@mondaydotcomorg/monday-authorization 3.5.0 → 3.5.1-fix-authorize-profile-picker-b5f77b0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/dist/authorization-service.d.ts.map +1 -1
  2. package/dist/authorization-service.js +34 -7
  3. package/dist/clients/graph-api.d.ts.map +1 -1
  4. package/dist/clients/graph-api.js +1 -0
  5. package/dist/constants.d.ts +3 -0
  6. package/dist/constants.d.ts.map +1 -1
  7. package/dist/constants.js +4 -0
  8. package/dist/esm/authorization-service.d.ts.map +1 -1
  9. package/dist/esm/authorization-service.mjs +34 -7
  10. package/dist/esm/clients/graph-api.d.ts.map +1 -1
  11. package/dist/esm/clients/graph-api.mjs +2 -1
  12. package/dist/esm/constants.d.ts +3 -0
  13. package/dist/esm/constants.d.ts.map +1 -1
  14. package/dist/esm/constants.mjs +5 -1
  15. package/package.json +1 -1
  16. package/src/authorization-service.ts +71 -11
  17. package/src/clients/graph-api.ts +2 -1
  18. package/src/constants.ts +4 -0
package/dist/authorization-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1
+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WA+DZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
package/dist/authorization-service.js CHANGED
@@ -96,15 +96,33 @@ class AuthorizationService {
96
96
  authorizationInternalService.logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
97
97
  throw new Error('AuthorizationService: igniteClient is not set, failing request');
98
98
  }
99
- if (this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)) {
100
- return attributionsService.getProfile();
99
+ const allowedProfiles = this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
100
+ const isAllowedProfile = allowedProfiles.includes(appName);
101
+ authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, appName, allowedProfiles, isAllowedProfile }, 'AuthorizationService.getProfile: checking allowed profiles');
102
+ if (isAllowedProfile) {
103
+ const profile = attributionsService.getProfile();
104
+ authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via allowed profiles');
105
+ return profile;
101
106
  }
102
- if (this.igniteClient.configuration
103
- .getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
104
- .includes(appName) &&
105
- this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
106
- return attributionsService.getProfile();
107
+ const inReleaseProfiles = this.igniteClient.configuration.getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
108
+ const isInReleaseProfile = inReleaseProfiles.includes(appName);
109
+ const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
110
+ authorizationInternalService.logger.debug({
111
+ tag: 'auth-debug',
112
+ accountId,
113
+ userId,
114
+ appName,
115
+ inReleaseProfiles,
116
+ isInReleaseProfile,
117
+ isFeatureFlagReleased,
118
+ featureFlag: PLATFORM_PROFILE_RELEASE_FF,
119
+ }, 'AuthorizationService.getProfile: checking feature flag release');
120
+ if (isInReleaseProfile && isFeatureFlagReleased) {
121
+ const profile = attributionsService.getProfile();
122
+ authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via feature flag release');
123
+ return profile;
107
124
  }
125
+ authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile: attributionsService.PlatformProfile.APP }, 'AuthorizationService.getProfile: selected default APP profile');
108
126
  return attributionsService.PlatformProfile.APP;
109
127
  }
110
128
  static async canActionInScopeMultiple(accountId, userId, scopedActions) {
@@ -112,15 +130,24 @@ class AuthorizationService {
112
130
  return [];
113
131
  }
114
132
  const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
133
+ authorizationInternalService.logger.debug({
134
+ tag: 'auth-debug',
135
+ accountId,
136
+ userId,
137
+ shouldNavigateToGraph,
138
+ featureFlag: NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF,
139
+ }, 'AuthorizationService.canActionInScopeMultiple: determining which API flow to use');
115
140
  const startTime = perf_hooks.performance.now();
116
141
  let scopedActionResponseObjects;
117
142
  let apiType;
118
143
  if (shouldNavigateToGraph) {
119
144
  apiType = 'graph';
145
+ authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using graph API flow');
120
146
  scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
121
147
  }
122
148
  else {
123
149
  apiType = 'platform';
150
+ authorizationInternalService.logger.debug({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using platform API flow');
124
151
  const profile = this.getProfile(accountId, userId);
125
152
  const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
126
153
  scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
package/dist/clients/graph-api.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1
+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
package/dist/clients/graph-api.js CHANGED
@@ -65,6 +65,7 @@ class GraphApi {
65
65
  url: {
66
66
  appName: constants.GRAPH_APP_NAME,
67
67
  path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
68
+ profile: constants.GraphApiProfile.PERMISSION,
68
69
  },
69
70
  method: 'POST',
70
71
  headers: {
package/dist/constants.d.ts CHANGED
@@ -2,6 +2,9 @@ import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
2
2
  import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
3
3
  export declare const APP_NAME = "authorization";
4
4
  export declare const GRAPH_APP_NAME = "authorization-graph";
5
+ export declare enum GraphApiProfile {
6
+ PERMISSION = "authorization-graph-permission"
7
+ }
5
8
  export declare const ERROR_MESSAGES: {
6
9
  readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
7
10
  readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;
package/dist/constants.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,oBAAY,eAAe;IACzB,UAAU,mCAAmC;CAC9C;AAED,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
package/dist/constants.js CHANGED
@@ -2,6 +2,10 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
2
2
 
3
3
  const APP_NAME = 'authorization';
4
4
  const GRAPH_APP_NAME = 'authorization-graph';
5
+ exports.GraphApiProfile = void 0;
6
+ (function (GraphApiProfile) {
7
+ GraphApiProfile["PERMISSION"] = "authorization-graph-permission";
8
+ })(exports.GraphApiProfile || (exports.GraphApiProfile = {}));
5
9
  const ERROR_MESSAGES = {
6
10
  HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
7
11
  REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
package/dist/esm/authorization-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1
+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WA+DZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
package/dist/esm/authorization-service.mjs CHANGED
@@ -94,15 +94,33 @@ class AuthorizationService {
94
94
  logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
95
95
  throw new Error('AuthorizationService: igniteClient is not set, failing request');
96
96
  }
97
- if (this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)) {
98
- return getProfile();
97
+ const allowedProfiles = this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
98
+ const isAllowedProfile = allowedProfiles.includes(appName);
99
+ logger.debug({ tag: 'auth-debug', accountId, userId, appName, allowedProfiles, isAllowedProfile }, 'AuthorizationService.getProfile: checking allowed profiles');
100
+ if (isAllowedProfile) {
101
+ const profile = getProfile();
102
+ logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via allowed profiles');
103
+ return profile;
99
104
  }
100
- if (this.igniteClient.configuration
101
- .getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
102
- .includes(appName) &&
103
- this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
104
- return getProfile();
105
+ const inReleaseProfiles = this.igniteClient.configuration.getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
106
+ const isInReleaseProfile = inReleaseProfiles.includes(appName);
107
+ const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
108
+ logger.debug({
109
+ tag: 'auth-debug',
110
+ accountId,
111
+ userId,
112
+ appName,
113
+ inReleaseProfiles,
114
+ isInReleaseProfile,
115
+ isFeatureFlagReleased,
116
+ featureFlag: PLATFORM_PROFILE_RELEASE_FF,
117
+ }, 'AuthorizationService.getProfile: checking feature flag release');
118
+ if (isInReleaseProfile && isFeatureFlagReleased) {
119
+ const profile = getProfile();
120
+ logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via feature flag release');
121
+ return profile;
105
122
  }
123
+ logger.debug({ tag: 'auth-debug', accountId, userId, appName, profile: PlatformProfile.APP }, 'AuthorizationService.getProfile: selected default APP profile');
106
124
  return PlatformProfile.APP;
107
125
  }
108
126
  static async canActionInScopeMultiple(accountId, userId, scopedActions) {
@@ -110,15 +128,24 @@ class AuthorizationService {
110
128
  return [];
111
129
  }
112
130
  const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
131
+ logger.debug({
132
+ tag: 'auth-debug',
133
+ accountId,
134
+ userId,
135
+ shouldNavigateToGraph,
136
+ featureFlag: NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF,
137
+ }, 'AuthorizationService.canActionInScopeMultiple: determining which API flow to use');
113
138
  const startTime = performance.now();
114
139
  let scopedActionResponseObjects;
115
140
  let apiType;
116
141
  if (shouldNavigateToGraph) {
117
142
  apiType = 'graph';
143
+ logger.debug({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using graph API flow');
118
144
  scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
119
145
  }
120
146
  else {
121
147
  apiType = 'platform';
148
+ logger.debug({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using platform API flow');
122
149
  const profile = this.getProfile(accountId, userId);
123
150
  const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
124
151
  scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
package/dist/esm/clients/graph-api.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1
+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
package/dist/esm/clients/graph-api.mjs CHANGED
@@ -4,7 +4,7 @@ import { PermitTechnicalReason } from '../types/scoped-actions-contracts.mjs';
4
4
  import { AuthorizationInternalService } from '../authorization-internal-service.mjs';
5
5
  import { getAttributionsFromApi } from '../attributions-service.mjs';
6
6
  import { scopeToResource } from '../utils/authorization.utils.mjs';
7
- import { GRAPH_APP_NAME } from '../constants.mjs';
7
+ import { GRAPH_APP_NAME, GraphApiProfile } from '../constants.mjs';
8
8
  import { handleApiError } from '../utils/api-error-handler.mjs';
9
9
 
10
10
  const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
@@ -63,6 +63,7 @@ class GraphApi {
63
63
  url: {
64
64
  appName: GRAPH_APP_NAME,
65
65
  path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
66
+ profile: GraphApiProfile.PERMISSION,
66
67
  },
67
68
  method: 'POST',
68
69
  headers: {
package/dist/esm/constants.d.ts CHANGED
@@ -2,6 +2,9 @@ import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
2
2
  import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
3
3
  export declare const APP_NAME = "authorization";
4
4
  export declare const GRAPH_APP_NAME = "authorization-graph";
5
+ export declare enum GraphApiProfile {
6
+ PERMISSION = "authorization-graph-permission"
7
+ }
5
8
  export declare const ERROR_MESSAGES: {
6
9
  readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
7
10
  readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;
package/dist/esm/constants.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,oBAAY,eAAe;IACzB,UAAU,mCAAmC;CAC9C;AAED,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
package/dist/esm/constants.mjs CHANGED
@@ -1,5 +1,9 @@
1
1
  const APP_NAME = 'authorization';
2
2
  const GRAPH_APP_NAME = 'authorization-graph';
3
+ var GraphApiProfile;
4
+ (function (GraphApiProfile) {
5
+ GraphApiProfile["PERMISSION"] = "authorization-graph-permission";
6
+ })(GraphApiProfile || (GraphApiProfile = {}));
3
7
  const ERROR_MESSAGES = {
4
8
  HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
5
9
  REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
@@ -16,4 +20,4 @@ const DEFAULT_FETCH_OPTIONS = {
16
20
  },
17
21
  };
18
22
 
19
- export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES, GRAPH_APP_NAME };
23
+ export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES, GRAPH_APP_NAME, GraphApiProfile };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mondaydotcomorg/monday-authorization",
3
- "version": "3.5.0",
3
+ "version": "3.5.1-fix-authorize-profile-picker-b5f77b0",
4
4
  "main": "dist/index.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "license": "BSD-3-Clause",
package/src/authorization-service.ts CHANGED
@@ -155,19 +155,60 @@ export class AuthorizationService {
155
155
  logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
156
156
  throw new Error('AuthorizationService: igniteClient is not set, failing request');
157
157
  }
158
- if (
159
- this.igniteClient.configuration.getObjectValue<string[]>(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)
160
- ) {
161
- return getProfile();
158
+
159
+ const allowedProfiles = this.igniteClient.configuration.getObjectValue<string[]>(
160
+ ALLOWED_SDK_PLATFORM_PROFILES_KEY,
161
+ []
162
+ );
163
+ const isAllowedProfile = allowedProfiles.includes(appName);
164
+ logger.debug(
165
+ { tag: 'auth-debug', accountId, userId, appName, allowedProfiles, isAllowedProfile },
166
+ 'AuthorizationService.getProfile: checking allowed profiles'
167
+ );
168
+
169
+ if (isAllowedProfile) {
170
+ const profile = getProfile();
171
+ logger.debug(
172
+ { tag: 'auth-debug', accountId, userId, appName, profile },
173
+ 'AuthorizationService.getProfile: selected profile via allowed profiles'
174
+ );
175
+ return profile;
162
176
  }
163
- if (
164
- this.igniteClient.configuration
165
- .getObjectValue<string[]>(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
166
- .includes(appName) &&
167
- this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })
168
- ) {
169
- return getProfile();
177
+
178
+ const inReleaseProfiles = this.igniteClient.configuration.getObjectValue<string[]>(
179
+ IN_RELEASE_SDK_PLATFORM_PROFILES_KEY,
180
+ []
181
+ );
182
+ const isInReleaseProfile = inReleaseProfiles.includes(appName);
183
+ const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
184
+
185
+ logger.debug(
186
+ {
187
+ tag: 'auth-debug',
188
+ accountId,
189
+ userId,
190
+ appName,
191
+ inReleaseProfiles,
192
+ isInReleaseProfile,
193
+ isFeatureFlagReleased,
194
+ featureFlag: PLATFORM_PROFILE_RELEASE_FF,
195
+ },
196
+ 'AuthorizationService.getProfile: checking feature flag release'
197
+ );
198
+
199
+ if (isInReleaseProfile && isFeatureFlagReleased) {
200
+ const profile = getProfile();
201
+ logger.debug(
202
+ { tag: 'auth-debug', accountId, userId, appName, profile },
203
+ 'AuthorizationService.getProfile: selected profile via feature flag release'
204
+ );
205
+ return profile;
170
206
  }
207
+
208
+ logger.debug(
209
+ { tag: 'auth-debug', accountId, userId, appName, profile: PlatformProfile.APP },
210
+ 'AuthorizationService.getProfile: selected default APP profile'
211
+ );
171
212
  return PlatformProfile.APP;
172
213
  }
173
214
 
@@ -184,15 +225,34 @@ export class AuthorizationService {
184
225
  this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId })
185
226
  );
186
227
 
228
+ logger.debug(
229
+ {
230
+ tag: 'auth-debug',
231
+ accountId,
232
+ userId,
233
+ shouldNavigateToGraph,
234
+ featureFlag: NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF,
235
+ },
236
+ 'AuthorizationService.canActionInScopeMultiple: determining which API flow to use'
237
+ );
238
+
187
239
  const startTime = performance.now();
188
240
  let scopedActionResponseObjects: ScopedActionResponseObject[];
189
241
  let apiType: 'graph' | 'platform';
190
242
 
191
243
  if (shouldNavigateToGraph) {
192
244
  apiType = 'graph';
245
+ logger.debug(
246
+ { tag: 'auth-debug', accountId, userId, apiType },
247
+ 'AuthorizationService.canActionInScopeMultiple: using graph API flow'
248
+ );
193
249
  scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
194
250
  } else {
195
251
  apiType = 'platform';
252
+ logger.debug(
253
+ { tag: 'auth-debug', accountId, userId, apiType },
254
+ 'AuthorizationService.canActionInScopeMultiple: using platform API flow'
255
+ );
196
256
  const profile = this.getProfile(accountId, userId);
197
257
  const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
198
258
 
package/src/clients/graph-api.ts CHANGED
@@ -18,7 +18,7 @@ import {
18
18
  GraphPermissionReason,
19
19
  } from '../types/graph-api.types';
20
20
  import { scopeToResource } from '../utils/authorization.utils';
21
- import { GRAPH_APP_NAME } from '../constants';
21
+ import { GRAPH_APP_NAME, GraphApiProfile } from '../constants';
22
22
  import { handleApiError } from '../utils/api-error-handler';
23
23
 
24
24
  const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
@@ -85,6 +85,7 @@ export class GraphApi {
85
85
  url: {
86
86
  appName: GRAPH_APP_NAME,
87
87
  path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
88
+ profile: GraphApiProfile.PERMISSION,
88
89
  },
89
90
  method: 'POST',
90
91
  headers: {
package/src/constants.ts CHANGED
@@ -4,6 +4,10 @@ import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
4
4
  export const APP_NAME = 'authorization';
5
5
  export const GRAPH_APP_NAME = 'authorization-graph';
6
6
 
7
+ export enum GraphApiProfile {
8
+ PERMISSION = 'authorization-graph-permission',
9
+ }
10
+
7
11
  export const ERROR_MESSAGES = {
8
12
  HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
9
13
  REQUEST_FAILED: (method: string, status: number, reason: string) =>