@mondaydotcomorg/monday-authorization 3.5.3-feat-shaime-support-entity-attributes-in-authorization-sdk-ade64f6 → 3.7.0-feat-shaime-support-entity-attributes-4-49e1de0

package/src/authorization-middleware.ts

@@ -1,13 +1,13 @@
 import onHeaders from 'on-headers';
 import { AuthorizationInternalService } from './authorization-internal-service';
 import { AuthorizationService, createAuthorizationParams } from './authorization-service';
-import { BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
+import { Action, BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
 import type { NextFunction } from 'express';
 
 // getAuthorizationMiddleware is duplicated in testKit/index.ts
 // If you are making changes to this function, please make sure to update the other file as well
 export function getAuthorizationMiddleware(
-  action: string,
+  action: Action,
   resourceGetter: ResourceGetter,
   contextGetter?: ContextGetter
 ) {

package/src/authorization-service.ts

@@ -3,7 +3,7 @@ import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
 import { getIgniteClient, IgniteClient } from '@mondaydotcomorg/ignite-sdk';
-import { AuthorizationObject, AuthorizationParams, Resource } from './types/general';
+import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
 import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service';
 import { recordAuthorizationTiming } from './metrics-service';
 import {
@@ -74,7 +74,7 @@ export class AuthorizationService {
     accountId: number,
     userId: number,
     resources: Resource[],
-    action: string
+    action: Action
   ): Promise<AuthorizeResponse>;
 
   static async isAuthorized(
@@ -223,7 +223,7 @@ export class AuthorizationService {
     accountId: number,
     userId: number,
     resources: Resource[],
-    action: string
+    action: Action
   ): Promise<AuthorizeResponse> {
     const { authorizationObjects } = createAuthorizationParams(resources, action);
     return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
@@ -338,7 +338,7 @@ export async function setIgniteClient() {
   AuthorizationInternalService.setIgniteClient(igniteClient);
 }
 
-export function createAuthorizationParams(resources: Resource[], action: string): AuthorizationParams {
+export function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams {
   const params = {
     authorizationObjects: resources.map((resource: Resource) => {
       const authorizationObject: AuthorizationObject = {

package/src/base-attribute-assignment.ts

@@ -1,4 +1,6 @@
 import { ValidationUtils } from './utils/validation';
+import isEqual from 'lodash/isEqual.js';
+import { EntityAttributeAssignment, ResourceAttributeDelete } from './types/authorization-attributes-contracts';
 
 /**
  * Base class for attribute assignments (Resource or Entity)
@@ -19,21 +21,16 @@ export abstract class BaseAttributeAssignment<TId extends number, TType extends
     idFieldName: string,
     typeFieldName: string
   ) {
-    // Validate id
-    ValidationUtils.validateInteger(id, idFieldName);
-
-    // Validate type
-    this.type = ValidationUtils.validateEnum(type, validTypes as readonly TType[], typeFieldName) as TType;
-
-    // Validate attributeKey
-    ValidationUtils.validateString(attributeKey, 'attributeKey');
-
-    // Validate attributeValue
-    ValidationUtils.validateString(attributeValue, 'attributeValue');
+    const validated = ValidationUtils.validateAssignment<TType>(
+      { id, type, attributeKey, attributeValue },
+      validTypes as readonly TType[],
+      { id: idFieldName, type: typeFieldName }
+    );
 
-    this.id = id;
-    this.attributeKey = attributeKey;
-    this.attributeValue = attributeValue;
+    this.id = validated.id as TId;
+    this.type = validated.type as TType;
+    this.attributeKey = validated.attributeKey;
+    this.attributeValue = validated.attributeValue;
   }
 
   /**
@@ -42,14 +39,8 @@ export abstract class BaseAttributeAssignment<TId extends number, TType extends
    * @returns true if all properties are equal
    */
   equals(other: BaseAttributeAssignment<TId, TType>): boolean {
-    if (!(other instanceof this.constructor)) {
-      return false;
-    }
-    return (
-      this.id === other.id &&
-      this.type === other.type &&
-      this.attributeKey === other.attributeKey &&
-      this.attributeValue === other.attributeValue
-    );
+    return isEqual(this, other);
   }
+
+  abstract toDataTransferObject(): EntityAttributeAssignment | ResourceAttributeDelete;
 }

package/src/entity-attribute-assignment.ts

@@ -6,10 +6,19 @@ export class EntityAttributeAssignment extends BaseAttributeAssignment<number, E
   public readonly entityType: EntityType;
 
   constructor(entityId: number, entityType: string, attributeKey: string, attributeValue: string) {
-    super(entityId, entityType, attributeKey, attributeValue, Object.values(ENTITY_TYPES), 'entityId', 'entityType');
+    super(entityId, entityType, attributeKey, attributeValue, ENTITY_TYPES, 'entityId', 'entityType');
     this.entityId = entityId;
     this.entityType = this.type;
   }
+
+  toDataTransferObject() {
+    return {
+      entityId: this.entityId,
+      entityType: this.entityType,
+      key: this.attributeKey,
+      value: this.attributeValue,
+    };
+  }
   /**
    * Compares two assignments for equality
    * @param other Another EntityAttributeAssignment instance

package/src/entity-attributes-constants.ts

@@ -1,7 +1,7 @@
-export const ENTITY_TYPES = {
-  USER: 'user',
-  TEAM: 'team',
-  ACCOUNT: 'account',
-} as const;
+export enum EntityType {
+  User = 'user',
+  Team = 'team',
+  Account = 'account',
+}
 
-export type EntityType = (typeof ENTITY_TYPES)[keyof typeof ENTITY_TYPES];
+export const ENTITY_TYPES = Object.freeze(Object.values(EntityType));

package/src/errors/argument-error.ts

@@ -2,6 +2,5 @@ export class ArgumentError extends Error {
   constructor(message: string) {
     super(message);
     this.name = 'ArgumentError';
-    Object.setPrototypeOf(this, ArgumentError.prototype);
   }
 }

package/src/index.ts

@@ -58,15 +58,6 @@ export {
 } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
-export { AuthorizationAttributesSnsService } from './authorization-attributes-sns-service';
-export { AuthorizationAttributesMsService } from './authorization-attributes-ms-service';
-export { IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
-export { ResourceAttributeAssignment } from './resource-attribute-assignment';
-export { RESOURCE_TYPES, RESOURCE_ATTRIBUTES_CONSTANTS } from './resource-attributes-constants';
-export { EntityAttributeAssignment } from './entity-attribute-assignment';
-export { ENTITY_TYPES } from './entity-attributes-constants';
-export { ArgumentError } from './errors/argument-error';
-export type { EntityType } from './entity-attributes-constants';
 export { RolesService } from './roles-service';
 export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';

package/src/prometheus-service.ts

@@ -1,3 +1,5 @@
+import { Action } from './types/general';
+
 let prometheus: any = null;
 let authorizationCheckResponseTimeMetric: any = null;
 
@@ -34,7 +36,7 @@ export function getMetricsManager() {
 
 export function sendAuthorizationCheckResponseTimeMetric(
   resourceType: string,
-  action: string,
+  action: Action,
   isAuthorized: boolean,
   responseStatus: number,
   time: number

package/src/resource-attribute-assignment.ts

@@ -5,7 +5,7 @@ export class ResourceAttributeAssignment extends BaseAttributeAssignment<number,
   public readonly resourceId: number;
   public readonly resourceType: ResourceType;
 
-  constructor(resourceId: number, resourceType: string, attributeKey: string, attributeValue: string) {
+  constructor(resourceId: number, resourceType: ResourceType, attributeKey: string, attributeValue: string) {
     super(
       resourceId,
       resourceType,
@@ -18,6 +18,15 @@ export class ResourceAttributeAssignment extends BaseAttributeAssignment<number,
     this.resourceId = resourceId;
     this.resourceType = this.type;
   }
+
+  toDataTransferObject() {
+    return {
+      resourceId: this.resourceId,
+      resourceType: this.resourceType,
+      key: this.attributeKey,
+      value: this.attributeValue,
+    };
+  }
   /**
    * Compares two assignments for equality
    * @param other Another ResourceAttributeAssignment instance

package/src/resource-attributes-constants.ts

@@ -11,25 +11,17 @@ export const RESOURCE_ATTRIBUTES_CONSTANTS = {
   },
 } as const;
 
-export type ResourceType =
-  | 'account'
-  | 'account_product'
-  | 'workspace'
-  | 'board'
-  | 'item'
-  | 'team'
-  | 'overview'
-  | 'document'
-  | 'crm';
+export enum ResourceType {
+  Account = 'account',
+  AccountProduct = 'account_product',
+  Workspace = 'workspace',
+  Board = 'board',
+  Item = 'item',
+  Team = 'team',
+  Overview = 'overview',
+  Document = 'document',
+  Crm = 'crm',
+}
 
-export const RESOURCE_TYPES = {
-  ACCOUNT: 'account',
-  ACCOUNT_PRODUCT: 'account_product',
-  WORKSPACE: 'workspace',
-  BOARD: 'board',
-  ITEM: 'item',
-  TEAM: 'team',
-  OVERVIEW: 'overview',
-  DOCUMENT: 'document',
-  CRM: 'crm',
-} as Record<string, ResourceType>;
+// Define the array of strings and use 'as const' to make its contents literal types
+export const RESOURCE_TYPES = Object.freeze(Object.values(ResourceType));

package/src/types/authorization-attributes-contracts.ts

@@ -2,8 +2,6 @@ import { Resource } from './general';
 import type { EntityType } from '../entity-attributes-constants';
 import type { ResourceType } from '../resource-attributes-constants';
 
-export type { EntityType, ResourceType };
-
 interface AttributeAssignment {
   key: string;
   value: string;

package/src/types/authorization-attributes-service.interface.ts

@@ -1,13 +1,13 @@
 import {
   ResourceAttributeAssignment as ResourceAttributeAssignmentContract,
   EntityAttributeAssignment as EntityAttributeAssignmentContract,
-  EntityType,
   ResourceAttributeOperation,
   EntityAttributeOperation,
 } from './authorization-attributes-contracts';
 import { ResourceAttributeAssignment } from '../resource-attribute-assignment';
 import { EntityAttributeAssignment } from '../entity-attribute-assignment';
 import { Resource } from './general';
+import { EntityType } from '../entity-attributes-constants';
 
 /**
  * Resource type compatible with both MS and SNS services
@@ -23,8 +23,8 @@ export interface CompatibleResource {
  * Interface for authorization attributes operations.
  * Both MS (direct) and SNS (async) services implement this interface.
  */
-export interface IAuthorizationAttributesService {
-  /**
+export interface AuthorizationAttributesService {
+  /**authorization-attributes-service.ts
    * Upserts resource attributes.
    * For MS service: returns Promise<void>
    * For SNS service: requires appName and callerActionIdentifier, returns Promise<ResourceAttributesOperation[]>

package/src/types/general.ts

@@ -5,17 +5,16 @@ export interface Resource {
   type: string;
   wrapperData?: object;
 }
-
+export type Action = string;
 export interface Context {
   accountId: number;
   userId: number;
 }
-
 export interface AuthorizationObject {
   resource_id?: Resource['id'];
   resource_type: Resource['type'];
   wrapper_data?: Resource['wrapperData'];
-  action: string;
+  action: Action;
 }
 export interface AuthorizationParams {
   authorizationObjects: AuthorizationObject[];

package/src/utils/validation.ts

@@ -1,114 +1,171 @@
-import { z } from 'zod';
+import Ajv from 'ajv';
 import { ArgumentError } from '../errors/argument-error';
+import { Resource } from '../types/general';
 
 /**
- * Utility class for common validation operations using Zod
+ * Utility class for common validation operations using AJV
  */
 export class ValidationUtils {
+  private static ajv = new Ajv({ allErrors: true });
   /**
-   * Validates that a value is an integer
-   * @param value The value to validate
-   * @param fieldName The name of the field for error messages
-   * @throws ArgumentError if value is not an integer
+   * Validates that a value is an integer. Throws ArgumentError with a descriptive message on failure.
    */
-  static validateInteger(value: any, fieldName: string): void {
-    const schema = z.number().int();
-    try {
-      schema.parse(value);
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        throw new ArgumentError(`${fieldName} must be an integer, got: ${value}`);
-      }
-      throw error;
+  static validateInteger(value: number): void {
+    const numberSchema = { type: 'number', multipleOf: 1 };
+    const validate = ValidationUtils.ajv.compile(numberSchema);
+    const isValid = validate(value);
+    if (!isValid) {
+      throw new ArgumentError(`Value must be an integer, got: ${value}`);
     }
   }
 
   /**
-   * Validates that a value is a non-empty string
-   * @param value The value to validate
-   * @param fieldName The name of the field for error messages
-   * @throws ArgumentError if value is not a string or is empty
+   * Validates that a value is a non-empty string. Throws ArgumentError on failure.
    */
-  static validateString(value: any, fieldName: string): void {
-    const schema = z.string().min(1);
-    try {
-      schema.parse(value);
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        if (typeof value !== 'string') {
-          throw new ArgumentError(`${fieldName} must be a string, got: ${typeof value}`);
-        }
-        throw new ArgumentError(`${fieldName} must be a non-empty string`);
-      }
-      throw error;
+  static validateString(value: string): void {
+    const non_empty_string_schema = {
+      type: 'string',
+      minLength: 1,
+      pattern: '\\S',
+    };
+    const validate = ValidationUtils.ajv.compile(non_empty_string_schema);
+    const isValid = validate(value);
+    if (!isValid) {
+      throw new ArgumentError(`Value must be a non-empty string, got: ${value}`);
     }
   }
 
   /**
-   * Validates that a value is an array and optionally checks minimum length
-   * @param value The value to validate
-   * @param fieldName The name of the field for error messages
-   * @param minLength Minimum required length (default: 0)
-   * @returns The validated array
-   * @throws ArgumentError if value is not an array or doesn't meet minimum length
+   * Validates that a value is an array of non-empty strings. Throws ArgumentError on failure.
+   * Allows empty arrays - caller should handle early return.
    */
-  static validateArray<T>(value: any, fieldName: string, minLength = 0): T[] {
-    const schema = z.array(z.any()).min(minLength);
-    try {
-      return schema.parse(value) as T[];
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        if (!Array.isArray(value)) {
-          throw new ArgumentError(`${fieldName} must be an array`);
-        }
-        throw new ArgumentError(`${fieldName} must have at least ${minLength} items`);
-      }
-      throw error;
+  static validateStringArray(value: string[]): void {
+    const string_array_schema = {
+      type: 'array',
+      items: {
+        type: 'string',
+        minLength: 1,
+        pattern: '\\S',
+      },
+    };
+    const validateStringArray = ValidationUtils.ajv.compile(string_array_schema);
+    const isValid = validateStringArray(value);
+    if (!isValid) {
+      throw new ArgumentError(`Value must be an array of non-empty strings, got: ${value}`);
     }
+    // Allow empty arrays to pass validation - caller should handle early return
+    // Non-empty arrays will be validated for string content above
   }
 
   /**
-   * Validates that a value is one of the allowed enum values
-   * @param value The value to validate
-   * @param validValues Array of valid values
-   * @param fieldName The name of the field for error messages
-   * @returns The validated value as the enum type
-   * @throws ArgumentError if value is not in validValues
+   * Validates an attribute assignment object using a single AJV schema.
+   * Preserves legacy error messages for each field.
    */
-  static validateEnum<T extends string>(value: string, validValues: readonly T[], fieldName: string): T {
-    const schema = z.enum(validValues as [T, ...T[]]);
-    try {
-      return schema.parse(value) as T;
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        throw new ArgumentError(`${fieldName} must be one of [${validValues.join(', ')}], got: ${value}`);
+  static validateAssignment<TType extends string>(
+    data: { id: any; type: string; attributeKey: any; attributeValue: any },
+    validTypes: readonly TType[],
+    fieldNames: { id: string; type: string }
+  ): { id: number; type: TType; attributeKey: string; attributeValue: string } {
+    const schema = {
+      type: 'object',
+      properties: {
+        id: { type: 'number', multipleOf: 1 },
+        type: { type: 'string', enum: validTypes as TType[] },
+        attributeKey: { type: 'string', minLength: 1 },
+        attributeValue: { type: 'string', minLength: 1 },
+      },
+      required: ['id', 'type', 'attributeKey', 'attributeValue'],
+      additionalProperties: false,
+    } as const;
+
+    const validate = this.ajv.compile(schema);
+    const valid = validate(data);
+    if (!valid) {
+      // Map to legacy error messages deterministically
+      const { id, type, attributeKey, attributeValue } = data;
+
+      // id must be integer
+      const isInteger = typeof id === 'number' && Number.isFinite(id) && Math.floor(id) === id;
+      if (!isInteger) {
+        throw new ArgumentError(`${fieldNames.id} must be an integer, got: ${id}`);
+      }
+
+      // type must be within enum
+      if (typeof type !== 'string' || !validTypes.includes(type as TType)) {
+        throw new ArgumentError(`${fieldNames.type} must be one of [${validTypes.join(', ')}], got: ${type}`);
+      }
+
+      // attributeKey
+      if (typeof attributeKey !== 'string') {
+        throw new ArgumentError(`attributeKey must be a string, got: ${typeof attributeKey}`);
+      }
+      if (!attributeKey) {
+        throw new ArgumentError('attributeKey must be a non-empty string');
       }
-      throw error;
+
+      // attributeValue
+      if (typeof attributeValue !== 'string') {
+        throw new ArgumentError(`attributeValue must be a string, got: ${typeof attributeValue}`);
+      }
+      if (!attributeValue) {
+        throw new ArgumentError('attributeValue must be a non-empty string');
+      }
+
+      // Fallback
+      throw new ArgumentError('Invalid attribute assignment');
     }
+
+    return {
+      id: data.id as number,
+      type: data.type as TType,
+      attributeKey: data.attributeKey as string,
+      attributeValue: data.attributeValue as string,
+    };
   }
 
   /**
-   * Validates that all items in an array are strings
-   * @param value Array to validate
-   * @param fieldName The name of the field for error messages
-   * @throws ArgumentError if any item is not a string
+   * Validates a Resource-like object shape: { id: number; type: string }.
+   * Throws ArgumentError with legacy-compatible messages.
    */
-  static validateStringArray(value: any[], fieldName: string): void {
-    const schema = z.array(z.string());
-    try {
-      schema.parse(value);
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        const zodError = error as z.ZodError;
-        const firstError = zodError.issues[0];
-        // Check if it's an array item validation error
-        if (firstError.path.length > 0 && typeof firstError.path[0] === 'number') {
-          const index = firstError.path[0];
-          throw new ArgumentError(`All ${fieldName} must be strings, but item at index ${index} is not`);
-        }
-        throw new ArgumentError(`${fieldName} must be an array`);
+  static validateResource(resource: Resource): void {
+    if (!resource || typeof resource !== 'object') {
+      throw new ArgumentError('resource must be an object');
+    }
+    const schema = {
+      type: 'object',
+      properties: {
+        id: { type: 'number', multipleOf: 1 },
+        type: { type: 'string', minLength: 1 },
+        wrapperData: { type: 'string' },
+      },
+      required: ['type', 'id'],
+      additionalProperties: false,
+    } as const;
+    const validate = this.ajv.compile(schema);
+    const isValid = validate(resource);
+    if (!isValid) {
+      throw new ArgumentError('Invalid resource');
+    }
+  }
+
+  static validateArrayTypeOf<T>(attributesMessages: T[], messageClass: abstract new (...args: any[]) => T): void {
+    const arraySchema = {
+      type: 'array',
+    };
+    const validateArray = ValidationUtils.ajv.compile(arraySchema);
+    const isArrayValid = validateArray(attributesMessages);
+    if (!isArrayValid) {
+      throw new ArgumentError(`attributesMessages must be an array`);
+    }
+    for (let i = 0; i < attributesMessages.length; i++) {
+      const item = attributesMessages[i];
+      if (!(item instanceof messageClass)) {
+        throw new ArgumentError(
+          `attributesMessages[${i}] must be an instance of ${messageClass.name}, got: ${
+            item?.constructor?.name || typeof item
+          }`
+        );
       }
-      throw error;
     }
   }
 }