npm - @mondaydotcomorg/monday-authorization - Versions diffs - 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-752f21a → 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-13ad8e0 - Mend

@mondaydotcomorg/monday-authorization 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-752f21a → 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-13ad8e0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/dist/authorization-service.d.ts.map +1 -1
package/dist/authorization-service.js +0 -9
package/dist/clients/graph-api.client.d.ts.map +1 -1
package/dist/clients/graph-api.client.js +1 -21
package/dist/clients/platform-api.client.d.ts.map +1 -1
package/dist/clients/platform-api.client.js +1 -24
package/dist/esm/authorization-service.d.ts.map +1 -1
package/dist/esm/authorization-service.mjs +0 -9
package/dist/esm/clients/graph-api.client.d.ts.map +1 -1
package/dist/esm/clients/graph-api.client.mjs +2 -22
package/dist/esm/clients/platform-api.client.d.ts.map +1 -1
package/dist/esm/clients/platform-api.client.mjs +2 -25
package/dist/esm/utils/authorization.utils.d.ts.map +1 -1
package/dist/esm/utils/authorization.utils.mjs +0 -12
package/dist/utils/authorization.utils.d.ts.map +1 -1
package/dist/utils/authorization.utils.js +0 -12
package/package.json +2 -7
package/DEBUG.md +0 -203
package/src/attributions-service.ts +0 -92
package/src/authorization-attributes-service.ts +0 -234
package/src/authorization-internal-service.ts +0 -129
package/src/authorization-middleware.ts +0 -51
package/src/authorization-service.ts +0 -384
package/src/clients/graph-api.client.ts +0 -164
package/src/clients/platform-api.client.ts +0 -151
package/src/constants/sns.ts +0 -5
package/src/constants.ts +0 -22
package/src/index.ts +0 -46
package/src/prometheus-service.ts +0 -147
package/src/roles-service.ts +0 -125
package/src/testKit/index.ts +0 -69
package/src/types/authorization-attributes-contracts.ts +0 -33
package/src/types/express.ts +0 -8
package/src/types/general.ts +0 -32
package/src/types/graph-api.types.ts +0 -19
package/src/types/roles.ts +0 -42
package/src/types/scoped-actions-contracts.ts +0 -48
package/src/utils/authorization.utils.ts +0 -66

package/src/authorization-middleware.ts DELETED Viewed

@@ -1,51 +0,0 @@
-import onHeaders from 'on-headers';
-import { AuthorizationInternalService } from './authorization-internal-service';
-import { AuthorizationService, createAuthorizationParams } from './authorization-service';
-import { Action, BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
-import type { NextFunction } from 'express';
-// getAuthorizationMiddleware is duplicated in testKit/index.ts
-// If you are making changes to this function, please make sure to update the other file as well
-export function getAuthorizationMiddleware(
-  action: Action,
-  resourceGetter: ResourceGetter,
-  contextGetter?: ContextGetter
-) {
-  return async function authorizationMiddleware(
-    request: BaseRequest,
-    response: BaseResponse,
-    next: NextFunction
-  ): Promise<void> {
-    contextGetter ||= defaultContextGetter;
-    const { userId, accountId } = contextGetter(request);
-    const resources = resourceGetter(request);
-    const { authorizationObjects } = createAuthorizationParams(resources, action);
-    const { isAuthorized } = await AuthorizationService.isAuthorized(accountId, userId, authorizationObjects);
-    AuthorizationInternalService.markAuthorized(request);
-    if (!isAuthorized) {
-      response.status(403).json({ message: 'Access denied' });
-      return;
-    }
-    next();
-  };
-}
-export function skipAuthorizationMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void {
-  AuthorizationInternalService.skipAuthorization(request);
-  next();
-}
-export function authorizationCheckMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void {
-  if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-    onHeaders(response, function () {
-      if (response.statusCode < 400) {
-        AuthorizationInternalService.failIfNotCoveredByAuthorization(request);
-      }
-    });
-  }
-  next();
-}
-export function defaultContextGetter(request: BaseRequest): Context {
-  return request.payload;
-}

package/src/authorization-service.ts DELETED Viewed

@@ -1,384 +0,0 @@
-import { performance } from 'perf_hooks';
-import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { getIgniteClient, IgniteClient } from '@mondaydotcomorg/ignite-sdk';
-import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
-import { sendAuthorizationCheckResponseTimeMetric, incrementAuthorizationSuccess } from './prometheus-service';
-import {
-  ScopedAction,
-  ScopedActionPermit,
-  ScopedActionResponseObject,
-  ScopeOptions,
-} from './types/scoped-actions-contracts';
-import { AuthorizationInternalService, logger } from './authorization-internal-service';
-import { getAttributionsFromApi, getProfile, PlatformProfile } from './attributions-service';
-import { GraphApiClient } from './clients/graph-api.client';
-import { PlatformApiClient } from './clients/platform-api.client';
-import { scopeToResource } from './utils/authorization.utils';
-const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
-const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
-const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
-const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
-const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
-const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
-export interface AuthorizeResponse {
-  isAuthorized: boolean;
-  unauthorizedIds?: number[];
-  unauthorizedObjects?: AuthorizationObject[];
-}
-export function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions) {
-  AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
-}
-interface IsAuthorizedResponse {
-  result: boolean[];
-}
-export class AuthorizationService {
-  static redisClient?;
-  static grantedFeatureRedisExpirationInSeconds?: number;
-  static igniteClient?: IgniteClient;
-  /**
-   * @deprecated use the second form with authorizationRequestObjects instead,
-   * support of this function will be dropped gradually
-   */
-  static async isAuthorized(
-    accountId: number,
-    userId: number,
-    resources: Resource[],
-    action: Action
-  ): Promise<AuthorizeResponse>;
-  static async isAuthorized(
-    accountId: number,
-    userId: number,
-    authorizationRequestObjects: AuthorizationObject[]
-  ): Promise<AuthorizeResponse>;
-  static async isAuthorized(...args: any[]) {
-    if (args.length === 3) {
-      return this.isAuthorizedMultiple(args[0], args[1], args[2]);
-    } else if (args.length == 4) {
-      return this.isAuthorizedSingular(args[0], args[1], args[2], args[3]);
-    } else {
-      throw new Error('isAuthorized accepts either 3 or 4 arguments');
-    }
-  }
-  /**
-   * @deprecated - Please use Ignite instead: https://github.com/DaPulse/ignite-monorepo/blob/master/packages/ignite-sdk/README.md
-   * @sunsetDate 2024-12-31
-   */
-  static async isUserGrantedWithFeature(
-    accountId: number,
-    userId: number,
-    featureName: string,
-    options: { shouldSkipCache?: boolean } = {}
-  ): Promise<boolean> {
-    const cachedKey = this.getCachedKeyName(userId, featureName);
-    const shouldSkipCache = options.shouldSkipCache ?? false;
-    if (this.redisClient && !shouldSkipCache) {
-      const grantedFeatureValue = await this.redisClient.get(cachedKey);
-      if (!(grantedFeatureValue === undefined || grantedFeatureValue === null)) {
-        // redis returns the value as string
-        return grantedFeatureValue === 'true';
-      }
-    }
-    const grantedFeatureValue = await this.fetchIsUserGrantedWithFeature(featureName, accountId, userId);
-    if (this.redisClient) {
-      await this.redisClient.set(cachedKey, grantedFeatureValue, 'EX', this.grantedFeatureRedisExpirationInSeconds);
-    }
-    return grantedFeatureValue;
-  }
-  private static async fetchIsUserGrantedWithFeature(
-    featureName: string,
-    accountId: number,
-    userId: number
-  ): Promise<boolean> {
-    const authorizationObject: AuthorizationObject = {
-      action: featureName,
-      resource_type: 'feature',
-    };
-    const authorizeResponsePromise = await this.isAuthorized(accountId, userId, [authorizationObject]);
-    return authorizeResponsePromise.isAuthorized;
-  }
-  private static getCachedKeyName(userId: number, featureName: string): string {
-    return `granted-feature-${featureName}-${userId}`;
-  }
-  static async canActionInScope(
-    accountId: number,
-    userId: number,
-    action: string,
-    scope: ScopeOptions
-  ): Promise<ScopedActionPermit> {
-    const scopedActions = [{ action, scope }];
-    const scopedActionResponseObjects = await this.canActionInScopeMultiple(accountId, userId, scopedActions);
-    return scopedActionResponseObjects[0].permit;
-  }
-  private static getProfile(accountId: number, userId: number): PlatformProfile {
-    const appName: string = process.env.APP_NAME ?? 'INVALID_APP_NAME';
-    if (!this.igniteClient) {
-      logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
-      throw new Error('AuthorizationService: igniteClient is not set, failing request');
-    }
-    if (
-      this.igniteClient.configuration.getObjectValue<string[]>(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)
-    ) {
-      return getProfile();
-    }
-    if (
-      this.igniteClient.configuration
-        .getObjectValue<string[]>(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
-        .includes(appName) &&
-      this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })
-    ) {
-      return getProfile();
-    }
-    return PlatformProfile.INTERNAL;
-  }
-  static async canActionInScopeMultiple(
-    accountId: number,
-    userId: number,
-    scopedActions: ScopedAction[]
-  ): Promise<ScopedActionResponseObject[]> {
-    logger.debug(
-      { tag: 'authorization-service', accountId, userId, scopedActionsCount: scopedActions.length },
-      'canActionInScopeMultiple called'
-    );
-    const shouldNavigateToGraph = Boolean(
-      this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId })
-    );
-    logger.debug(
-      { tag: 'authorization-service', accountId, userId, shouldNavigateToGraph },
-      `Graph API routing feature flag: ${shouldNavigateToGraph ? 'ENABLED' : 'DISABLED'}`
-    );
-    const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-    const startTime = performance.now();
-    let scopedActionResponseObjects: ScopedActionResponseObject[];
-    let usedGraphApi = false;
-    if (shouldNavigateToGraph) {
-      logger.debug({ tag: 'authorization-service', accountId, userId }, 'Attempting Graph API authorization');
-      try {
-        scopedActionResponseObjects = await GraphApiClient.checkPermissions(internalAuthToken, scopedActions);
-        usedGraphApi = true;
-        logger.debug(
-          { tag: 'authorization-service', accountId, userId, resultCount: scopedActionResponseObjects.length },
-          'Graph API authorization successful'
-        );
-      } catch (error) {
-        // Fallback to Platform API if Graph API fails
-        logger.warn(
-          {
-            tag: 'authorization-service',
-            error: error instanceof Error ? error.message : String(error),
-            accountId,
-            userId,
-          },
-          'Graph API authorization failed, falling back to Platform API'
-        );
-        logger.debug({ tag: 'authorization-service', accountId, userId }, 'Starting Platform API fallback');
-        const profile = this.getProfile(accountId, userId);
-        logger.debug(
-          { tag: 'authorization-service', accountId, userId, profile },
-          'Retrieved Platform API profile for fallback'
-        );
-        scopedActionResponseObjects = await PlatformApiClient.checkPermissions(
-          profile,
-          internalAuthToken,
-          userId,
-          scopedActions
-        );
-        usedGraphApi = false;
-        logger.debug(
-          { tag: 'authorization-service', accountId, userId, resultCount: scopedActionResponseObjects.length },
-          'Platform API fallback successful'
-        );
-      }
-    } else {
-      logger.debug(
-        { tag: 'authorization-service', accountId, userId },
-        'Using Platform API directly (Graph API FF disabled)'
-      );
-      const profile = this.getProfile(accountId, userId);
-      logger.debug({ tag: 'authorization-service', accountId, userId, profile }, 'Retrieved Platform API profile');
-      scopedActionResponseObjects = await PlatformApiClient.checkPermissions(
-        profile,
-        internalAuthToken,
-        userId,
-        scopedActions
-      );
-      usedGraphApi = false;
-    }
-    const endTime = performance.now();
-    const time = endTime - startTime;
-    const apiType = usedGraphApi ? 'graph' : 'platform';
-    // Record metrics for each authorization check
-    for (const obj of scopedActionResponseObjects) {
-      const { action, scope } = obj.scopedAction;
-      const { resourceType } = scopeToResource(scope);
-      const isAuthorized = obj.permit.can;
-      sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time, apiType);
-      if (obj.permit.can) {
-        incrementAuthorizationSuccess(resourceType, action);
-      }
-    }
-    return scopedActionResponseObjects;
-  }
-  private static async isAuthorizedSingular(
-    accountId: number,
-    userId: number,
-    resources: Resource[],
-    action: Action
-  ): Promise<AuthorizeResponse> {
-    const { authorizationObjects } = createAuthorizationParams(resources, action);
-    return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
-  }
-  private static async isAuthorizedMultiple(
-    accountId: number,
-    userId: number,
-    authorizationRequestObjects: AuthorizationObject[]
-  ): Promise<AuthorizeResponse> {
-    const profile = this.getProfile(accountId, userId);
-    const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-    const startTime = performance.now();
-    const attributionHeaders = getAttributionsFromApi();
-    const httpClient = Api.getPart('httpClient');
-    let response: IsAuthorizedResponse | undefined;
-    try {
-      response = await httpClient!.fetch<IsAuthorizedResponse>(
-        {
-          url: {
-            appName: 'platform',
-            path: PLATFORM_AUTHORIZE_PATH,
-            profile,
-          },
-          method: 'POST',
-          headers: {
-            Authorization: internalAuthToken,
-            'Content-Type': 'application/json',
-            ...attributionHeaders,
-          },
-          body: JSON.stringify({
-            user_id: userId,
-            authorize_request_objects: authorizationRequestObjects,
-          }),
-        },
-        {
-          timeout: AuthorizationInternalService.getRequestTimeout(),
-          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
-        }
-      );
-    } catch (err) {
-      if (err instanceof HttpFetcherError) {
-        AuthorizationInternalService.throwOnHttpError((err as HttpFetcherError).status, 'isAuthorizedMultiple');
-      } else {
-        throw err;
-      }
-    }
-    const endTime = performance.now();
-    const time = endTime - startTime;
-    const unauthorizedObjects: AuthorizationObject[] = [];
-    if (!response) {
-      logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
-      throw new Error('AuthorizationService: missing response');
-    }
-    response.result.forEach(function (isAuthorized, index) {
-      const authorizationObject = authorizationRequestObjects[index];
-      if (!isAuthorized) {
-        unauthorizedObjects.push(authorizationObject);
-      }
-      sendAuthorizationCheckResponseTimeMetric(
-        authorizationObject.resource_type,
-        authorizationObject.action,
-        isAuthorized,
-        200,
-        time,
-        'platform'
-      );
-    });
-    if (unauthorizedObjects.length > 0) {
-      logger.info(
-        {
-          resources: JSON.stringify(unauthorizedObjects),
-        },
-        'AuthorizationService: resource is unauthorized'
-      );
-      const unauthorizedIds = unauthorizedObjects
-        .filter(obj => !!obj.resource_id)
-        .map(obj => obj.resource_id) as number[];
-      return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
-    }
-    return { isAuthorized: true };
-  }
-}
-export function setRedisClient(
-  client,
-  grantedFeatureRedisExpirationInSeconds: number = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS
-) {
-  AuthorizationService.redisClient = client;
-  if (grantedFeatureRedisExpirationInSeconds && grantedFeatureRedisExpirationInSeconds > 0) {
-    AuthorizationService.grantedFeatureRedisExpirationInSeconds = grantedFeatureRedisExpirationInSeconds;
-  } else {
-    logger.warn(
-      { grantedFeatureRedisExpirationInSeconds },
-      'Invalid input for grantedFeatureRedisExpirationInSeconds, must be positive number. using default ttl.'
-    );
-    AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
-  }
-}
-export async function setIgniteClient() {
-  const igniteClient = await getIgniteClient({
-    namespace: ['authorization-sdk'],
-  });
-  AuthorizationService.igniteClient = igniteClient;
-  AuthorizationInternalService.setIgniteClient(igniteClient);
-}
-export function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams {
-  const params = {
-    authorizationObjects: resources.map((resource: Resource) => {
-      const authorizationObject: AuthorizationObject = {
-        resource_id: resource.id,
-        resource_type: resource.type,
-        action,
-      };
-      if (resource.wrapperData) {
-        authorizationObject.wrapper_data = resource.wrapperData;
-      }
-      return authorizationObject;
-    }),
-  };
-  return params;
-}

package/src/clients/graph-api.client.ts DELETED Viewed

@@ -1,164 +0,0 @@
-import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { ScopedAction, ScopedActionResponseObject, ScopedActionPermit } from '../types/scoped-actions-contracts';
-import { AuthorizationInternalService, logger } from '../authorization-internal-service';
-import { getAttributionsFromApi } from '../attributions-service';
-import {
-  GraphIsAllowedDto,
-  GraphIsAllowedResponse,
-  ResourceType,
-  ResourceId,
-  ActionName,
-} from '../types/graph-api.types';
-import { scopeToResource } from '../utils/authorization.utils';
-import { incrementAuthorizationError, setGraphAvailability } from '../prometheus-service';
-const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
-/**
- * Client for handling Graph API authorization operations
- */
-export class GraphApiClient {
-  /**
-   * Builds the request body for Graph API calls
-   */
-  static buildRequestBody(scopedActions: ScopedAction[]): GraphIsAllowedDto {
-    const resourcesAccumulator: Record<ResourceType, Record<ResourceId, Set<ActionName>>> = {};
-    for (const { action, scope } of scopedActions) {
-      const { resourceType, resourceId } = scopeToResource(scope);
-      if (!resourcesAccumulator[resourceType]) {
-        resourcesAccumulator[resourceType] = {};
-      }
-      if (!resourcesAccumulator[resourceType][resourceId]) {
-        resourcesAccumulator[resourceType][resourceId] = new Set<ActionName>();
-      }
-      resourcesAccumulator[resourceType][resourceId].add(action);
-    }
-    const resourcesPayload: GraphIsAllowedDto = {};
-    for (const [resourceType, idMap] of Object.entries(resourcesAccumulator)) {
-      resourcesPayload[resourceType] = {};
-      for (const [idStr, actionsSet] of Object.entries(idMap)) {
-        const idNum = Number(idStr);
-        resourcesPayload[resourceType][idNum] = Array.from(actionsSet);
-      }
-    }
-    return resourcesPayload;
-  }
-  /**
-   * Fetches authorization data from the Graph API
-   */
-  static async fetchPermissions(
-    internalAuthToken: string,
-    scopedActions: ScopedAction[]
-  ): Promise<GraphIsAllowedResponse> {
-    const httpClient = Api.getPart('httpClient');
-    const attributionHeaders = getAttributionsFromApi();
-    const bodyPayload = this.buildRequestBody(scopedActions);
-    logger.debug(
-      {
-        tag: 'graph-api-client',
-        scopedActionsCount: scopedActions.length,
-        appName: 'authorization-graph',
-        path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
-        timeout: AuthorizationInternalService.getRequestTimeout(),
-        retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
-        bodyPayloadKeys: Object.keys(bodyPayload),
-      },
-      '🔍 Graph API Debug: Starting request'
-    );
-    try {
-      const response = await httpClient!.fetch<GraphIsAllowedResponse>(
-        {
-          url: {
-            appName: 'authorization-graph',
-            path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
-          },
-          method: 'POST',
-          headers: {
-            Authorization: internalAuthToken.substring(0, 20) + '...', // Mask token for security
-            'Content-Type': 'application/json',
-            ...attributionHeaders,
-          },
-          body: JSON.stringify(bodyPayload),
-        },
-        {
-          timeout: AuthorizationInternalService.getRequestTimeout(),
-          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
-        }
-      );
-      logger.debug(
-        {
-          tag: 'graph-api-client',
-          responseKeys: Object.keys(response),
-          scopedActionsCount: scopedActions.length,
-        },
-        '✅ Graph API Debug: Request successful'
-      );
-      setGraphAvailability(true);
-      return response;
-    } catch (err) {
-      logger.debug(
-        {
-          tag: 'graph-api-client',
-          error: err instanceof Error ? err.message : String(err),
-          status: err instanceof HttpFetcherError ? err.status : 'unknown',
-          scopedActionsCount: scopedActions.length,
-        },
-        '❌ Graph API Debug: Request failed'
-      );
-      setGraphAvailability(false);
-      if (err instanceof HttpFetcherError) {
-        AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
-        incrementAuthorizationError(
-          scopeToResource(scopedActions[0].scope).resourceType,
-          scopedActions[0].action,
-          err.status
-        );
-      }
-      throw err;
-    }
-  }
-  /**
-   * Maps Graph API response to the expected format
-   */
-  static mapResponse(
-    scopedActions: ScopedAction[],
-    graphResponse: GraphIsAllowedResponse
-  ): ScopedActionResponseObject[] {
-    const resources = graphResponse ?? {};
-    return scopedActions.map(scopedAction => {
-      const { action, scope } = scopedAction;
-      const { resourceType, resourceId } = scopeToResource(scope);
-      const permissionResult = resources?.[resourceType]?.[String(resourceId)]?.[action];
-      const permit: ScopedActionPermit = {
-        can: permissionResult?.can ?? false,
-        reason: { key: permissionResult?.reason ?? 'unknown' },
-        technicalReason: 0,
-      };
-      return { scopedAction, permit };
-    });
-  }
-  /**
-   * Performs a complete authorization check using the Graph API
-   */
-  static async checkPermissions(
-    internalAuthToken: string,
-    scopedActions: ScopedAction[]
-  ): Promise<ScopedActionResponseObject[]> {
-    const response = await this.fetchPermissions(internalAuthToken, scopedActions);
-    return this.mapResponse(scopedActions, response);
-  }
-}