@mondaydotcomorg/monday-authorization 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-46d4fc5 → 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-7ce3f8a

package/dist/esm/authorization-service.mjs

@@ -1,18 +1,16 @@
 import { performance } from 'perf_hooks';
-import snakeCase from 'lodash/snakeCase.js';
-import camelCase from 'lodash/camelCase.js';
-import mapKeys from 'lodash/mapKeys.js';
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
 import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
-import { sendAuthorizationCheckResponseTimeMetric, setGraphAvailability, incrementAuthorizationError } from './prometheus-service.mjs';
+import { sendAuthorizationCheckResponseTimeMetric, incrementAuthorizationSuccess } from './prometheus-service.mjs';
 import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
 import { getProfile, PlatformProfile, getAttributionsFromApi } from './attributions-service.mjs';
+import { GraphApiClient } from './clients/graph-api.client.mjs';
+import { PlatformApiClient } from './clients/platform-api.client.mjs';
+import { scopeToResource } from './utils/authorization.utils.mjs';
 
 const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
 const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
-const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_actions_in_scopes';
-const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
 const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
 const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
 const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
@@ -94,166 +92,26 @@ class AuthorizationService {
         const startTime = performance.now();
         let scopedActionResponseObjects;
         if (shouldNavigateToGraph) {
-            const response = await this.fetchGraphIsAllowed(internalAuthToken, scopedActions);
-            scopedActionResponseObjects = this.mapGraphResponse(scopedActions, userId, response);
+            scopedActionResponseObjects = await GraphApiClient.checkPermissions(internalAuthToken, scopedActions);
         }
         else {
             const profile = this.getProfile(accountId, userId);
-            const scopedActionsPayload = this.buildScopedActionsPayload(scopedActions);
-            const platformResponse = await this.fetchPlatformCanActions(profile, internalAuthToken, userId, scopedActionsPayload);
-            scopedActionResponseObjects = this.mapPlatformResponse(platformResponse);
+            scopedActionResponseObjects = await PlatformApiClient.checkPermissions(profile, internalAuthToken, userId, scopedActions);
         }
         const endTime = performance.now();
         const time = endTime - startTime;
         const apiType = shouldNavigateToGraph ? 'graph' : 'platform';
+        // Record metrics for each authorization check
         for (const obj of scopedActionResponseObjects) {
-            const { action } = obj.scopedAction;
-            const resource_type = this.scopeToResource(obj.scopedAction.scope).resourceType;
+            const { action, scope } = obj.scopedAction;
+            const { resourceType } = scopeToResource(scope);
             const isAuthorized = obj.permit.can;
-            sendAuthorizationCheckResponseTimeMetric(resource_type, action, isAuthorized, 200, time, apiType);
-            if (obj.permit.can) ;
-        }
-        return scopedActionResponseObjects;
-    }
-    static buildScopedActionsPayload(scopedActions) {
-        return scopedActions.map(scopedAction => {
-            return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) };
-        });
-    }
-    static scopeToResource(scope) {
-        if ('workspaceId' in scope) {
-            return { resourceType: 'workspace', resourceId: scope.workspaceId };
-        }
-        if ('boardId' in scope) {
-            return { resourceType: 'board', resourceId: scope.boardId };
-        }
-        if ('pulseId' in scope) {
-            return { resourceType: 'pulse', resourceId: scope.pulseId };
-        }
-        if ('accountProductId' in scope) {
-            return { resourceType: 'account_product', resourceId: scope.accountProductId };
-        }
-        if ('accountId' in scope) {
-            return { resourceType: 'account', resourceId: scope.accountId };
-        }
-        throw new Error('Unsupported scope provided');
-    }
-    static buildGraphRequestBody(scopedActions) {
-        const resourcesAccumulator = {};
-        for (const { action, scope } of scopedActions) {
-            const { resourceType, resourceId } = this.scopeToResource(scope);
-            if (!resourcesAccumulator[resourceType]) {
-                resourcesAccumulator[resourceType] = {};
-            }
-            if (!resourcesAccumulator[resourceType][resourceId]) {
-                resourcesAccumulator[resourceType][resourceId] = new Set();
-            }
-            resourcesAccumulator[resourceType][resourceId].add(action);
-        }
-        const resourcesPayload = {};
-        for (const [resourceType, idMap] of Object.entries(resourcesAccumulator)) {
-            resourcesPayload[resourceType] = {};
-            for (const [idStr, actionsSet] of Object.entries(idMap)) {
-                const idNum = Number(idStr);
-                resourcesPayload[resourceType][idNum] = Array.from(actionsSet);
-            }
-        }
-        return resourcesPayload;
-    }
-    static async fetchGraphIsAllowed(internalAuthToken, scopedActions) {
-        const httpClient = Api.getPart('httpClient');
-        const attributionHeaders = getAttributionsFromApi();
-        const bodyPayload = this.buildGraphRequestBody(scopedActions);
-        try {
-            const response = await httpClient.fetch({
-                url: {
-                    appName: 'authorization-graph',
-                    path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
-                },
-                method: 'POST',
-                headers: {
-                    Authorization: internalAuthToken,
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify(bodyPayload),
-            }, {
-                timeout: AuthorizationInternalService.getRequestTimeout(),
-                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
-            });
-            setGraphAvailability(true);
-            return response;
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
-                incrementAuthorizationError(this.scopeToResource(scopedActions[0].scope).resourceType, scopedActions[0].action, err.status);
+            sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time, apiType);
+            if (obj.permit.can) {
+                incrementAuthorizationSuccess(resourceType, action);
             }
-            throw err;
         }
-    }
-    static mapGraphResponse(scopedActions, userId, graphResponse) {
-        const resources = graphResponse ?? {};
-        return scopedActions.map(scopedAction => {
-            const { action, scope } = scopedAction;
-            const { resourceType, resourceId } = this.scopeToResource(scope);
-            const permissionResult = resources?.[resourceType]?.[String(resourceId)]?.[action];
-            const permit = {
-                can: permissionResult?.can ?? false,
-                reason: { key: permissionResult?.reason ?? 'unknown' },
-                technicalReason: 0,
-            };
-            return { scopedAction, permit };
-        });
-    }
-    static async fetchPlatformCanActions(profile, internalAuthToken, userId, scopedActionsPayload) {
-        const attributionHeaders = getAttributionsFromApi();
-        const httpClient = Api.getPart('httpClient');
-        try {
-            const response = await httpClient.fetch({
-                url: {
-                    appName: 'platform',
-                    path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
-                    profile,
-                },
-                method: 'POST',
-                headers: {
-                    Authorization: internalAuthToken,
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ user_id: userId, scoped_actions: scopedActionsPayload }),
-            }, {
-                timeout: AuthorizationInternalService.getRequestTimeout(),
-                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
-            });
-            return response;
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
-                incrementAuthorizationError(this.scopeToResource(this.toCamelCase(scopedActionsPayload[0].scope)).resourceType, scopedActionsPayload[0].action, err.status);
-            }
-            throw err;
-        }
-    }
-    static toCamelCase(obj) {
-        return mapKeys(obj, (_, key) => camelCase(key));
-    }
-    static mapPlatformResponse(response) {
-        if (!response) {
-            logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
-            throw new Error('AuthorizationService: missing response');
-        }
-        return response.result.map(responseObject => {
-            const { scopedAction, permit } = responseObject;
-            const { scope } = scopedAction;
-            return {
-                ...responseObject,
-                scopedAction: { ...scopedAction, scope: this.toCamelCase(scope) },
-                permit: this.toCamelCase(permit),
-            };
-        });
+        return scopedActionResponseObjects;
     }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);

package/dist/esm/clients/graph-api.client.d.ts

@@ -0,0 +1,24 @@
+import { ScopedAction, ScopedActionResponseObject } from '../types/scoped-actions-contracts';
+import { GraphIsAllowedDto, GraphIsAllowedResponse } from '../types/graph-api.types';
+/**
+ * Client for handling Graph API authorization operations
+ */
+export declare class GraphApiClient {
+    /**
+     * Builds the request body for Graph API calls
+     */
+    static buildRequestBody(scopedActions: ScopedAction[]): GraphIsAllowedDto;
+    /**
+     * Fetches authorization data from the Graph API
+     */
+    static fetchPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<GraphIsAllowedResponse>;
+    /**
+     * Maps Graph API response to the expected format
+     */
+    static mapResponse(scopedActions: ScopedAction[], graphResponse: GraphIsAllowedResponse): ScopedActionResponseObject[];
+    /**
+     * Performs a complete authorization check using the Graph API
+     */
+    static checkPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
+}
+//# sourceMappingURL=graph-api.client.d.ts.map

package/dist/esm/clients/graph-api.client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"graph-api.client.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAsB,MAAM,mCAAmC,CAAC;AAGjH,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EAIvB,MAAM,0BAA0B,CAAC;AAMlC;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,iBAAiB;IAyBzE;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IAyClC;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,aAAa,EAAE,YAAY,EAAE,EAC7B,aAAa,EAAE,sBAAsB,GACpC,0BAA0B,EAAE;IAkB/B;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAIzC"}

package/dist/esm/clients/graph-api.client.mjs

@@ -0,0 +1,100 @@
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { AuthorizationInternalService } from '../authorization-internal-service.mjs';
+import { getAttributionsFromApi } from '../attributions-service.mjs';
+import { scopeToResource } from '../utils/authorization.utils.mjs';
+import { setGraphAvailability, incrementAuthorizationError } from '../prometheus-service.mjs';
+
+const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
+/**
+ * Client for handling Graph API authorization operations
+ */
+class GraphApiClient {
+    /**
+     * Builds the request body for Graph API calls
+     */
+    static buildRequestBody(scopedActions) {
+        const resourcesAccumulator = {};
+        for (const { action, scope } of scopedActions) {
+            const { resourceType, resourceId } = scopeToResource(scope);
+            if (!resourcesAccumulator[resourceType]) {
+                resourcesAccumulator[resourceType] = {};
+            }
+            if (!resourcesAccumulator[resourceType][resourceId]) {
+                resourcesAccumulator[resourceType][resourceId] = new Set();
+            }
+            resourcesAccumulator[resourceType][resourceId].add(action);
+        }
+        const resourcesPayload = {};
+        for (const [resourceType, idMap] of Object.entries(resourcesAccumulator)) {
+            resourcesPayload[resourceType] = {};
+            for (const [idStr, actionsSet] of Object.entries(idMap)) {
+                const idNum = Number(idStr);
+                resourcesPayload[resourceType][idNum] = Array.from(actionsSet);
+            }
+        }
+        return resourcesPayload;
+    }
+    /**
+     * Fetches authorization data from the Graph API
+     */
+    static async fetchPermissions(internalAuthToken, scopedActions) {
+        const httpClient = Api.getPart('httpClient');
+        const attributionHeaders = getAttributionsFromApi();
+        const bodyPayload = this.buildRequestBody(scopedActions);
+        try {
+            const response = await httpClient.fetch({
+                url: {
+                    appName: 'authorization-graph',
+                    path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+                },
+                method: 'POST',
+                headers: {
+                    Authorization: internalAuthToken,
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify(bodyPayload),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+            setGraphAvailability(true);
+            return response;
+        }
+        catch (err) {
+            setGraphAvailability(false);
+            if (err instanceof HttpFetcherError) {
+                AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
+                incrementAuthorizationError(scopeToResource(scopedActions[0].scope).resourceType, scopedActions[0].action, err.status);
+            }
+            throw err;
+        }
+    }
+    /**
+     * Maps Graph API response to the expected format
+     */
+    static mapResponse(scopedActions, graphResponse) {
+        const resources = graphResponse ?? {};
+        return scopedActions.map(scopedAction => {
+            const { action, scope } = scopedAction;
+            const { resourceType, resourceId } = scopeToResource(scope);
+            const permissionResult = resources?.[resourceType]?.[String(resourceId)]?.[action];
+            const permit = {
+                can: permissionResult?.can ?? false,
+                reason: { key: permissionResult?.reason ?? 'unknown' },
+                technicalReason: 0,
+            };
+            return { scopedAction, permit };
+        });
+    }
+    /**
+     * Performs a complete authorization check using the Graph API
+     */
+    static async checkPermissions(internalAuthToken, scopedActions) {
+        const response = await this.fetchPermissions(internalAuthToken, scopedActions);
+        return this.mapResponse(scopedActions, response);
+    }
+}
+
+export { GraphApiClient };

package/dist/esm/clients/platform-api.client.d.ts

@@ -0,0 +1,31 @@
+import { ScopedAction, ScopedActionResponseObject } from '../types/scoped-actions-contracts';
+import { PlatformProfile } from '../attributions-service';
+type ScopedActionPlatformPayload = Omit<ScopedAction, 'scope'> & {
+    scope: Record<string, number>;
+};
+interface CanActionsInScopesResponse {
+    result: ScopedActionResponseObject[];
+}
+/**
+ * Client for handling Platform API authorization operations
+ */
+export declare class PlatformApiClient {
+    /**
+     * Builds the request payload for Platform API calls
+     */
+    static buildRequestPayload(scopedActions: ScopedAction[]): ScopedActionPlatformPayload[];
+    /**
+     * Fetches authorization data from the Platform API
+     */
+    static fetchPermissions(profile: PlatformProfile, internalAuthToken: string, userId: number, scopedActionsPayload: ScopedActionPlatformPayload[]): Promise<CanActionsInScopesResponse>;
+    /**
+     * Maps Platform API response to the expected format
+     */
+    static mapResponse(response: CanActionsInScopesResponse): ScopedActionResponseObject[];
+    /**
+     * Performs a complete authorization check using the Platform API
+     */
+    static checkPermissions(profile: PlatformProfile, internalAuthToken: string, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
+}
+export {};
+//# sourceMappingURL=platform-api.client.d.ts.map

package/dist/esm/clients/platform-api.client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform-api.client.d.ts","sourceRoot":"","sources":["../../../src/clients/platform-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAE7F,OAAO,EAA0B,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAOlF,KAAK,2BAA2B,GAAG,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,UAAU,0BAA0B;IAClC,MAAM,EAAE,0BAA0B,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,2BAA2B,EAAE;IAOxF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,2BAA2B,EAAE,GAClD,OAAO,CAAC,0BAA0B,CAAC;IAuCtC;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,0BAA0B,GAAG,0BAA0B,EAAE;IAkBtF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAKzC"}

package/dist/esm/clients/platform-api.client.mjs

@@ -0,0 +1,84 @@
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { AuthorizationInternalService, logger } from '../authorization-internal-service.mjs';
+import { getAttributionsFromApi } from '../attributions-service.mjs';
+import { toSnakeCase, scopeToResource, toCamelCase } from '../utils/authorization.utils.mjs';
+import { incrementAuthorizationError } from '../prometheus-service.mjs';
+
+const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_actions_in_scopes';
+/**
+ * Client for handling Platform API authorization operations
+ */
+class PlatformApiClient {
+    /**
+     * Builds the request payload for Platform API calls
+     */
+    static buildRequestPayload(scopedActions) {
+        return scopedActions.map(scopedAction => ({
+            ...scopedAction,
+            scope: toSnakeCase(scopedAction.scope),
+        }));
+    }
+    /**
+     * Fetches authorization data from the Platform API
+     */
+    static async fetchPermissions(profile, internalAuthToken, userId, scopedActionsPayload) {
+        const attributionHeaders = getAttributionsFromApi();
+        const httpClient = Api.getPart('httpClient');
+        try {
+            const response = await httpClient.fetch({
+                url: {
+                    appName: 'platform',
+                    path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
+                    profile,
+                },
+                method: 'POST',
+                headers: {
+                    Authorization: internalAuthToken,
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ user_id: userId, scoped_actions: scopedActionsPayload }),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+            return response;
+        }
+        catch (err) {
+            if (err instanceof HttpFetcherError) {
+                AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
+                incrementAuthorizationError(scopeToResource(toCamelCase(scopedActionsPayload[0].scope)).resourceType, scopedActionsPayload[0].action, err.status);
+            }
+            throw err;
+        }
+    }
+    /**
+     * Maps Platform API response to the expected format
+     */
+    static mapResponse(response) {
+        if (!response) {
+            logger.error({ tag: 'platform-api-client', response }, 'PlatformApiClient: missing response');
+            throw new Error('PlatformApiClient: missing response');
+        }
+        return response.result.map(responseObject => {
+            const { scopedAction, permit } = responseObject;
+            const { scope } = scopedAction;
+            return {
+                ...responseObject,
+                scopedAction: { ...scopedAction, scope: toCamelCase(scope) },
+                permit: toCamelCase(permit),
+            };
+        });
+    }
+    /**
+     * Performs a complete authorization check using the Platform API
+     */
+    static async checkPermissions(profile, internalAuthToken, userId, scopedActions) {
+        const scopedActionsPayload = this.buildRequestPayload(scopedActions);
+        const platformResponse = await this.fetchPermissions(profile, internalAuthToken, userId, scopedActionsPayload);
+        return this.mapResponse(platformResponse);
+    }
+}
+
+export { PlatformApiClient };

package/dist/esm/prometheus-service.d.ts

@@ -7,7 +7,7 @@ export declare const METRICS: {
 export declare function setPrometheus(customPrometheus: any): void;
 export declare function getMetricsManager(): any;
 export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number, apiType?: 'platform' | 'graph'): void;
-export declare function incrementAuthorizationSuccess(_resourceType: string, _action: Action): void;
-export declare function incrementAuthorizationError(_resourceType: string, _action: Action, _statusCode: number): void;
-export declare function setGraphAvailability(_isAvailable: boolean): void;
+export declare function incrementAuthorizationSuccess(resourceType: string, action: Action): void;
+export declare function incrementAuthorizationError(resourceType: string, action: Action, statusCode: number): void;
+export declare function setGraphAvailability(isAvailable: boolean): void;
 //# sourceMappingURL=prometheus-service.d.ts.map

package/dist/esm/prometheus-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAiB7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,UAAU,GAAG,OAAoB,QAW3C;AAED,wBAAgB,6BAA6B,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,QAAI;AAExF,wBAAgB,2BAA2B,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,QAAI;AAE3G,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,OAAO,QAAI"}
+{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAQzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAsB7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,UAAU,GAAG,OAAoB,QAW3C;AAoBD,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,QAQjF;AAED,wBAAgB,2BAA2B,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,QAQnG;AAED,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,OAAO,QAQxD"}

package/dist/esm/prometheus-service.mjs

@@ -1,5 +1,8 @@
 let prometheus = null;
 let authorizationCheckResponseTimeMetric = null;
+let authorizationSuccessMetric = null;
+let authorizationErrorMetric = null;
+let graphAvailabilityMetric = null;
 const METRICS = {
     AUTHORIZATION_CHECK: 'authorization_check',
     AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
@@ -14,12 +17,16 @@ function setPrometheus(customPrometheus) {
     prometheus = customPrometheus;
     if (!prometheus) {
         authorizationCheckResponseTimeMetric = null;
+        authorizationSuccessMetric = null;
+        authorizationErrorMetric = null;
+        graphAvailabilityMetric = null;
         return;
     }
     const { METRICS_TYPES } = prometheus;
     const metricsManager = getMetricsManager();
     if (metricsManager) {
         authorizationCheckResponseTimeMetric = metricsManager.addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
+        initializeAdditionalMetrics();
     }
 }
 function getMetricsManager() {
@@ -37,8 +44,63 @@ function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthor
         // ignore
     }
 }
-function incrementAuthorizationSuccess(_resourceType, _action) { }
-function incrementAuthorizationError(_resourceType, _action, _statusCode) { }
-function setGraphAvailability(_isAvailable) { }
+const authorizationSuccessMetricConfig = {
+    name: 'authorization_success_total',
+    labels: ['resourceType', 'action'],
+    description: 'Total number of successful authorization checks',
+};
+const authorizationErrorMetricConfig = {
+    name: 'authorization_error_total',
+    labels: ['resourceType', 'action', 'statusCode'],
+    description: 'Total number of authorization errors',
+};
+const graphAvailabilityMetricConfig = {
+    name: 'graph_api_availability',
+    labels: ['available'],
+    description: 'Graph API availability status',
+};
+function incrementAuthorizationSuccess(resourceType, action) {
+    try {
+        if (authorizationSuccessMetric) {
+            authorizationSuccessMetric.labels(resourceType, action).inc();
+        }
+    }
+    catch (e) {
+        // ignore
+    }
+}
+function incrementAuthorizationError(resourceType, action, statusCode) {
+    try {
+        if (authorizationErrorMetric) {
+            authorizationErrorMetric.labels(resourceType, action, statusCode).inc();
+        }
+    }
+    catch (e) {
+        // ignore
+    }
+}
+function setGraphAvailability(isAvailable) {
+    try {
+        if (graphAvailabilityMetric) {
+            graphAvailabilityMetric.labels(isAvailable ? 'true' : 'false').set(isAvailable ? 1 : 0);
+        }
+    }
+    catch (e) {
+        // ignore
+    }
+}
+// Initialize additional metrics when prometheus is set
+function initializeAdditionalMetrics() {
+    if (!prometheus) {
+        return;
+    }
+    const { METRICS_TYPES } = prometheus;
+    const metricsManager = getMetricsManager();
+    if (metricsManager) {
+        authorizationSuccessMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationSuccessMetricConfig.name, authorizationSuccessMetricConfig.labels, authorizationSuccessMetricConfig.description);
+        authorizationErrorMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationErrorMetricConfig.name, authorizationErrorMetricConfig.labels, authorizationErrorMetricConfig.description);
+        graphAvailabilityMetric = metricsManager.addMetric(METRICS_TYPES.GAUGE, graphAvailabilityMetricConfig.name, graphAvailabilityMetricConfig.labels, graphAvailabilityMetricConfig.description);
+    }
+}
 
 export { METRICS, getMetricsManager, incrementAuthorizationError, incrementAuthorizationSuccess, sendAuthorizationCheckResponseTimeMetric, setGraphAvailability, setPrometheus };

package/dist/esm/types/graph-api.types.d.ts

@@ -0,0 +1,11 @@
+export type ResourceType = string;
+export type ResourceId = number;
+export type ActionName = string;
+export type GraphIsAllowedDto = Record<ResourceType, Record<ResourceId, ActionName[]>>;
+export type GraphPermissionResult = {
+    can: boolean;
+    reason: string;
+};
+export type GraphPermissionResults = Record<ActionName, GraphPermissionResult>;
+export type GraphIsAllowedResponse = Record<ResourceType, Record<string, GraphPermissionResults>>;
+//# sourceMappingURL=graph-api.types.d.ts.map

package/dist/esm/types/graph-api.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,MAAM,qBAAqB,GAAG;IAClC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;AAI/E,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC"}

package/dist/esm/types/graph-api.types.mjs

@@ -0,0 +1 @@
+

package/dist/esm/utils/authorization.utils.d.ts

@@ -0,0 +1,22 @@
+import { ScopeOptions } from '../types/scoped-actions-contracts';
+import { ResourceType, ResourceId } from '../types/graph-api.types';
+export type CamelCase<S extends string> = S extends `${infer F}_${infer R}` ? `${F}${Capitalize<CamelCase<R>>}` : S;
+export type CamelCaseKeys<T> = T extends object ? {
+    [K in keyof T as K extends string ? CamelCase<K> : K]: CamelCaseKeys<T[K]>;
+} : T;
+/**
+ * Converts a scope object to resource type and resource ID
+ */
+export declare function scopeToResource(scope: ScopeOptions): {
+    resourceType: ResourceType;
+    resourceId: ResourceId;
+};
+/**
+ * Converts object keys from snake_case to camelCase
+ */
+export declare function toCamelCase<T extends object>(obj: T): CamelCaseKeys<T>;
+/**
+ * Converts object keys from camelCase to snake_case
+ */
+export declare function toSnakeCase<T extends object>(obj: T): Record<string, any>;
+//# sourceMappingURL=authorization.utils.d.ts.map

package/dist/esm/utils/authorization.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization.utils.d.ts","sourceRoot":"","sources":["../../../src/utils/authorization.utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEpE,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,MAAM,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACpH,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,CAAC,SAAS,MAAM,GAC3C;KAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAAE,GAC9E,CAAC,CAAC;AAEN;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAiB3G;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAEtE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEzE"}

package/dist/esm/utils/authorization.utils.mjs

@@ -0,0 +1,39 @@
+import snakeCase from 'lodash/snakeCase.js';
+import camelCase from 'lodash/camelCase.js';
+import mapKeys from 'lodash/mapKeys.js';
+
+/**
+ * Converts a scope object to resource type and resource ID
+ */
+function scopeToResource(scope) {
+    if ('workspaceId' in scope) {
+        return { resourceType: 'workspace', resourceId: scope.workspaceId };
+    }
+    if ('boardId' in scope) {
+        return { resourceType: 'board', resourceId: scope.boardId };
+    }
+    if ('pulseId' in scope) {
+        return { resourceType: 'pulse', resourceId: scope.pulseId };
+    }
+    if ('accountProductId' in scope) {
+        return { resourceType: 'account_product', resourceId: scope.accountProductId };
+    }
+    if ('accountId' in scope) {
+        return { resourceType: 'account', resourceId: scope.accountId };
+    }
+    throw new Error('Unsupported scope provided');
+}
+/**
+ * Converts object keys from snake_case to camelCase
+ */
+function toCamelCase(obj) {
+    return mapKeys(obj, (_, key) => camelCase(key));
+}
+/**
+ * Converts object keys from camelCase to snake_case
+ */
+function toSnakeCase(obj) {
+    return mapKeys(obj, (_, key) => snakeCase(key));
+}
+
+export { scopeToResource, toCamelCase, toSnakeCase };