@mondaydotcomorg/monday-authorization 3.2.3-feature-bashanye-navigate-can-action-in-scope-to-graph-af77c6b → 3.2.4

package/dist/attributions-service.d.ts

@@ -2,9 +2,10 @@ import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api'
 export declare enum PlatformProfile {
     API_INTERNAL = "api-internal",
     SLOW = "slow",
-    INTERNAL = "internal"
+    INTERNAL = "internal",
+    APP = "app"
 }
-export declare function getProfile(): PlatformProfile;
+export declare function getProfile(): PlatformProfile.API_INTERNAL | PlatformProfile.SLOW | PlatformProfile.INTERNAL;
 export declare function getExecutionContext(context: Context): ExecutionContext;
 export declare function getAttributionsFromApi(): {
     [key: string]: string;

package/dist/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}

package/dist/attributions-service.js

@@ -12,6 +12,7 @@ exports.PlatformProfile = void 0;
     PlatformProfile["API_INTERNAL"] = "api-internal";
     PlatformProfile["SLOW"] = "slow";
     PlatformProfile["INTERNAL"] = "internal";
+    PlatformProfile["APP"] = "app";
 })(exports.PlatformProfile || (exports.PlatformProfile = {}));
 function getProfile() {
     const tridentContext = tridentBackendApi.Api.getPart('context');

package/dist/authorization-service.d.ts

@@ -30,14 +30,6 @@ export declare class AuthorizationService {
     static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
     private static getProfile;
     static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
-    private static buildScopedActionsPayload;
-    private static scopeToResource;
-    private static buildGraphRequestBody;
-    private static fetchGraphIsAllowed;
-    private static mapGraphResponse;
-    private static fetchPlatformCanActions;
-    private static toCamelCase;
-    private static mapPlatformResponse;
     private static isAuthorizedSingular;
     private static isAuthorizedMultiple;
 }

package/dist/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAc1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AA6BD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAsBxC,OAAO,CAAC,MAAM,CAAC,yBAAyB;IAMxC,OAAO,CAAC,MAAM,CAAC,eAAe;IAmB9B,OAAO,CAAC,MAAM,CAAC,qBAAqB;mBAyBf,mBAAmB;IAoCxC,OAAO,CAAC,MAAM,CAAC,gBAAgB;mBAoBV,uBAAuB;IAsC5C,OAAO,CAAC,MAAM,CAAC,WAAW;IAI1B,OAAO,CAAC,MAAM,CAAC,mBAAmB;mBAiBb,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAY1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAkEnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/authorization-service.js

@@ -23,8 +23,6 @@ const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_acti
 const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
 const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
 const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
-const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
-const GRAPH_IS_ALLOWED_PATH = '/permissions/is-allowed';
 function setRequestFetchOptions(customMondayFetchOptions) {
     authorizationInternalService.AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
@@ -94,114 +92,19 @@ class AuthorizationService {
             this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
             return attributionsService.getProfile();
         }
-        return attributionsService.PlatformProfile.INTERNAL;
+        return attributionsService.PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
-        const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
-        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-        if (shouldNavigateToGraph) {
-            const response = await this.fetchGraphIsAllowed(internalAuthToken, scopedActions);
-            return this.mapGraphResponse(scopedActions, userId, response);
-        }
         const profile = this.getProfile(accountId, userId);
-        const scopedActionsPayload = this.buildScopedActionsPayload(scopedActions);
-        const platformResponse = await this.fetchPlatformCanActions(profile, internalAuthToken, userId, scopedActionsPayload);
-        return this.mapPlatformResponse(platformResponse);
-    }
-    static buildScopedActionsPayload(scopedActions) {
-        return scopedActions.map(scopedAction => {
-            return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) };
-        });
-    }
-    static scopeToResource(scope) {
-        if ('workspaceId' in scope) {
-            return { resourceType: 'workspace', resourceId: scope.workspaceId };
-        }
-        if ('boardId' in scope) {
-            return { resourceType: 'board', resourceId: scope.boardId };
-        }
-        if ('pulseId' in scope) {
-            return { resourceType: 'pulse', resourceId: scope.pulseId };
-        }
-        if ('accountProductId' in scope) {
-            return { resourceType: 'account_product', resourceId: scope.accountProductId };
-        }
-        if ('accountId' in scope) {
-            return { resourceType: 'account', resourceId: scope.accountId };
-        }
-        throw new Error('Unsupported scope provided');
-    }
-    static buildGraphRequestBody(scopedActions) {
-        const resourcesAccumulator = {};
-        for (const { action, scope } of scopedActions) {
-            const { resourceType, resourceId } = this.scopeToResource(scope);
-            if (!resourcesAccumulator[resourceType]) {
-                resourcesAccumulator[resourceType] = {};
-            }
-            if (!resourcesAccumulator[resourceType][resourceId]) {
-                resourcesAccumulator[resourceType][resourceId] = new Set();
-            }
-            resourcesAccumulator[resourceType][resourceId].add(action);
-        }
-        const resourcesPayload = {};
-        for (const [resourceType, idMap] of Object.entries(resourcesAccumulator)) {
-            resourcesPayload[resourceType] = {};
-            for (const [idStr, actionsSet] of Object.entries(idMap)) {
-                const idNum = Number(idStr);
-                resourcesPayload[resourceType][idNum] = Array.from(actionsSet);
-            }
-        }
-        return resourcesPayload;
-    }
-    static async fetchGraphIsAllowed(internalAuthToken, scopedActions) {
-        const httpClient = tridentBackendApi.Api.getPart('httpClient');
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        const bodyPayload = this.buildGraphRequestBody(scopedActions);
-        try {
-            const response = await httpClient.fetch({
-                url: {
-                    appName: 'authorization-graph',
-                    path: GRAPH_IS_ALLOWED_PATH,
-                },
-                method: 'POST',
-                headers: {
-                    Authorization: internalAuthToken,
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify(bodyPayload),
-            }, {
-                timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
-                retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
-            });
-            return response;
-        }
-        catch (err) {
-            if (err instanceof mondayFetchApi.HttpFetcherError) {
-                authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
-            }
-            throw err;
-        }
-    }
-    static mapGraphResponse(scopedActions, userId, graphResponse) {
-        const resources = graphResponse ?? {};
-        return scopedActions.map(scopedAction => {
-            const { action, scope } = scopedAction;
-            const { resourceType, resourceId } = this.scopeToResource(scope);
-            const permissionResult = resources?.[resourceType]?.[String(resourceId)]?.[action];
-            const permit = {
-                can: permissionResult?.can ?? false,
-                reason: { key: permissionResult?.reason ?? 'unknown' },
-                technicalReason: 0,
-            };
-            return { scopedAction, permit };
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const scopedActionsPayload = scopedActions.map(scopedAction => {
+            return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
         });
-    }
-    static async fetchPlatformCanActions(profile, internalAuthToken, userId, scopedActionsPayload) {
         const attributionHeaders = attributionsService.getAttributionsFromApi();
         const httpClient = tridentBackendApi.Api.getPart('httpClient');
+        let response;
         try {
-            const response = await httpClient.fetch({
+            response = await httpClient.fetch({
                 url: {
                     appName: 'platform',
                     path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
@@ -213,37 +116,40 @@ class AuthorizationService {
                     'Content-Type': 'application/json',
                     ...attributionHeaders,
                 },
-                body: JSON.stringify({ user_id: userId, scoped_actions: scopedActionsPayload }),
+                body: JSON.stringify({
+                    user_id: userId,
+                    scoped_actions: scopedActionsPayload,
+                }),
             }, {
                 timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
                 retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
             });
-            return response;
         }
         catch (err) {
             if (err instanceof mondayFetchApi.HttpFetcherError) {
                 authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
             }
-            throw err;
+            else {
+                throw err;
+            }
+        }
+        function toCamelCase(obj) {
+            return mapKeys__default.default(obj, (_, key) => camelCase__default.default(key));
         }
-    }
-    static toCamelCase(obj) {
-        return mapKeys__default.default(obj, (_, key) => camelCase__default.default(key));
-    }
-    static mapPlatformResponse(response) {
         if (!response) {
             authorizationInternalService.logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
             throw new Error('AuthorizationService: missing response');
         }
-        return response.result.map(responseObject => {
+        const scopedActionsResponseObjects = response.result.map(responseObject => {
             const { scopedAction, permit } = responseObject;
             const { scope } = scopedAction;
             return {
                 ...responseObject,
-                scopedAction: { ...scopedAction, scope: this.toCamelCase(scope) },
-                permit: this.toCamelCase(permit),
+                scopedAction: { ...scopedAction, scope: toCamelCase(scope) },
+                permit: toCamelCase(permit),
             };
         });
+        return scopedActionsResponseObjects;
     }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);

package/dist/esm/attributions-service.d.ts

@@ -2,9 +2,10 @@ import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api'
 export declare enum PlatformProfile {
     API_INTERNAL = "api-internal",
     SLOW = "slow",
-    INTERNAL = "internal"
+    INTERNAL = "internal",
+    APP = "app"
 }
-export declare function getProfile(): PlatformProfile;
+export declare function getProfile(): PlatformProfile.API_INTERNAL | PlatformProfile.SLOW | PlatformProfile.INTERNAL;
 export declare function getExecutionContext(context: Context): ExecutionContext;
 export declare function getAttributionsFromApi(): {
     [key: string]: string;

package/dist/esm/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}

package/dist/esm/attributions-service.mjs

@@ -10,6 +10,7 @@ var PlatformProfile;
     PlatformProfile["API_INTERNAL"] = "api-internal";
     PlatformProfile["SLOW"] = "slow";
     PlatformProfile["INTERNAL"] = "internal";
+    PlatformProfile["APP"] = "app";
 })(PlatformProfile || (PlatformProfile = {}));
 function getProfile() {
     const tridentContext = Api.getPart('context');

package/dist/esm/authorization-service.d.ts

@@ -30,14 +30,6 @@ export declare class AuthorizationService {
     static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
     private static getProfile;
     static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
-    private static buildScopedActionsPayload;
-    private static scopeToResource;
-    private static buildGraphRequestBody;
-    private static fetchGraphIsAllowed;
-    private static mapGraphResponse;
-    private static fetchPlatformCanActions;
-    private static toCamelCase;
-    private static mapPlatformResponse;
     private static isAuthorizedSingular;
     private static isAuthorizedMultiple;
 }

package/dist/esm/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAc1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AA6BD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAsBxC,OAAO,CAAC,MAAM,CAAC,yBAAyB;IAMxC,OAAO,CAAC,MAAM,CAAC,eAAe;IAmB9B,OAAO,CAAC,MAAM,CAAC,qBAAqB;mBAyBf,mBAAmB;IAoCxC,OAAO,CAAC,MAAM,CAAC,gBAAgB;mBAoBV,uBAAuB;IAsC5C,OAAO,CAAC,MAAM,CAAC,WAAW;IAI1B,OAAO,CAAC,MAAM,CAAC,mBAAmB;mBAiBb,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAY1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAkEnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/esm/authorization-service.mjs

@@ -15,8 +15,6 @@ const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_acti
 const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
 const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
 const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
-const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
-const GRAPH_IS_ALLOWED_PATH = '/permissions/is-allowed';
 function setRequestFetchOptions(customMondayFetchOptions) {
     AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
@@ -86,114 +84,19 @@ class AuthorizationService {
             this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
             return getProfile();
         }
-        return PlatformProfile.INTERNAL;
+        return PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
-        const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
-        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-        if (shouldNavigateToGraph) {
-            const response = await this.fetchGraphIsAllowed(internalAuthToken, scopedActions);
-            return this.mapGraphResponse(scopedActions, userId, response);
-        }
         const profile = this.getProfile(accountId, userId);
-        const scopedActionsPayload = this.buildScopedActionsPayload(scopedActions);
-        const platformResponse = await this.fetchPlatformCanActions(profile, internalAuthToken, userId, scopedActionsPayload);
-        return this.mapPlatformResponse(platformResponse);
-    }
-    static buildScopedActionsPayload(scopedActions) {
-        return scopedActions.map(scopedAction => {
-            return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) };
-        });
-    }
-    static scopeToResource(scope) {
-        if ('workspaceId' in scope) {
-            return { resourceType: 'workspace', resourceId: scope.workspaceId };
-        }
-        if ('boardId' in scope) {
-            return { resourceType: 'board', resourceId: scope.boardId };
-        }
-        if ('pulseId' in scope) {
-            return { resourceType: 'pulse', resourceId: scope.pulseId };
-        }
-        if ('accountProductId' in scope) {
-            return { resourceType: 'account_product', resourceId: scope.accountProductId };
-        }
-        if ('accountId' in scope) {
-            return { resourceType: 'account', resourceId: scope.accountId };
-        }
-        throw new Error('Unsupported scope provided');
-    }
-    static buildGraphRequestBody(scopedActions) {
-        const resourcesAccumulator = {};
-        for (const { action, scope } of scopedActions) {
-            const { resourceType, resourceId } = this.scopeToResource(scope);
-            if (!resourcesAccumulator[resourceType]) {
-                resourcesAccumulator[resourceType] = {};
-            }
-            if (!resourcesAccumulator[resourceType][resourceId]) {
-                resourcesAccumulator[resourceType][resourceId] = new Set();
-            }
-            resourcesAccumulator[resourceType][resourceId].add(action);
-        }
-        const resourcesPayload = {};
-        for (const [resourceType, idMap] of Object.entries(resourcesAccumulator)) {
-            resourcesPayload[resourceType] = {};
-            for (const [idStr, actionsSet] of Object.entries(idMap)) {
-                const idNum = Number(idStr);
-                resourcesPayload[resourceType][idNum] = Array.from(actionsSet);
-            }
-        }
-        return resourcesPayload;
-    }
-    static async fetchGraphIsAllowed(internalAuthToken, scopedActions) {
-        const httpClient = Api.getPart('httpClient');
-        const attributionHeaders = getAttributionsFromApi();
-        const bodyPayload = this.buildGraphRequestBody(scopedActions);
-        try {
-            const response = await httpClient.fetch({
-                url: {
-                    appName: 'authorization-graph',
-                    path: GRAPH_IS_ALLOWED_PATH,
-                },
-                method: 'POST',
-                headers: {
-                    Authorization: internalAuthToken,
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify(bodyPayload),
-            }, {
-                timeout: AuthorizationInternalService.getRequestTimeout(),
-                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
-            });
-            return response;
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
-            }
-            throw err;
-        }
-    }
-    static mapGraphResponse(scopedActions, userId, graphResponse) {
-        const resources = graphResponse ?? {};
-        return scopedActions.map(scopedAction => {
-            const { action, scope } = scopedAction;
-            const { resourceType, resourceId } = this.scopeToResource(scope);
-            const permissionResult = resources?.[resourceType]?.[String(resourceId)]?.[action];
-            const permit = {
-                can: permissionResult?.can ?? false,
-                reason: { key: permissionResult?.reason ?? 'unknown' },
-                technicalReason: 0,
-            };
-            return { scopedAction, permit };
+        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const scopedActionsPayload = scopedActions.map(scopedAction => {
+            return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
         });
-    }
-    static async fetchPlatformCanActions(profile, internalAuthToken, userId, scopedActionsPayload) {
         const attributionHeaders = getAttributionsFromApi();
         const httpClient = Api.getPart('httpClient');
+        let response;
         try {
-            const response = await httpClient.fetch({
+            response = await httpClient.fetch({
                 url: {
                     appName: 'platform',
                     path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
@@ -205,37 +108,40 @@ class AuthorizationService {
                     'Content-Type': 'application/json',
                     ...attributionHeaders,
                 },
-                body: JSON.stringify({ user_id: userId, scoped_actions: scopedActionsPayload }),
+                body: JSON.stringify({
+                    user_id: userId,
+                    scoped_actions: scopedActionsPayload,
+                }),
             }, {
                 timeout: AuthorizationInternalService.getRequestTimeout(),
                 retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
             });
-            return response;
         }
         catch (err) {
             if (err instanceof HttpFetcherError) {
                 AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
             }
-            throw err;
+            else {
+                throw err;
+            }
+        }
+        function toCamelCase(obj) {
+            return mapKeys(obj, (_, key) => camelCase(key));
         }
-    }
-    static toCamelCase(obj) {
-        return mapKeys(obj, (_, key) => camelCase(key));
-    }
-    static mapPlatformResponse(response) {
         if (!response) {
             logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
             throw new Error('AuthorizationService: missing response');
         }
-        return response.result.map(responseObject => {
+        const scopedActionsResponseObjects = response.result.map(responseObject => {
             const { scopedAction, permit } = responseObject;
             const { scope } = scopedAction;
             return {
                 ...responseObject,
-                scopedAction: { ...scopedAction, scope: this.toCamelCase(scope) },
-                permit: this.toCamelCase(permit),
+                scopedAction: { ...scopedAction, scope: toCamelCase(scope) },
+                permit: toCamelCase(permit),
             };
         });
+        return scopedActionsResponseObjects;
     }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.2.3-feature-bashanye-navigate-can-action-in-scope-to-graph-af77c6b",
+  "version": "3.2.4",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -46,7 +46,9 @@
     "typescript": "^5.2.2"
   },
   "files": [
-    "dist/"
+    "dist/",
+    "src/",
+    "dist/node_modules/lodash-cjs/"
   ],
   "eslintConfig": {
     "extends": "@mondaydotcomorg/trident-library",
@@ -62,4 +64,4 @@
     "url": "https://github.com/DaPulse/authorization-domain.git",
     "directory": "packages/monday-authorization"
   }
-}
+}

package/src/attributions-service.ts

@@ -0,0 +1,93 @@
+import { Api, Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api';
+import { logger } from './authorization-internal-service';
+
+const APP_NAME_VARIABLE_KEY = 'APP_NAME';
+const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
+const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
+
+let didSendFailureLogOnce = false;
+
+export enum PlatformProfile {
+  API_INTERNAL = 'api-internal',
+  SLOW = 'slow',
+  INTERNAL = 'internal',
+  APP = 'app',
+}
+
+export function getProfile() {
+  const tridentContext = Api.getPart('context');
+  if (!tridentContext) {
+    return PlatformProfile.INTERNAL;
+  }
+  const { mondayRequestSource } = getExecutionContext(tridentContext);
+
+  switch (mondayRequestSource) {
+    case 'api': {
+      return PlatformProfile.API_INTERNAL;
+    }
+    case 'slow': {
+      return PlatformProfile.SLOW;
+    }
+    default:
+      return PlatformProfile.INTERNAL;
+  }
+}
+
+export function getExecutionContext(context: Context): ExecutionContext {
+  return context.execution.get();
+}
+
+export function getAttributionsFromApi(): { [key: string]: string } {
+  const callerAppNameFromSdk = {
+    [APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
+  };
+
+  try {
+    const tridentContext = Api.getPart('context');
+
+    if (!tridentContext) {
+      return callerAppNameFromSdk;
+    }
+
+    const { runtimeAttributions } = tridentContext;
+    const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
+
+    if (!runtimeAttributionsOutgoingHeaders) {
+      return callerAppNameFromSdk;
+    }
+
+    const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);
+
+    const attributionHeadersFromSdk = {};
+    Object.keys(attributionsHeaders).forEach(function (key) {
+      attributionHeadersFromSdk[`${key}${FROM_SDK_HEADER_SUFFIX}`] = attributionsHeaders[key];
+    });
+
+    return attributionHeadersFromSdk;
+  } catch (error) {
+    if (!didSendFailureLogOnce) {
+      logger.warn(
+        { tag: 'authorization-service', error },
+        'Failed to generate attributions headers from the API. Unexpected error while extracting headers. It may be caused by out of date Trident version.'
+      );
+      didSendFailureLogOnce = true;
+    }
+    return callerAppNameFromSdk;
+  }
+}
+
+function getEnvVariable(key: string) {
+  const envVar = process.env[key] || process.env[key.toUpperCase()] || process.env[key.toLowerCase()];
+  return envVar;
+}
+
+function tryJsonParse(value: string | undefined) {
+  if (!value) {
+    return value;
+  }
+  try {
+    return JSON.parse(value);
+  } catch (_err) {
+    return value;
+  }
+}