Merge pull request #186 from vtex-apps/fix/B2BTEAM-1689-check-user-pe…

…rmission-error fix: check user permission error
vtex-apps · Oct 29, 2024 · 00914b7 · 00914b7
2 parents 32d2db3 + c981a89
commit 00914b7
Show file tree

Hide file tree

Showing 5 changed files with 103 additions and 64 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Fixed
+- Avoid calls to checkUserPermissions when session data is not available
+
 ## [0.61.0] - 2024-10-16
 
 ### Added

diff --git a/node/resolvers/Queries/CostCenters.ts b/node/resolvers/Queries/CostCenters.ts
@@ -313,22 +313,26 @@ const costCenters = {
       throw new Error('This organization is not active')
     }
 
-    const {
-      data: { checkUserPermission },
-    }: any = await storefrontPermissions
-      .checkUserPermission('[email protected]')
-      .catch((error: any) => {
-        logger.error({
-          error,
-          message: 'checkUserPermission-error',
+    let checkUserPermission = null
+
+    if (sessionData?.namespaces) {
+      const checkUserPermissionResult = await storefrontPermissions
+        .checkUserPermission('[email protected]')
+        .catch((error: any) => {
+          logger.error({
+            error,
+            message: 'checkUserPermission-error',
+          })
+
+          return {
+            data: {
+              checkUserPermission: null,
+            },
+          }
         })
 
-        return {
-          data: {
-            checkUserPermission: null,
-          },
-        }
-      })
+      checkUserPermission = checkUserPermissionResult?.data?.checkUserPermission
+    }
 
     const isSalesAdmin = checkUserPermission?.role.slug.match(/sales-admin/)
 

diff --git a/node/resolvers/Queries/Organizations.ts b/node/resolvers/Queries/Organizations.ts
@@ -189,42 +189,47 @@ const Organizations = {
   ) => {
     const organizationFilters: string[] = []
     let fromSession = false
-    const {
-      data: { checkUserPermission },
-    }: any = await storefrontPermissions
-      .checkUserPermission('[email protected]')
+
+    const sessionData = await session
+      .getSession(sessionToken as string, ['*'])
+      .then((currentSession: any) => {
+        return currentSession.sessionData
+      })
       .catch((error: any) => {
-        logger.error({
+        logger.warn({
           error,
-          message: 'checkUserPermission-error',
+          message: 'getOrganizationsByEmail-session-error',
         })
 
-        return {
-          data: {
-            checkUserPermission: null,
-          },
-        }
+        return null
       })
 
-    if (
-      (!adminUserAuthToken &&
-        !checkUserPermission?.permissions.includes('add-sales-users-all')) ||
-      !(email?.length > 0)
-    ) {
-      const sessionData = await session
-        .getSession(sessionToken as string, ['*'])
-        .then((currentSession: any) => {
-          return currentSession.sessionData
-        })
+    let checkUserPermission = null
+
+    if (sessionData?.namespaces) {
+      const checkUserPermissionResult = await storefrontPermissions
+        .checkUserPermission('[email protected]')
         .catch((error: any) => {
-          logger.warn({
+          logger.error({
             error,
-            message: 'getOrganizationsByEmail-session-error',
+            message: 'checkUserPermission-error',
           })
 
-          return null
+          return {
+            data: {
+              checkUserPermission: null,
+            },
+          }
         })
 
+      checkUserPermission = checkUserPermissionResult?.data?.checkUserPermission
+    }
+
+    if (
+      (!adminUserAuthToken &&
+        !checkUserPermission?.permissions.includes('add-sales-users-all')) ||
+      !(email?.length > 0)
+    ) {
       if (checkUserPermission?.permissions.includes('add-users-organization')) {
         const orgId =
           sessionData?.namespaces?.['storefront-permissions']?.organization

diff --git a/node/resolvers/Queries/Users.ts b/node/resolvers/Queries/Users.ts
@@ -122,10 +122,15 @@ const checkUserPermissions = async ({
   logger,
 }: any) => {
   const { sessionData } = vtex
-  const { checkUserPermission } = await getCheckUserPermission({
-    logger,
-    storefrontPermissions,
-  })
+
+  let checkUserPermission = null
+
+  if (sessionData?.namespaces) {
+    checkUserPermission = await getCheckUserPermission({
+      logger,
+      storefrontPermissions,
+    })
+  }
 
   const condition = validateUserAdmin
     ? !adminUserAuthToken && !isSalesAdmin(checkUserPermission)
@@ -233,14 +238,32 @@ const Users = {
     ctx: Context
   ) => {
     const {
-      clients: { storefrontPermissions, masterdata },
-      vtex: { adminUserAuthToken, logger },
+      clients: { storefrontPermissions, session, masterdata },
+      vtex: { adminUserAuthToken, logger, sessionToken },
     } = ctx
 
-    const { checkUserPermission } = await getCheckUserPermission({
-      logger,
-      storefrontPermissions,
-    })
+    const sessionData = await session
+      .getSession(sessionToken as string, ['*'])
+      .then((currentSession: any) => {
+        return currentSession.sessionData
+      })
+      .catch((error: any) => {
+        logger.warn({
+          error,
+          message: 'getOrganizationsWithoutSalesManager-session-error',
+        })
+
+        return null
+      })
+
+    let checkUserPermission = null
+
+    if (sessionData?.namespaces) {
+      checkUserPermission = await getCheckUserPermission({
+        logger,
+        storefrontPermissions,
+      })
+    }
 
     if (!adminUserAuthToken && !isSalesAdmin(checkUserPermission)) {
       throw new GraphQLError('operation-not-permitted')
@@ -252,7 +275,7 @@ const Users = {
       .then((result: any) => {
         return result.data.listAllUsers
       })
-      .catch((error) => {
+      .catch((error: any) => {
         logger.error({
           error,
           message: 'getOrganizationsWithoutSalesManager-getUsers-error',

diff --git a/node/resolvers/Routes/index.ts b/node/resolvers/Routes/index.ts
@@ -35,23 +35,27 @@ const getUserAndPermissions = async (ctx: Context) => {
     throw new ForbiddenError('Access denied')
   }
 
-  const {
-    data: { checkUserPermission },
-  }: any = await storefrontPermissions
-    // It is necessary to send the app name, because the check user return the permissions relative to orders-history to access the page.
-    .checkUserPermission('[email protected]')
-    .catch((error: any) => {
-      logger.error({
-        message: 'checkUserPermission-error',
-        error,
+  let checkUserPermission = null
+
+  if (sessionData?.namespaces) {
+    const checkUserPermissionResult = await storefrontPermissions
+      // It is necessary to send the app name, because the check user return the permissions relative to orders-history to access the page.
+      .checkUserPermission('[email protected]')
+      .catch((error: any) => {
+        logger.error({
+          message: 'checkUserPermission-error',
+          error,
+        })
+
+        return {
+          data: {
+            checkUserPermission: null,
+          },
+        }
       })
 
-      return {
-        data: {
-          checkUserPermission: null,
-        },
-      }
-    })
+    checkUserPermission = checkUserPermissionResult?.data?.checkUserPermission
+  }
 
   const organizationId =
     sessionData?.namespaces['storefront-permissions']?.organization?.value