }
+    static getRequestFetchOptions() {
+        return mondayFetchOptions;
+    }
+    static getRequestTimeout() {
+        const isDevEnv = process.env.NODE_ENV === 'development';
+        return isDevEnv ? 60000 : 2000;
+    }
+}
+
+exports.AuthorizationInternalService = AuthorizationInternalService;
+exports.logger = logger;

package/dist/{lib/authorization-middleware.d.ts → authorization-middleware.d.ts}

@@ -1,5 +1,6 @@
 import { NextFunction } from 'express';
-import { Action, BaseRequest, BaseResponse, ContextGetter, ResourceGetter } from './types/general';
+import { Action, BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
 export declare function getAuthorizationMiddleware(action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter): (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;
 export declare function skipAuthorizationMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
 export declare function authorizationCheckMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
+export declare function defaultContextGetter(request: BaseRequest): Context;

package/dist/authorization-middleware.js

@@ -0,0 +1,48 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const onHeaders = require('on-headers');
+const authorizationInternalService = require('./authorization-internal-service.js');
+const authorizationService = require('./authorization-service.js');
+
+const _interopDefault = e => e && e.__esModule ? e : { default: e };
+
+const onHeaders__default = /*#__PURE__*/_interopDefault(onHeaders);
+
+// getAuthorizationMiddleware is duplicated in testKit/index.ts
+// If you are making changes to this function, please make sure to update the other file as well
+function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
+    return async function authorizationMiddleware(request, response, next) {
+        contextGetter ||= defaultContextGetter;
+        const { userId, accountId } = contextGetter(request);
+        const resources = resourceGetter(request);
+        const { isAuthorized } = await authorizationService.AuthorizationService.isAuthorized(accountId, userId, resources, action);
+        authorizationInternalService.AuthorizationInternalService.markAuthorized(request);
+        if (!isAuthorized) {
+            response.status(403).json({ message: 'Access denied' });
+            return;
+        }
+        next();
+    };
+}
+function skipAuthorizationMiddleware(request, response, next) {
+    authorizationInternalService.AuthorizationInternalService.skipAuthorization(request);
+    next();
+}
+function authorizationCheckMiddleware(request, response, next) {
+    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+        onHeaders__default.default(response, function () {
+            if (response.statusCode < 400) {
+                authorizationInternalService.AuthorizationInternalService.failIfNotCoveredByAuthorization(request);
+            }
+        });
+    }
+    next();
+}
+function defaultContextGetter(request) {
+    return request.payload;
+}
+
+exports.authorizationCheckMiddleware = authorizationCheckMiddleware;
+exports.defaultContextGetter = defaultContextGetter;
+exports.getAuthorizationMiddleware = getAuthorizationMiddleware;
+exports.skipAuthorizationMiddleware = skipAuthorizationMiddleware;

package/dist/{lib/authorization-service.d.ts → authorization-service.d.ts}

@@ -1,9 +1,10 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { Action, AuthorizationObject, Resource } from './types/general';
-import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from 'lib/types/scoped-actions-contracts';
+import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
 export interface AuthorizeResponse {
     isAuthorized: boolean;
     unauthorizedIds?: number[];
+    unauthorizedObjects?: AuthorizationObject[];
 }
 export declare function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
 export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;