@mondaydotcomorg/monday-authorization 3.5.1-debug-getprofile-not-resolving-to-internal-ba14ff5 → 3.5.1-debug-getprofile-not-resolving-to-internal-d02966c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/authorization-service.d.ts.map +1 -1
  2. package/dist/authorization-service.js +25 -8
  3. package/dist/clients/graph-api.d.ts +5 -1
  4. package/dist/clients/graph-api.d.ts.map +1 -1
  5. package/dist/clients/graph-api.js +4 -2
  6. package/dist/esm/authorization-service.d.ts.map +1 -1
  7. package/dist/esm/authorization-service.mjs +25 -8
  8. package/dist/esm/clients/graph-api.d.ts +5 -1
  9. package/dist/esm/clients/graph-api.d.ts.map +1 -1
  10. package/dist/esm/clients/graph-api.mjs +4 -2
  11. package/package.json +1 -1
  12. package/src/authorization-service.ts +33 -10
  13. package/src/clients/graph-api.ts +5 -3
package/dist/authorization-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAiFnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1
+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAwGnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
package/dist/authorization-service.js CHANGED
@@ -134,22 +134,41 @@ class AuthorizationService {
134
134
  const profile = this.getProfile(accountId, userId);
135
135
  const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
136
136
  const platformApiPromise = this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
137
- const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
137
+ const [graphApiResult, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
138
+ const graphApiResponse = graphApiResult.mapped;
139
+ const graphApiRawResponse = graphApiResult.raw;
138
140
  const endTime = perf_hooks.performance.now();
139
141
  const time = endTime - startTime;
140
- // Compare responses and log differences
142
+ // Compare responses and log differences with raw lookup values
141
143
  const differences = [];
142
144
  for (let i = 0; i < scopedActions.length; i++) {
143
145
  const graphResult = graphApiResponse[i];
144
146
  const platformResult = platformApiResponse[i];
147
+ const { action, scope } = scopedActions[i];
148
+ const { resourceType, resourceId } = utils_authorization_utils.scopeToResource(scope);
145
149
  const graphCan = graphResult?.permit?.can;
146
150
  const platformCan = platformResult?.permit?.can;
151
+ // Log the raw lookup values for debugging
152
+ const graphResponseAtPath = graphApiRawResponse?.[resourceType]?.[String(resourceId)]?.[action];
153
+ authorizationInternalService.logger.info({
154
+ tag: 'authorization-service-api-comparison-detail',
155
+ action,
156
+ scope,
157
+ resourceType,
158
+ resourceId,
159
+ graphResponseAtPath,
160
+ graphCan,
161
+ platformCan,
162
+ }, `API comparison detail for ${action} on ${resourceType}/${resourceId}`);
147
163
  if (graphCan !== platformCan) {
148
164
  differences.push({
149
- action: scopedActions[i].action,
150
- scope: scopedActions[i].scope,
151
- graphResult: graphResult?.permit,
152
- platformResult: platformResult?.permit,
165
+ action,
166
+ scope,
167
+ resourceType,
168
+ resourceId,
169
+ graphResponseAtPath,
170
+ graphCan,
171
+ platformCan,
153
172
  });
154
173
  }
155
174
  }
@@ -163,8 +182,6 @@ class AuthorizationService {
163
182
  isSame,
164
183
  differencesCount: differences.length,
165
184
  differences: differences.length > 0 ? differences : undefined,
166
- graphApiResponse,
167
- platformApiResponse,
168
185
  timeMs: time,
169
186
  }, `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`);
170
187
  // Record metrics for each authorization check (using platform response)
package/dist/clients/graph-api.d.ts CHANGED
@@ -21,8 +21,12 @@ export declare class GraphApi {
21
21
  private static mapResponse;
22
22
  /**
23
23
  * Performs a complete authorization check using the Graph API
24
+ * Returns both the mapped response and raw response for debugging
24
25
  */
25
- checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
26
+ checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<{
27
+ mapped: ScopedActionResponseObject[];
28
+ raw: GraphIsAllowedResponse;
29
+ }>;
26
30
  private static ensureGraphReason;
27
31
  }
28
32
  //# sourceMappingURL=graph-api.d.ts.map
package/dist/clients/graph-api.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1
+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;;OAGG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;QAAC,GAAG,EAAE,sBAAsB,CAAA;KAAE,CAAC;IAOjF,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
package/dist/clients/graph-api.js CHANGED
@@ -115,11 +115,13 @@ class GraphApi {
115
115
  }
116
116
  /**
117
117
  * Performs a complete authorization check using the Graph API
118
+ * Returns both the mapped response and raw response for debugging
118
119
  */
119
120
  async checkPermissions(accountId, userId, scopedActions) {
120
121
  const authToken = mondayJwt.signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
121
- const response = await this.fetchPermissions(authToken, scopedActions);
122
- return GraphApi.mapResponse(scopedActions, response);
122
+ const rawResponse = await this.fetchPermissions(authToken, scopedActions);
123
+ const mappedResponse = GraphApi.mapResponse(scopedActions, rawResponse);
124
+ return { mapped: mappedResponse, raw: rawResponse };
123
125
  }
124
126
  static ensureGraphReason(reason, context) {
125
127
  if (!reason || typeof reason !== 'object' || typeof reason.key !== 'string') {
package/dist/esm/authorization-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAiFnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1
+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAwCZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBAwGnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
package/dist/esm/authorization-service.mjs CHANGED
@@ -132,22 +132,41 @@ class AuthorizationService {
132
132
  const profile = this.getProfile(accountId, userId);
133
133
  const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
134
134
  const platformApiPromise = this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
135
- const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
135
+ const [graphApiResult, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
136
+ const graphApiResponse = graphApiResult.mapped;
137
+ const graphApiRawResponse = graphApiResult.raw;
136
138
  const endTime = performance.now();
137
139
  const time = endTime - startTime;
138
- // Compare responses and log differences
140
+ // Compare responses and log differences with raw lookup values
139
141
  const differences = [];
140
142
  for (let i = 0; i < scopedActions.length; i++) {
141
143
  const graphResult = graphApiResponse[i];
142
144
  const platformResult = platformApiResponse[i];
145
+ const { action, scope } = scopedActions[i];
146
+ const { resourceType, resourceId } = scopeToResource(scope);
143
147
  const graphCan = graphResult?.permit?.can;
144
148
  const platformCan = platformResult?.permit?.can;
149
+ // Log the raw lookup values for debugging
150
+ const graphResponseAtPath = graphApiRawResponse?.[resourceType]?.[String(resourceId)]?.[action];
151
+ logger.info({
152
+ tag: 'authorization-service-api-comparison-detail',
153
+ action,
154
+ scope,
155
+ resourceType,
156
+ resourceId,
157
+ graphResponseAtPath,
158
+ graphCan,
159
+ platformCan,
160
+ }, `API comparison detail for ${action} on ${resourceType}/${resourceId}`);
145
161
  if (graphCan !== platformCan) {
146
162
  differences.push({
147
- action: scopedActions[i].action,
148
- scope: scopedActions[i].scope,
149
- graphResult: graphResult?.permit,
150
- platformResult: platformResult?.permit,
163
+ action,
164
+ scope,
165
+ resourceType,
166
+ resourceId,
167
+ graphResponseAtPath,
168
+ graphCan,
169
+ platformCan,
151
170
  });
152
171
  }
153
172
  }
@@ -161,8 +180,6 @@ class AuthorizationService {
161
180
  isSame,
162
181
  differencesCount: differences.length,
163
182
  differences: differences.length > 0 ? differences : undefined,
164
- graphApiResponse,
165
- platformApiResponse,
166
183
  timeMs: time,
167
184
  }, `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`);
168
185
  // Record metrics for each authorization check (using platform response)
package/dist/esm/clients/graph-api.d.ts CHANGED
@@ -21,8 +21,12 @@ export declare class GraphApi {
21
21
  private static mapResponse;
22
22
  /**
23
23
  * Performs a complete authorization check using the Graph API
24
+ * Returns both the mapped response and raw response for debugging
24
25
  */
25
- checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
26
+ checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<{
27
+ mapped: ScopedActionResponseObject[];
28
+ raw: GraphIsAllowedResponse;
29
+ }>;
26
30
  private static ensureGraphReason;
27
31
  }
28
32
  //# sourceMappingURL=graph-api.d.ts.map
package/dist/esm/clients/graph-api.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1
+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;;OAGG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;QAAC,GAAG,EAAE,sBAAsB,CAAA;KAAE,CAAC;IAOjF,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
package/dist/esm/clients/graph-api.mjs CHANGED
@@ -113,11 +113,13 @@ class GraphApi {
113
113
  }
114
114
  /**
115
115
  * Performs a complete authorization check using the Graph API
116
+ * Returns both the mapped response and raw response for debugging
116
117
  */
117
118
  async checkPermissions(accountId, userId, scopedActions) {
118
119
  const authToken = signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
119
- const response = await this.fetchPermissions(authToken, scopedActions);
120
- return GraphApi.mapResponse(scopedActions, response);
120
+ const rawResponse = await this.fetchPermissions(authToken, scopedActions);
121
+ const mappedResponse = GraphApi.mapResponse(scopedActions, rawResponse);
122
+ return { mapped: mappedResponse, raw: rawResponse };
121
123
  }
122
124
  static ensureGraphReason(reason, context) {
123
125
  if (!reason || typeof reason !== 'object' || typeof reason.key !== 'string') {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mondaydotcomorg/monday-authorization",
3
- "version": "3.5.1-debug-getprofile-not-resolving-to-internal-ba14ff5",
3
+ "version": "3.5.1-debug-getprofile-not-resolving-to-internal-d02966c",
4
4
  "main": "dist/index.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "license": "BSD-3-Clause",
package/src/authorization-service.ts CHANGED
@@ -212,32 +212,57 @@ export class AuthorizationService {
212
212
  scopedActions
213
213
  );
214
214
 
215
- const [graphApiResponse, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
215
+ const [graphApiResult, platformApiResponse] = await Promise.all([graphApiPromise, platformApiPromise]);
216
+ const graphApiResponse = graphApiResult.mapped;
217
+ const graphApiRawResponse = graphApiResult.raw;
216
218
 
217
219
  const endTime = performance.now();
218
220
  const time = endTime - startTime;
219
221
 
220
- // Compare responses and log differences
222
+ // Compare responses and log differences with raw lookup values
221
223
  const differences: Array<{
222
224
  action: string;
223
225
  scope: ScopeOptions;
224
- graphResult: ScopedActionPermit;
225
- platformResult: ScopedActionPermit;
226
+ resourceType: string;
227
+ resourceId: number;
228
+ graphResponseAtPath: unknown;
229
+ graphCan: boolean | undefined;
230
+ platformCan: boolean | undefined;
226
231
  }> = [];
227
232
 
228
233
  for (let i = 0; i < scopedActions.length; i++) {
229
234
  const graphResult = graphApiResponse[i];
230
235
  const platformResult = platformApiResponse[i];
231
236
 
237
+ const { action, scope } = scopedActions[i];
238
+ const { resourceType, resourceId } = scopeToResource(scope);
239
+
232
240
  const graphCan = graphResult?.permit?.can;
233
241
  const platformCan = platformResult?.permit?.can;
234
242
 
243
+ // Log the raw lookup values for debugging
244
+ const graphResponseAtPath = graphApiRawResponse?.[resourceType]?.[String(resourceId)]?.[action];
245
+
246
+ logger.info({
247
+ tag: 'authorization-service-api-comparison-detail',
248
+ action,
249
+ scope,
250
+ resourceType,
251
+ resourceId,
252
+ graphResponseAtPath,
253
+ graphCan,
254
+ platformCan,
255
+ }, `API comparison detail for ${action} on ${resourceType}/${resourceId}`);
256
+
235
257
  if (graphCan !== platformCan) {
236
258
  differences.push({
237
- action: scopedActions[i].action,
238
- scope: scopedActions[i].scope,
239
- graphResult: graphResult?.permit,
240
- platformResult: platformResult?.permit,
259
+ action,
260
+ scope,
261
+ resourceType,
262
+ resourceId,
263
+ graphResponseAtPath,
264
+ graphCan,
265
+ platformCan,
241
266
  });
242
267
  }
243
268
  }
@@ -254,8 +279,6 @@ export class AuthorizationService {
254
279
  isSame,
255
280
  differencesCount: differences.length,
256
281
  differences: differences.length > 0 ? differences : undefined,
257
- graphApiResponse,
258
- platformApiResponse,
259
282
  timeMs: time,
260
283
  },
261
284
  `API comparison: graphApi vs platformApi - ${isSame ? 'SAME' : 'DIFFERENT'}`
package/src/clients/graph-api.ts CHANGED
@@ -146,15 +146,17 @@ export class GraphApi {
146
146
 
147
147
  /**
148
148
  * Performs a complete authorization check using the Graph API
149
+ * Returns both the mapped response and raw response for debugging
149
150
  */
150
151
  async checkPermissions(
151
152
  accountId: number,
152
153
  userId: number,
153
154
  scopedActions: ScopedAction[]
154
- ): Promise<ScopedActionResponseObject[]> {
155
+ ): Promise<{ mapped: ScopedActionResponseObject[]; raw: GraphIsAllowedResponse }> {
155
156
  const authToken = signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
156
- const response = await this.fetchPermissions(authToken, scopedActions);
157
- return GraphApi.mapResponse(scopedActions, response);
157
+ const rawResponse = await this.fetchPermissions(authToken, scopedActions);
158
+ const mappedResponse = GraphApi.mapResponse(scopedActions, rawResponse);
159
+ return { mapped: mappedResponse, raw: rawResponse };
158
160
  }
159
161
 
160
162
  private static ensureGraphReason(