From 926aeccf19df85f337c0d33f772f00881c2c1856 Mon Sep 17 00:00:00 2001 From: Matheus-Aguilar Date: Thu, 24 Oct 2024 16:06:36 -0300 Subject: [PATCH 1/5] fix: do not call storefront permissions when there is no session data --- node/resolvers/Queries/CostCenters.ts | 32 ++++++++------- node/resolvers/Queries/Organizations.ts | 53 ++++++++++++++----------- node/resolvers/Queries/Users.ts | 31 ++++++++++----- node/resolvers/Routes/index.ts | 34 +++++++++------- 4 files changed, 86 insertions(+), 64 deletions(-) diff --git a/node/resolvers/Queries/CostCenters.ts b/node/resolvers/Queries/CostCenters.ts index 304e2eda..40927296 100644 --- a/node/resolvers/Queries/CostCenters.ts +++ b/node/resolvers/Queries/CostCenters.ts @@ -313,22 +313,26 @@ const costCenters = { throw new Error('This organization is not active') } - const { - data: { checkUserPermission }, - }: any = await storefrontPermissions - .checkUserPermission('vtex.b2b-organizations@1.x') - .catch((error: any) => { - logger.error({ - error, - message: 'checkUserPermission-error', + let checkUserPermission = null + + if (sessionData?.namespaces) { + const checkUserPermissionResult = await storefrontPermissions + .checkUserPermission('vtex.b2b-organizations@1.x') + .catch((error: any) => { + logger.error({ + error, + message: 'checkUserPermission-error', + }) + + return { + data: { + checkUserPermission: null, + }, + } }) - return { - data: { - checkUserPermission: null, - }, - } - }) + checkUserPermission = checkUserPermissionResult?.data?.checkUserPermission + } const isSalesAdmin = checkUserPermission?.role.slug.match(/sales-admin/) diff --git a/node/resolvers/Queries/Organizations.ts b/node/resolvers/Queries/Organizations.ts index 1faeb1e5..f541e1fe 100644 --- a/node/resolvers/Queries/Organizations.ts +++ b/node/resolvers/Queries/Organizations.ts @@ -189,42 +189,47 @@ const Organizations = { ) => { const organizationFilters: string[] = [] let fromSession = false - const { - data: { checkUserPermission }, - }: any = await storefrontPermissions - .checkUserPermission('vtex.b2b-organizations@1.x') + + const sessionData = await session + .getSession(sessionToken as string, ['*']) + .then((currentSession: any) => { + return currentSession.sessionData + }) .catch((error: any) => { - logger.error({ + logger.warn({ error, - message: 'checkUserPermission-error', + message: 'getOrganizationsByEmail-session-error', }) - return { - data: { - checkUserPermission: null, - }, - } + return null }) - if ( - (!adminUserAuthToken && - !checkUserPermission?.permissions.includes('add-sales-users-all')) || - !(email?.length > 0) - ) { - const sessionData = await session - .getSession(sessionToken as string, ['*']) - .then((currentSession: any) => { - return currentSession.sessionData - }) + let checkUserPermission = null + + if (sessionData?.namespaces) { + const checkUserPermissionResult = await storefrontPermissions + .checkUserPermission('vtex.b2b-organizations@1.x') .catch((error: any) => { - logger.warn({ + logger.error({ error, - message: 'getOrganizationsByEmail-session-error', + message: 'checkUserPermission-error', }) - return null + return { + data: { + checkUserPermission: null, + }, + } }) + checkUserPermission = checkUserPermissionResult?.data?.checkUserPermission + } + + if ( + (!adminUserAuthToken && + !checkUserPermission?.permissions.includes('add-sales-users-all')) || + !(email?.length > 0) + ) { if (checkUserPermission?.permissions.includes('add-users-organization')) { const orgId = sessionData?.namespaces?.['storefront-permissions']?.organization diff --git a/node/resolvers/Queries/Users.ts b/node/resolvers/Queries/Users.ts index 9bf50e3f..4f8dbad9 100644 --- a/node/resolvers/Queries/Users.ts +++ b/node/resolvers/Queries/Users.ts @@ -122,10 +122,15 @@ const checkUserPermissions = async ({ logger, }: any) => { const { sessionData } = vtex - const { checkUserPermission } = await getCheckUserPermission({ - logger, - storefrontPermissions, - }) + + let checkUserPermission = null + + if (sessionData?.namespaces) { + checkUserPermission = await getCheckUserPermission({ + logger, + storefrontPermissions, + }) + } const condition = validateUserAdmin ? !adminUserAuthToken && !isSalesAdmin(checkUserPermission) @@ -234,13 +239,17 @@ const Users = { ) => { const { clients: { storefrontPermissions, masterdata }, - vtex: { adminUserAuthToken, logger }, - } = ctx + vtex: { adminUserAuthToken, logger, sessionData }, + } = ctx as any - const { checkUserPermission } = await getCheckUserPermission({ - logger, - storefrontPermissions, - }) + let checkUserPermission = null + + if (sessionData?.namespaces) { + checkUserPermission = await getCheckUserPermission({ + logger, + storefrontPermissions, + }) + } if (!adminUserAuthToken && !isSalesAdmin(checkUserPermission)) { throw new GraphQLError('operation-not-permitted') @@ -252,7 +261,7 @@ const Users = { .then((result: any) => { return result.data.listAllUsers }) - .catch((error) => { + .catch((error: any) => { logger.error({ error, message: 'getOrganizationsWithoutSalesManager-getUsers-error', diff --git a/node/resolvers/Routes/index.ts b/node/resolvers/Routes/index.ts index f8d62284..cfea1fd6 100644 --- a/node/resolvers/Routes/index.ts +++ b/node/resolvers/Routes/index.ts @@ -35,23 +35,27 @@ const getUserAndPermissions = async (ctx: Context) => { throw new ForbiddenError('Access denied') } - const { - data: { checkUserPermission }, - }: any = await storefrontPermissions - // It is necessary to send the app name, because the check user return the permissions relative to orders-history to access the page. - .checkUserPermission('vtex.b2b-orders-history@0.x') - .catch((error: any) => { - logger.error({ - message: 'checkUserPermission-error', - error, + let checkUserPermission = null + + if (sessionData?.namespaces) { + const checkUserPermissionResult = await storefrontPermissions + // It is necessary to send the app name, because the check user return the permissions relative to orders-history to access the page. + .checkUserPermission('vtex.b2b-orders-history@0.x') + .catch((error: any) => { + logger.error({ + message: 'checkUserPermission-error', + error, + }) + + return { + data: { + checkUserPermission: null, + }, + } }) - return { - data: { - checkUserPermission: null, - }, - } - }) + checkUserPermission = checkUserPermissionResult?.data?.checkUserPermission + } const organizationId = sessionData?.namespaces['storefront-permissions']?.organization?.value From a0099321f2d5c2bb0eb57def65920fc6ff840526 Mon Sep 17 00:00:00 2001 From: Matheus-Aguilar Date: Fri, 25 Oct 2024 11:38:04 -0300 Subject: [PATCH 2/5] fix: get session data correctly in organizations without sales manager query --- node/resolvers/Queries/Users.ts | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/node/resolvers/Queries/Users.ts b/node/resolvers/Queries/Users.ts index 4f8dbad9..4a5a2346 100644 --- a/node/resolvers/Queries/Users.ts +++ b/node/resolvers/Queries/Users.ts @@ -238,9 +238,23 @@ const Users = { ctx: Context ) => { const { - clients: { storefrontPermissions, masterdata }, - vtex: { adminUserAuthToken, logger, sessionData }, - } = ctx as any + clients: { storefrontPermissions, session, masterdata }, + vtex: { adminUserAuthToken, logger, sessionToken }, + } = ctx + + const sessionData = await session + .getSession(sessionToken as string, ['*']) + .then((currentSession: any) => { + return currentSession.sessionData + }) + .catch((error: any) => { + logger.warn({ + error, + message: 'getOrganizationsByEmail-session-error', + }) + + return null + }) let checkUserPermission = null From 66911665187ff4e25751092788f141bb630eaa7d Mon Sep 17 00:00:00 2001 From: Matheus-Aguilar Date: Fri, 25 Oct 2024 13:28:37 -0300 Subject: [PATCH 3/5] chore: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 30172d05..ea5c0b6b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). ## [Unreleased] +- Avoid calls to checkUserPermissions when session data is not available ## [0.61.0] - 2024-10-16 From 27b5d89da0e8f04c67e3aa912a4cd8faeba9c911 Mon Sep 17 00:00:00 2001 From: Matheus-Aguilar Date: Fri, 25 Oct 2024 13:37:51 -0300 Subject: [PATCH 4/5] chore: fix changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea5c0b6b..546d1504 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). ## [Unreleased] + +### Fixed - Avoid calls to checkUserPermissions when session data is not available ## [0.61.0] - 2024-10-16 From c981a89b152f38d22997bfd35f9cb95f773e45d8 Mon Sep 17 00:00:00 2001 From: Matheus-Aguilar Date: Tue, 29 Oct 2024 10:22:30 -0300 Subject: [PATCH 5/5] fix: adjust logger warn message --- node/resolvers/Queries/Users.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node/resolvers/Queries/Users.ts b/node/resolvers/Queries/Users.ts index 4a5a2346..60c3a053 100644 --- a/node/resolvers/Queries/Users.ts +++ b/node/resolvers/Queries/Users.ts @@ -250,7 +250,7 @@ const Users = { .catch((error: any) => { logger.warn({ error, - message: 'getOrganizationsByEmail-session-error', + message: 'getOrganizationsWithoutSalesManager-session-error', }) return null