@mondaydotcomorg/monday-authorization 3.5.1-debug-getprofile-not-resolving-to-internal-9f5fe0f → 3.5.1-debug-getprofile-not-resolving-to-internal-ba14ff5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/authorization-service.d.ts.map +1 -1
  2. package/dist/authorization-service.js +41 -22
  3. package/dist/esm/authorization-service.d.ts.map +1 -1
  4. package/dist/esm/authorization-service.mjs +41 -22
  5. package/package.json +1 -1
  6. package/src/authorization-service.ts +61 -28
package/dist/authorization-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WA4CZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1
+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAiFnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
package/dist/authorization-service.js CHANGED
@@ -17,7 +17,6 @@ const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
17
17
  const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
18
18
  const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
19
19
  const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
20
- const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
21
20
  function setRequestFetchOptions(customMondayFetchOptions) {
22
21
  authorizationInternalService.AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
23
22
  }
@@ -111,21 +110,17 @@ class AuthorizationService {
111
110
  accountId,
112
111
  userId,
113
112
  };
114
- console.log('[AuthorizationService.getProfile] Debug info:', debugInfo);
115
113
  authorizationInternalService.logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
116
114
  if (isInAllowedApps) {
117
115
  const profile = attributionsService.getProfile();
118
- console.log('[AuthorizationService.getProfile] Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY:', profile);
119
116
  authorizationInternalService.logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
120
117
  return profile;
121
118
  }
122
119
  if (isInReleaseApps && isFeatureFlagReleased) {
123
120
  const profile = attributionsService.getProfile();
124
- console.log('[AuthorizationService.getProfile] Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY:', profile);
125
121
  authorizationInternalService.logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
126
122
  return profile;
127
123
  }
128
- console.log('[AuthorizationService.getProfile] Returning default PlatformProfile.APP');
129
124
  authorizationInternalService.logger.info({ tag: 'authorization-service', profile: attributionsService.PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
130
125
  return attributionsService.PlatformProfile.APP;
131
126
  }
@@ -133,31 +128,55 @@ class AuthorizationService {
133
128
  if (scopedActions.length === 0) {
134
129
  return [];
135
130
  }
136
- const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
137
131
  const startTime = perf_hooks.performance.now();
138
- let scopedActionResponseObjects;
139
- let apiType;
140
- if (shouldNavigateToGraph) {
141
- apiType = 'graph';
142
- scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
143
- }
144
- else {
145
- apiType = 'platform';
146
- const profile = this.getProfile(accountId, userId);
147
- const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
148
- scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
149
- }
132
+ // Always call both APIs for comparison
133
+ const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
134
+ const profile = this.getProfile(accountId, userId);
135
+ const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
136
+ const platformApiPromise = this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
137
+ const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
150
138
  const endTime = perf_hooks.performance.now();
151
139
  const time = endTime - startTime;
152
- // Record metrics for each authorization check
153
- for (const obj of scopedActionResponseObjects) {
140
+ // Compare responses and log differences
141
+ const differences = [];
142
+ for (let i = 0; i < scopedActions.length; i++) {
143
+ const graphResult = graphApiResponse[i];
144
+ const platformResult = platformApiResponse[i];
145
+ const graphCan = graphResult?.permit?.can;
146
+ const platformCan = platformResult?.permit?.can;
147
+ if (graphCan !== platformCan) {
148
+ differences.push({
149
+ action: scopedActions[i].action,
150
+ scope: scopedActions[i].scope,
151
+ graphResult: graphResult?.permit,
152
+ platformResult: platformResult?.permit,
153
+ });
154
+ }
155
+ }
156
+ const isSame = differences.length === 0;
157
+ authorizationInternalService.logger.info({
158
+ tag: 'authorization-service-api-comparison',
159
+ accountId,
160
+ userId,
161
+ profile,
162
+ scopedActionsCount: scopedActions.length,
163
+ isSame,
164
+ differencesCount: differences.length,
165
+ differences: differences.length > 0 ? differences : undefined,
166
+ graphApiResponse,
167
+ platformApiResponse,
168
+ timeMs: time,
169
+ }, `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`);
170
+ // Record metrics for each authorization check (using platform response)
171
+ for (const obj of platformApiResponse) {
154
172
  const { action, scope } = obj.scopedAction;
155
173
  const { resourceType } = utils_authorization_utils.scopeToResource(scope);
156
174
  const isAuthorized = obj.permit.can;
157
175
  prometheusService.sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
158
- metricsService.recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
176
+ metricsService.recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
159
177
  }
160
- return scopedActionResponseObjects;
178
+ // Return platform API response
179
+ return platformApiResponse;
161
180
  }
162
181
  static async isAuthorizedSingular(accountId, userId, resources, action) {
163
182
  const { authorizationObjects } = createAuthorizationParams(resources, action);
package/dist/esm/authorization-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WA4CZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1
+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAiFnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
package/dist/esm/authorization-service.mjs CHANGED
@@ -15,7 +15,6 @@ const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
15
15
  const ALLOWED_SDK_PLATFORM_PROFILES_KEY = 'allowed-sdk-platform-profiles';
16
16
  const IN_RELEASE_SDK_PLATFORM_PROFILES_KEY = 'in-release-sdk-platform-profile';
17
17
  const PLATFORM_PROFILE_RELEASE_FF = 'sdk-platform-profiles';
18
- const NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF = 'navigate-can-action-in-scope-to-graph';
19
18
  function setRequestFetchOptions(customMondayFetchOptions) {
20
19
  AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
21
20
  }
@@ -109,21 +108,17 @@ class AuthorizationService {
109
108
  accountId,
110
109
  userId,
111
110
  };
112
- console.log('[AuthorizationService.getProfile] Debug info:', debugInfo);
113
111
  logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
114
112
  if (isInAllowedApps) {
115
113
  const profile = getProfile();
116
- console.log('[AuthorizationService.getProfile] Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY:', profile);
117
114
  logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
118
115
  return profile;
119
116
  }
120
117
  if (isInReleaseApps && isFeatureFlagReleased) {
121
118
  const profile = getProfile();
122
- console.log('[AuthorizationService.getProfile] Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY:', profile);
123
119
  logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
124
120
  return profile;
125
121
  }
126
- console.log('[AuthorizationService.getProfile] Returning default PlatformProfile.APP');
127
122
  logger.info({ tag: 'authorization-service', profile: PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
128
123
  return PlatformProfile.APP;
129
124
  }
@@ -131,31 +126,55 @@ class AuthorizationService {
131
126
  if (scopedActions.length === 0) {
132
127
  return [];
133
128
  }
134
- const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
135
129
  const startTime = performance.now();
136
- let scopedActionResponseObjects;
137
- let apiType;
138
- if (shouldNavigateToGraph) {
139
- apiType = 'graph';
140
- scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
141
- }
142
- else {
143
- apiType = 'platform';
144
- const profile = this.getProfile(accountId, userId);
145
- const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
146
- scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
147
- }
130
+ // Always call both APIs for comparison
131
+ const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
132
+ const profile = this.getProfile(accountId, userId);
133
+ const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
134
+ const platformApiPromise = this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
135
+ const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
148
136
  const endTime = performance.now();
149
137
  const time = endTime - startTime;
150
- // Record metrics for each authorization check
151
- for (const obj of scopedActionResponseObjects) {
138
+ // Compare responses and log differences
139
+ const differences = [];
140
+ for (let i = 0; i < scopedActions.length; i++) {
141
+ const graphResult = graphApiResponse[i];
142
+ const platformResult = platformApiResponse[i];
143
+ const graphCan = graphResult?.permit?.can;
144
+ const platformCan = platformResult?.permit?.can;
145
+ if (graphCan !== platformCan) {
146
+ differences.push({
147
+ action: scopedActions[i].action,
148
+ scope: scopedActions[i].scope,
149
+ graphResult: graphResult?.permit,
150
+ platformResult: platformResult?.permit,
151
+ });
152
+ }
153
+ }
154
+ const isSame = differences.length === 0;
155
+ logger.info({
156
+ tag: 'authorization-service-api-comparison',
157
+ accountId,
158
+ userId,
159
+ profile,
160
+ scopedActionsCount: scopedActions.length,
161
+ isSame,
162
+ differencesCount: differences.length,
163
+ differences: differences.length > 0 ? differences : undefined,
164
+ graphApiResponse,
165
+ platformApiResponse,
166
+ timeMs: time,
167
+ }, `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`);
168
+ // Record metrics for each authorization check (using platform response)
169
+ for (const obj of platformApiResponse) {
152
170
  const { action, scope } = obj.scopedAction;
153
171
  const { resourceType } = scopeToResource(scope);
154
172
  const isAuthorized = obj.permit.can;
155
173
  sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
156
- recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
174
+ recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
157
175
  }
158
- return scopedActionResponseObjects;
176
+ // Return platform API response
177
+ return platformApiResponse;
159
178
  }
160
179
  static async isAuthorizedSingular(accountId, userId, resources, action) {
161
180
  const { authorizationObjects } = createAuthorizationParams(resources, action);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mondaydotcomorg/monday-authorization",
3
- "version": "3.5.1-debug-getprofile-not-resolving-to-internal-9f5fe0f",
3
+ "version": "3.5.1-debug-getprofile-not-resolving-to-internal-ba14ff5",
4
4
  "main": "dist/index.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "license": "BSD-3-Clause",
package/src/authorization-service.ts CHANGED
@@ -173,22 +173,18 @@ export class AuthorizationService {
173
173
  userId,
174
174
  };
175
175
 
176
- console.log('[AuthorizationService.getProfile] Debug info:', debugInfo);
177
176
  logger.info({ tag: 'authorization-service', ...debugInfo }, 'AuthorizationService.getProfile debug info');
178
177
 
179
178
  if (isInAllowedApps) {
180
179
  const profile = getProfile();
181
- console.log('[AuthorizationService.getProfile] Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY:', profile);
182
180
  logger.info({ tag: 'authorization-service', profile }, 'Returning profile from ALLOWED_SDK_PLATFORM_PROFILES_KEY');
183
181
  return profile;
184
182
  }
185
183
  if (isInReleaseApps && isFeatureFlagReleased) {
186
184
  const profile = getProfile();
187
- console.log('[AuthorizationService.getProfile] Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY:', profile);
188
185
  logger.info({ tag: 'authorization-service', profile }, 'Returning profile from IN_RELEASE_SDK_PLATFORM_PROFILES_KEY');
189
186
  return profile;
190
187
  }
191
- console.log('[AuthorizationService.getProfile] Returning default PlatformProfile.APP');
192
188
  logger.info({ tag: 'authorization-service', profile: PlatformProfile.APP }, 'Returning default PlatformProfile.APP');
193
189
  return PlatformProfile.APP;
194
190
  }
@@ -202,43 +198,80 @@ export class AuthorizationService {
202
198
  return [];
203
199
  }
204
200
 
205
- const shouldNavigateToGraph = Boolean(
206
- this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId })
207
- );
208
-
209
201
  const startTime = performance.now();
210
- let scopedActionResponseObjects: ScopedActionResponseObject[];
211
- let apiType: 'graph' | 'platform';
212
202
 
213
- if (shouldNavigateToGraph) {
214
- apiType = 'graph';
215
- scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
216
- } else {
217
- apiType = 'platform';
218
- const profile = this.getProfile(accountId, userId);
219
- const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
203
+ // Always call both APIs for comparison
204
+ const graphApiPromise = this.graphApi.checkPermissions(accountId, userId, scopedActions);
220
205
 
221
- scopedActionResponseObjects = await this.platformApi.checkPermissions(
222
- profile,
223
- internalAuthToken,
224
- userId,
225
- scopedActions
226
- );
227
- }
206
+ const profile = this.getProfile(accountId, userId);
207
+ const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
208
+ const platformApiPromise = this.platformApi.checkPermissions(
209
+ profile,
210
+ internalAuthToken,
211
+ userId,
212
+ scopedActions
213
+ );
214
+
215
+ const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
228
216
 
229
217
  const endTime = performance.now();
230
218
  const time = endTime - startTime;
231
219
 
232
- // Record metrics for each authorization check
233
- for (const obj of scopedActionResponseObjects) {
220
+ // Compare responses and log differences
221
+ const differences: Array<{
222
+ action: string;
223
+ scope: ScopeOptions;
224
+ graphResult: ScopedActionPermit;
225
+ platformResult: ScopedActionPermit;
226
+ }> = [];
227
+
228
+ for (let i = 0; i < scopedActions.length; i++) {
229
+ const graphResult = graphApiResponse[i];
230
+ const platformResult = platformApiResponse[i];
231
+
232
+ const graphCan = graphResult?.permit?.can;
233
+ const platformCan = platformResult?.permit?.can;
234
+
235
+ if (graphCan !== platformCan) {
236
+ differences.push({
237
+ action: scopedActions[i].action,
238
+ scope: scopedActions[i].scope,
239
+ graphResult: graphResult?.permit,
240
+ platformResult: platformResult?.permit,
241
+ });
242
+ }
243
+ }
244
+
245
+ const isSame = differences.length === 0;
246
+
247
+ logger.info(
248
+ {
249
+ tag: 'authorization-service-api-comparison',
250
+ accountId,
251
+ userId,
252
+ profile,
253
+ scopedActionsCount: scopedActions.length,
254
+ isSame,
255
+ differencesCount: differences.length,
256
+ differences: differences.length > 0 ? differences : undefined,
257
+ graphApiResponse,
258
+ platformApiResponse,
259
+ timeMs: time,
260
+ },
261
+ `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`
262
+ );
263
+
264
+ // Record metrics for each authorization check (using platform response)
265
+ for (const obj of platformApiResponse) {
234
266
  const { action, scope } = obj.scopedAction;
235
267
  const { resourceType } = scopeToResource(scope);
236
268
  const isAuthorized = obj.permit.can;
237
269
  sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
238
- recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
270
+ recordAuthorizationTiming('platform', time, 'canActionInScopeMultiple');
239
271
  }
240
272
 
241
- return scopedActionResponseObjects;
273
+ // Return platform API response
274
+ return platformApiResponse;
242
275
  }
243
276
 
244
277
  private static async isAuthorizedSingular(