@mondaydotcomorg/monday-authorization 3.2.3-feature-bashanye-navigate-can-action-in-scope-to-graph-af77c6b → 3.3.0-feat-add-graph-api-routing-support-2d70b30

package/dist/esm/testKit/index.mjs

@@ -9,18 +9,20 @@ const clearTestPermittedActions = () => {
     testPermittedActions = [];
 };
 const isActionAuthorized = (accountId, userId, resources, action) => {
+    // If no resources to check, deny access
+    if (resources.length === 0) {
+        return { isAuthorized: false };
+    }
     return {
-        isAuthorized: resources.every(_ => {
+        isAuthorized: resources.every(resource => {
             return testPermittedActions.some(combination => {
                 return (combination.accountId === accountId &&
                     combination.userId === userId &&
                     combination.action === action &&
                     combination.resources.some(combinationResource => {
-                        return resources.some(resource => {
-                            return (combinationResource.id === resource.id &&
-                                combinationResource.type === resource.type &&
-                                JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData));
-                        });
+                        return (combinationResource.id === resource.id &&
+                            combinationResource.type === resource.type &&
+                            JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData));
                     }));
             });
         }),
@@ -32,11 +34,11 @@ const getTestAuthorizationMiddleware = (action, resourceGetter, contextGetter) =
         const { userId, accountId } = contextGetter(request);
         const resources = resourceGetter(request);
         const { isAuthorized } = isActionAuthorized(accountId, userId, resources, action);
-        AuthorizationInternalService.markAuthorized(request);
         if (!isAuthorized) {
             response.status(403).json({ message: 'Access denied' });
             return;
         }
+        AuthorizationInternalService.markAuthorized(request);
         next();
     };
 };

package/dist/esm/types/graph-api.types.d.ts

@@ -0,0 +1,15 @@
+export type ResourceType = string;
+export type ResourceId = number;
+export type ActionName = string;
+export type GraphIsAllowedDto = Record<ResourceType, Record<ResourceId, ActionName[]>>;
+export type GraphPermissionResult = {
+    can: boolean;
+    reason: string | {
+        key: string;
+        additionalOptions?: Record<string, string>;
+        technicalReason?: number;
+    };
+};
+export type GraphPermissionResults = Record<ActionName, GraphPermissionResult>;
+export type GraphIsAllowedResponse = Record<ResourceType, Record<string, GraphPermissionResults>>;
+//# sourceMappingURL=graph-api.types.d.ts.map

package/dist/esm/types/graph-api.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,MAAM,qBAAqB,GAAG;IAClC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,EACF,MAAM,GACN;QACE,GAAG,EAAE,MAAM,CAAC;QACZ,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC3C,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;CACP,CAAC;AAGF,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;AAI/E,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC"}

package/dist/esm/types/graph-api.types.mjs

@@ -0,0 +1 @@
+

package/dist/esm/utils/authorization.utils.d.ts

@@ -0,0 +1,22 @@
+import { ScopeOptions } from '../types/scoped-actions-contracts';
+import { ResourceType, ResourceId } from '../types/graph-api.types';
+export type CamelCase<S extends string> = S extends `${infer F}_${infer R}` ? `${F}${Capitalize<CamelCase<R>>}` : S;
+export type CamelCaseKeys<T> = T extends object ? {
+    [K in keyof T as K extends string ? CamelCase<K> : K]: CamelCaseKeys<T[K]>;
+} : T;
+/**
+ * Converts a scope object to resource type and resource ID
+ */
+export declare function scopeToResource(scope: ScopeOptions): {
+    resourceType: ResourceType;
+    resourceId: ResourceId;
+};
+/**
+ * Converts object keys from snake_case to camelCase
+ */
+export declare function toCamelCase<T extends object>(obj: T): CamelCaseKeys<T>;
+/**
+ * Converts object keys from camelCase to snake_case
+ */
+export declare function toSnakeCase<T extends object>(obj: T): Record<string, any>;
+//# sourceMappingURL=authorization.utils.d.ts.map

package/dist/esm/utils/authorization.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization.utils.d.ts","sourceRoot":"","sources":["../../../src/utils/authorization.utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEpE,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,MAAM,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACpH,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,CAAC,SAAS,MAAM,GAC3C;KAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAAE,GAC9E,CAAC,CAAC;AAEN;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAkB3G;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAEtE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEzE"}

package/dist/esm/utils/authorization.utils.mjs

@@ -0,0 +1,39 @@
+import snakeCase from 'lodash/snakeCase.js';
+import camelCase from 'lodash/camelCase.js';
+import mapKeys from 'lodash/mapKeys.js';
+
+/**
+ * Converts a scope object to resource type and resource ID
+ */
+function scopeToResource(scope) {
+    if ('workspaceId' in scope) {
+        return { resourceType: 'workspace', resourceId: scope.workspaceId };
+    }
+    if ('boardId' in scope) {
+        return { resourceType: 'board', resourceId: scope.boardId };
+    }
+    if ('pulseId' in scope) {
+        return { resourceType: 'pulse', resourceId: scope.pulseId };
+    }
+    if ('accountProductId' in scope) {
+        return { resourceType: 'account_product', resourceId: scope.accountProductId };
+    }
+    if ('accountId' in scope) {
+        return { resourceType: 'account', resourceId: scope.accountId };
+    }
+    throw new Error('Unsupported scope provided');
+}
+/**
+ * Converts object keys from snake_case to camelCase
+ */
+function toCamelCase(obj) {
+    return mapKeys(obj, (_, key) => camelCase(key));
+}
+/**
+ * Converts object keys from camelCase to snake_case
+ */
+function toSnakeCase(obj) {
+    return mapKeys(obj, (_, key) => snakeCase(key));
+}
+
+export { scopeToResource, toCamelCase, toSnakeCase };

package/dist/prometheus-service.d.ts

@@ -6,5 +6,7 @@ export declare const METRICS: {
 };
 export declare function setPrometheus(customPrometheus: any): void;
 export declare function getMetricsManager(): any;
-export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
+export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number, apiType?: 'platform' | 'graph'): void;
+export declare function incrementAuthorizationSuccess(resourceType: string, action: Action, apiType: 'platform' | 'graph'): void;
+export declare function incrementAuthorizationError(resourceType: string, action: Action, statusCode: number, apiType: 'platform' | 'graph'): void;
 //# sourceMappingURL=prometheus-service.d.ts.map

package/dist/prometheus-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAU7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
+{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAOzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAqB7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,UAAU,GAAG,OAAoB,QAW3C;AAcD,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,QAQhH;AAED,wBAAgB,2BAA2B,CACzC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,UAAU,GAAG,OAAO,QAS9B"}

package/dist/prometheus-service.js

@@ -2,6 +2,8 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
 let prometheus = null;
 let authorizationCheckResponseTimeMetric = null;
+let authorizationSuccessMetric = null;
+let authorizationErrorMetric = null;
 const METRICS = {
     AUTHORIZATION_CHECK: 'authorization_check',
     AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
@@ -9,29 +11,85 @@ const METRICS = {
 };
 const authorizationCheckResponseTimeMetricConfig = {
     name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
-    labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
+    labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus', 'apiType'],
     description: 'Authorization check response time summary',
 };
 function setPrometheus(customPrometheus) {
     prometheus = customPrometheus;
+    if (!prometheus) {
+        authorizationCheckResponseTimeMetric = null;
+        authorizationSuccessMetric = null;
+        authorizationErrorMetric = null;
+        return;
+    }
     const { METRICS_TYPES } = prometheus;
-    authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
+    const metricsManager = getMetricsManager();
+    if (metricsManager) {
+        authorizationCheckResponseTimeMetric = metricsManager.addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
+        initializeAdditionalMetrics();
+    }
 }
 function getMetricsManager() {
     return prometheus?.metricsManager;
 }
-function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
+function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time, apiType = 'platform') {
     try {
         if (authorizationCheckResponseTimeMetric) {
-            authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
+            authorizationCheckResponseTimeMetric
+                .labels(resourceType, action, isAuthorized, responseStatus, apiType)
+                .observe(time);
+        }
+    }
+    catch (e) {
+        // ignore
+    }
+}
+const authorizationSuccessMetricConfig = {
+    name: 'authorization_success_total',
+    labels: ['resourceType', 'action', 'apiType'],
+    description: 'Total number of successful authorization checks',
+};
+const authorizationErrorMetricConfig = {
+    name: 'authorization_error_total',
+    labels: ['resourceType', 'action', 'statusCode', 'apiType'],
+    description: 'Total number of authorization errors',
+};
+function incrementAuthorizationSuccess(resourceType, action, apiType) {
+    try {
+        if (authorizationSuccessMetric) {
+            authorizationSuccessMetric.labels(resourceType, action, apiType).inc();
         }
     }
     catch (e) {
         // ignore
     }
 }
+function incrementAuthorizationError(resourceType, action, statusCode, apiType) {
+    try {
+        if (authorizationErrorMetric) {
+            authorizationErrorMetric.labels(resourceType, action, statusCode, apiType).inc();
+        }
+    }
+    catch (e) {
+        // ignore
+    }
+}
+// Initialize additional metrics when prometheus is set
+function initializeAdditionalMetrics() {
+    if (!prometheus) {
+        return;
+    }
+    const { METRICS_TYPES } = prometheus;
+    const metricsManager = getMetricsManager();
+    if (metricsManager) {
+        authorizationSuccessMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationSuccessMetricConfig.name, authorizationSuccessMetricConfig.labels, authorizationSuccessMetricConfig.description);
+        authorizationErrorMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationErrorMetricConfig.name, authorizationErrorMetricConfig.labels, authorizationErrorMetricConfig.description);
+    }
+}
 
 exports.METRICS = METRICS;
 exports.getMetricsManager = getMetricsManager;
+exports.incrementAuthorizationError = incrementAuthorizationError;
+exports.incrementAuthorizationSuccess = incrementAuthorizationSuccess;
 exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
 exports.setPrometheus = setPrometheus;

package/dist/testKit/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,GAAI,WAAW,MAAM,EAAE,QAAQ,MAAM,EAAE,WAAW,QAAQ,EAAE,EAAE,QAAQ,MAAM,SAE9G,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AAyBF,eAAO,MAAM,8BAA8B,GACzC,QAAQ,MAAM,EACd,gBAAgB,cAAc,EAC9B,gBAAgB,aAAa,MAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,GAAI,WAAW,MAAM,EAAE,QAAQ,MAAM,EAAE,WAAW,QAAQ,EAAE,EAAE,QAAQ,MAAM,SAE9G,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AA4BF,eAAO,MAAM,8BAA8B,GACzC,QAAQ,MAAM,EACd,gBAAgB,cAAc,EAC9B,gBAAgB,aAAa,MAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}

package/dist/testKit/index.js

@@ -11,18 +11,20 @@ const clearTestPermittedActions = () => {
     testPermittedActions = [];
 };
 const isActionAuthorized = (accountId, userId, resources, action) => {
+    // If no resources to check, deny access
+    if (resources.length === 0) {
+        return { isAuthorized: false };
+    }
     return {
-        isAuthorized: resources.every(_ => {
+        isAuthorized: resources.every(resource => {
             return testPermittedActions.some(combination => {
                 return (combination.accountId === accountId &&
                     combination.userId === userId &&
                     combination.action === action &&
                     combination.resources.some(combinationResource => {
-                        return resources.some(resource => {
-                            return (combinationResource.id === resource.id &&
-                                combinationResource.type === resource.type &&
-                                JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData));
-                        });
+                        return (combinationResource.id === resource.id &&
+                            combinationResource.type === resource.type &&
+                            JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData));
                     }));
             });
         }),
@@ -34,11 +36,11 @@ const getTestAuthorizationMiddleware = (action, resourceGetter, contextGetter) =
         const { userId, accountId } = contextGetter(request);
         const resources = resourceGetter(request);
         const { isAuthorized } = isActionAuthorized(accountId, userId, resources, action);
-        authorizationInternalService.AuthorizationInternalService.markAuthorized(request);
         if (!isAuthorized) {
             response.status(403).json({ message: 'Access denied' });
             return;
         }
+        authorizationInternalService.AuthorizationInternalService.markAuthorized(request);
         next();
     };
 };

package/dist/types/graph-api.types.d.ts

@@ -0,0 +1,15 @@
+export type ResourceType = string;
+export type ResourceId = number;
+export type ActionName = string;
+export type GraphIsAllowedDto = Record<ResourceType, Record<ResourceId, ActionName[]>>;
+export type GraphPermissionResult = {
+    can: boolean;
+    reason: string | {
+        key: string;
+        additionalOptions?: Record<string, string>;
+        technicalReason?: number;
+    };
+};
+export type GraphPermissionResults = Record<ActionName, GraphPermissionResult>;
+export type GraphIsAllowedResponse = Record<ResourceType, Record<string, GraphPermissionResults>>;
+//# sourceMappingURL=graph-api.types.d.ts.map

package/dist/types/graph-api.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,MAAM,qBAAqB,GAAG;IAClC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,EACF,MAAM,GACN;QACE,GAAG,EAAE,MAAM,CAAC;QACZ,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC3C,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;CACP,CAAC;AAGF,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;AAI/E,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC"}

package/dist/types/graph-api.types.js

@@ -0,0 +1 @@
+

package/dist/utils/authorization.utils.d.ts

@@ -0,0 +1,22 @@
+import { ScopeOptions } from '../types/scoped-actions-contracts';
+import { ResourceType, ResourceId } from '../types/graph-api.types';
+export type CamelCase<S extends string> = S extends `${infer F}_${infer R}` ? `${F}${Capitalize<CamelCase<R>>}` : S;
+export type CamelCaseKeys<T> = T extends object ? {
+    [K in keyof T as K extends string ? CamelCase<K> : K]: CamelCaseKeys<T[K]>;
+} : T;
+/**
+ * Converts a scope object to resource type and resource ID
+ */
+export declare function scopeToResource(scope: ScopeOptions): {
+    resourceType: ResourceType;
+    resourceId: ResourceId;
+};
+/**
+ * Converts object keys from snake_case to camelCase
+ */
+export declare function toCamelCase<T extends object>(obj: T): CamelCaseKeys<T>;
+/**
+ * Converts object keys from camelCase to snake_case
+ */
+export declare function toSnakeCase<T extends object>(obj: T): Record<string, any>;
+//# sourceMappingURL=authorization.utils.d.ts.map

package/dist/utils/authorization.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization.utils.d.ts","sourceRoot":"","sources":["../../src/utils/authorization.utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEpE,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,MAAM,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACpH,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,CAAC,SAAS,MAAM,GAC3C;KAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAAE,GAC9E,CAAC,CAAC;AAEN;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAkB3G;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAEtE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEzE"}

package/dist/utils/authorization.utils.js

@@ -0,0 +1,49 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const snakeCase = require('lodash/snakeCase.js');
+const camelCase = require('lodash/camelCase.js');
+const mapKeys = require('lodash/mapKeys.js');
+
+const _interopDefault = e => e && e.__esModule ? e : { default: e };
+
+const snakeCase__default = /*#__PURE__*/_interopDefault(snakeCase);
+const camelCase__default = /*#__PURE__*/_interopDefault(camelCase);
+const mapKeys__default = /*#__PURE__*/_interopDefault(mapKeys);
+
+/**
+ * Converts a scope object to resource type and resource ID
+ */
+function scopeToResource(scope) {
+    if ('workspaceId' in scope) {
+        return { resourceType: 'workspace', resourceId: scope.workspaceId };
+    }
+    if ('boardId' in scope) {
+        return { resourceType: 'board', resourceId: scope.boardId };
+    }
+    if ('pulseId' in scope) {
+        return { resourceType: 'pulse', resourceId: scope.pulseId };
+    }
+    if ('accountProductId' in scope) {
+        return { resourceType: 'account_product', resourceId: scope.accountProductId };
+    }
+    if ('accountId' in scope) {
+        return { resourceType: 'account', resourceId: scope.accountId };
+    }
+    throw new Error('Unsupported scope provided');
+}
+/**
+ * Converts object keys from snake_case to camelCase
+ */
+function toCamelCase(obj) {
+    return mapKeys__default.default(obj, (_, key) => camelCase__default.default(key));
+}
+/**
+ * Converts object keys from camelCase to snake_case
+ */
+function toSnakeCase(obj) {
+    return mapKeys__default.default(obj, (_, key) => snakeCase__default.default(key));
+}
+
+exports.scopeToResource = scopeToResource;
+exports.toCamelCase = toCamelCase;
+exports.toSnakeCase = toSnakeCase;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.2.3-feature-bashanye-navigate-can-action-in-scope-to-graph-af77c6b",
+  "version": "3.3.0-feat-add-graph-api-routing-support-2d70b30",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -62,4 +62,4 @@
     "url": "https://github.com/DaPulse/authorization-domain.git",
     "directory": "packages/monday-authorization"
   }
-}
+}

package/CHANGELOG.md

@@ -1,46 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](http://keepachangelog.com/)
-and this project adheres to [Semantic Versioning](http://semver.org/).
-
-## [2.0.0] - 2025-04-07
-
-### ⚠ MAJOR CHANGE - PLEASE READ
-
-### Fixed
-
-- Calls to the monolith will be spread across the different profiles - `api-internal`, `slow` and `internal` (originally, all the calls to the platform went directly to `monday-app`)
-
-## [1.2.9] - 2024-10-06
-
-### Added
-
-- [`authz/bashanye/add-async-resource-attributes-support`](https://github.com/DaPulse/monday-npm-packages/pull/6859)
-  - `AuthorizationAttributesService` - now supports async upsert and delete - requests sent through SNS-SQS).
-
-## [1.2.3] - 2024-06-10
-
-### Added
-
-- [`feature/yarden/resource-attributes-api-support-authz-sdk (#5826)`](https://github.com/DaPulse/monday-npm-packages/pull/5826)
-  - `AuthorizationAttributesService` - now supports upsert (`upsertResourceAttributesSync`) and delete (`deleteResourceAttributesSync`) resource attributes in the authorization MS
-
-## [1.2.0] - 2024-01-05
-
-### Added
-
-- `isAuthorized` now return the unauthorized objects - regardless to the unauthorized ids (which may be missing resource ids if resource has no id, like `feature` e.g.)
-
-## [1.1.0] - 2023-08-09
-
-### ⚠ BREAKING CHANGES
-
-- `canActionInScope` now returns an object of type `{ can: boolean; reason: string; }` instead of `boolean`.
-  This version is considered minor because no one uses this function yet.
-
-### Changed
-
-- [`feature/idan/can-action-in-scope/change-behavior-on-error (#3689)`](https://github.com/DaPulse/monday-npm-packages/pull/3689)
-  - `canActionInScope`, `canActionInScopeMultiple` and `isAuthorized` are now throwing an error instead of returning `false` when an error occurs as part of the authorization http request (status code is not 2XX)