@mondaydotcomorg/monday-authorization 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-63c65ad → 3.3.1-feature-bashanye-add-membership-create-delete-api-d00c165

package/src/types/scoped-actions-contracts.ts

@@ -0,0 +1,57 @@
+export interface WorkspaceScope {
+  workspaceId: number;
+}
+
+export interface BoardScope {
+  boardId: number;
+}
+
+export interface PulseScope {
+  pulseId: number;
+}
+
+export interface AccountProductScope {
+  accountProductId: number;
+}
+
+export interface AccountScope {
+  accountId: number;
+}
+
+export type ScopeOptions = WorkspaceScope | BoardScope | PulseScope | AccountProductScope | AccountScope;
+
+export interface Translation {
+  key: string;
+  [option: string]: string;
+}
+
+export enum PermitTechnicalReason {
+  NO_REASON = 0,
+  NOT_ELIGIBLE = 1,
+  BY_ROLE_IN_SCOPE = 2,
+  /**
+   * NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
+   * method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
+   * two purposes: to mean both that a permit was requested and that it was received; at least: in the
+   * case of where a `permissions` parameter is passed to the `getPermits` method.
+   */
+  NOT_APPLICABLE = 3,
+  BY_POLICY = 4,
+  BY_OVERRIDE = 5,
+}
+
+export interface ScopedActionPermit {
+  can: boolean;
+  reason: Translation;
+  technicalReason: PermitTechnicalReason;
+}
+
+export interface ScopedAction {
+  action: string;
+  scope: ScopeOptions;
+}
+
+export interface ScopedActionResponseObject {
+  scopedAction: ScopedAction;
+  permit: ScopedActionPermit;
+}

package/src/utils/api-error-handler.ts

@@ -0,0 +1,25 @@
+import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { AuthorizationInternalService, logger } from '../authorization-internal-service';
+import { recordAuthorizationError } from '../metrics-service';
+
+export function handleApiError(
+  err: unknown,
+  apiType: 'platform' | 'graph' | 'authorization',
+  placement: string
+): never {
+  if (err instanceof HttpFetcherError) {
+    logger.error(
+      { tag: `${apiType}-api`, status: err.status, error: err.message },
+      `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`
+    );
+    recordAuthorizationError(apiType, err.status, placement);
+    AuthorizationInternalService.throwOnHttpError(err.status, placement);
+  } else {
+    logger.error(
+      { tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) },
+      `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`
+    );
+    recordAuthorizationError(apiType, 500, placement);
+    throw err;
+  }
+}

package/src/utils/authorization.utils.ts

@@ -0,0 +1,47 @@
+import snakeCase from 'lodash/snakeCase.js';
+import camelCase from 'lodash/camelCase.js';
+import mapKeys from 'lodash/mapKeys.js';
+import { ScopeOptions } from '../types/scoped-actions-contracts';
+import { ResourceType, ResourceId } from '../types/graph-api.types';
+
+export type CamelCase<S extends string> = S extends `${infer F}_${infer R}` ? `${F}${Capitalize<CamelCase<R>>}` : S;
+export type CamelCaseKeys<T> = T extends object
+  ? { [K in keyof T as K extends string ? CamelCase<K> : K]: CamelCaseKeys<T[K]> }
+  : T;
+
+/**
+ * Converts a scope object to resource type and resource ID
+ */
+export function scopeToResource(scope: ScopeOptions): { resourceType: ResourceType; resourceId: ResourceId } {
+  if ('workspaceId' in scope) {
+    return { resourceType: 'workspace', resourceId: scope.workspaceId };
+  }
+  if ('boardId' in scope) {
+    return { resourceType: 'board', resourceId: scope.boardId };
+  }
+  if ('pulseId' in scope) {
+    return { resourceType: 'pulse', resourceId: scope.pulseId };
+  }
+  if ('accountProductId' in scope) {
+    return { resourceType: 'account_product', resourceId: scope.accountProductId };
+  }
+  if ('accountId' in scope) {
+    return { resourceType: 'account', resourceId: scope.accountId };
+  }
+
+  throw new Error('Unsupported scope provided');
+}
+
+/**
+ * Converts object keys from snake_case to camelCase
+ */
+export function toCamelCase<T extends object>(obj: T): CamelCaseKeys<T> {
+  return mapKeys(obj, (_, key) => camelCase(key)) as CamelCaseKeys<T>;
+}
+
+/**
+ * Converts object keys from camelCase to snake_case
+ */
+export function toSnakeCase<T extends object>(obj: T): Record<string, any> {
+  return mapKeys(obj, (_, key) => snakeCase(key));
+}

package/dist/clients/graph-api.client.d.ts

@@ -1,24 +0,0 @@
-import { ScopedAction, ScopedActionResponseObject } from '../types/scoped-actions-contracts';
-import { GraphIsAllowedDto, GraphIsAllowedResponse } from '../types/graph-api.types';
-/**
- * Client for handling Graph API authorization operations
- */
-export declare class GraphApiClient {
-    /**
-     * Builds the request body for Graph API calls
-     */
-    static buildRequestBody(scopedActions: ScopedAction[]): GraphIsAllowedDto;
-    /**
-     * Fetches authorization data from the Graph API
-     */
-    static fetchPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<GraphIsAllowedResponse>;
-    /**
-     * Maps Graph API response to the expected format
-     */
-    static mapResponse(scopedActions: ScopedAction[], graphResponse: GraphIsAllowedResponse): ScopedActionResponseObject[];
-    /**
-     * Performs a complete authorization check using the Graph API
-     */
-    static checkPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
-}
-//# sourceMappingURL=graph-api.client.d.ts.map

package/dist/clients/graph-api.client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"graph-api.client.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EAIvB,MAAM,0BAA0B,CAAC;AAMlC;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,iBAAiB;IAyBzE;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IA2ClC;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,aAAa,EAAE,YAAY,EAAE,EAC7B,aAAa,EAAE,sBAAsB,GACpC,0BAA0B,EAAE;IAsC/B;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAIzC"}

package/dist/clients/platform-api.client.d.ts

@@ -1,31 +0,0 @@
-import { ScopedAction, ScopedActionResponseObject } from '../types/scoped-actions-contracts';
-import { PlatformProfile } from '../attributions-service';
-type ScopedActionPlatformPayload = Omit<ScopedAction, 'scope'> & {
-    scope: Record<string, number>;
-};
-interface CanActionsInScopesResponse {
-    result: ScopedActionResponseObject[];
-}
-/**
- * Client for handling Platform API authorization operations
- */
-export declare class PlatformApiClient {
-    /**
-     * Builds the request payload for Platform API calls
-     */
-    static buildRequestPayload(scopedActions: ScopedAction[]): ScopedActionPlatformPayload[];
-    /**
-     * Fetches authorization data from the Platform API
-     */
-    static fetchPermissions(profile: PlatformProfile, internalAuthToken: string, userId: number, scopedActionsPayload: ScopedActionPlatformPayload[]): Promise<CanActionsInScopesResponse>;
-    /**
-     * Maps Platform API response to the expected format
-     */
-    static mapResponse(response: CanActionsInScopesResponse): ScopedActionResponseObject[];
-    /**
-     * Performs a complete authorization check using the Platform API
-     */
-    static checkPermissions(profile: PlatformProfile, internalAuthToken: string, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
-}
-export {};
-//# sourceMappingURL=platform-api.client.d.ts.map

package/dist/clients/platform-api.client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"platform-api.client.d.ts","sourceRoot":"","sources":["../../src/clients/platform-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAE7F,OAAO,EAA0B,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAOlF,KAAK,2BAA2B,GAAG,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,UAAU,0BAA0B;IAClC,MAAM,EAAE,0BAA0B,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,2BAA2B,EAAE;IAOxF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,2BAA2B,EAAE,GAClD,OAAO,CAAC,0BAA0B,CAAC;IAuCtC;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,0BAA0B,GAAG,0BAA0B,EAAE;IAkBtF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAKzC"}

package/dist/esm/clients/graph-api.client.d.ts

@@ -1,24 +0,0 @@
-import { ScopedAction, ScopedActionResponseObject } from '../types/scoped-actions-contracts';
-import { GraphIsAllowedDto, GraphIsAllowedResponse } from '../types/graph-api.types';
-/**
- * Client for handling Graph API authorization operations
- */
-export declare class GraphApiClient {
-    /**
-     * Builds the request body for Graph API calls
-     */
-    static buildRequestBody(scopedActions: ScopedAction[]): GraphIsAllowedDto;
-    /**
-     * Fetches authorization data from the Graph API
-     */
-    static fetchPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<GraphIsAllowedResponse>;
-    /**
-     * Maps Graph API response to the expected format
-     */
-    static mapResponse(scopedActions: ScopedAction[], graphResponse: GraphIsAllowedResponse): ScopedActionResponseObject[];
-    /**
-     * Performs a complete authorization check using the Graph API
-     */
-    static checkPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
-}
-//# sourceMappingURL=graph-api.client.d.ts.map

package/dist/esm/clients/graph-api.client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"graph-api.client.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EAIvB,MAAM,0BAA0B,CAAC;AAMlC;;GAEG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,iBAAiB;IAyBzE;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IA2ClC;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,aAAa,EAAE,YAAY,EAAE,EAC7B,aAAa,EAAE,sBAAsB,GACpC,0BAA0B,EAAE;IAsC/B;;OAEG;WACU,gBAAgB,CAC3B,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAIzC"}

package/dist/esm/clients/platform-api.client.d.ts

@@ -1,31 +0,0 @@
-import { ScopedAction, ScopedActionResponseObject } from '../types/scoped-actions-contracts';
-import { PlatformProfile } from '../attributions-service';
-type ScopedActionPlatformPayload = Omit<ScopedAction, 'scope'> & {
-    scope: Record<string, number>;
-};
-interface CanActionsInScopesResponse {
-    result: ScopedActionResponseObject[];
-}
-/**
- * Client for handling Platform API authorization operations
- */
-export declare class PlatformApiClient {
-    /**
-     * Builds the request payload for Platform API calls
-     */
-    static buildRequestPayload(scopedActions: ScopedAction[]): ScopedActionPlatformPayload[];
-    /**
-     * Fetches authorization data from the Platform API
-     */
-    static fetchPermissions(profile: PlatformProfile, internalAuthToken: string, userId: number, scopedActionsPayload: ScopedActionPlatformPayload[]): Promise<CanActionsInScopesResponse>;
-    /**
-     * Maps Platform API response to the expected format
-     */
-    static mapResponse(response: CanActionsInScopesResponse): ScopedActionResponseObject[];
-    /**
-     * Performs a complete authorization check using the Platform API
-     */
-    static checkPermissions(profile: PlatformProfile, internalAuthToken: string, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
-}
-export {};
-//# sourceMappingURL=platform-api.client.d.ts.map

package/dist/esm/clients/platform-api.client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"platform-api.client.d.ts","sourceRoot":"","sources":["../../../src/clients/platform-api.client.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAE7F,OAAO,EAA0B,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAOlF,KAAK,2BAA2B,GAAG,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,UAAU,0BAA0B;IAClC,MAAM,EAAE,0BAA0B,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,YAAY,EAAE,GAAG,2BAA2B,EAAE;IAOxF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,2BAA2B,EAAE,GAClD,OAAO,CAAC,0BAA0B,CAAC;IAuCtC;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,0BAA0B,GAAG,0BAA0B,EAAE;IAkBtF;;OAEG;WACU,gBAAgB,CAC3B,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAKzC"}