Feat/acl #167
Feat/acl #167
Conversation
|
Hi! I'm VTEX IO CI/CD Bot and I'll be helping you to publish your app! 🤖 Please select which version do you want to release:
And then you just need to merge your PR when you are ready! There is no need to create a release commit/tag.
|
|
Beep boop 🤖 I noticed you didn't make any changes at the
In order to keep track, I'll create an issue if you decide now is not a good time
|
|
@giurigaud You need to resolve the conflicts and set the release in the PR. |
| @@ -44,7 +45,8 @@ export class ValidateAdminUserAccess extends SchemaDirectiveVisitor { | |||
| const { hasAdminToken, hasValidAdminToken } = await validateAdminToken( | |||
| context, | |||
| adminUserAuthToken as string, | |||
| metricFields | |||
| metricFields, | |||
| orgPermission | |||
There was a problem hiding this comment.
Did you test what happens when the value is different from 'buyer_organization_edit' | 'buyer_organization_view'?
| ) => { | ||
| const productCode = B2B_LM_PRODUCT_CODE // resource name on lincense manager = B2B | ||
|
|
||
| const checkOrgPermission = await this.get<boolean>( |
There was a problem hiding this comment.
How is the response time of this request? It is important to know what the impact of this request is.
What happens if the request fails due to a timeout or response error? The expected is to block all requests?
What problem is this solving?
Currently, when accessing organization management, any user can make any change. The goal is to implement a minimum control of viewing/changing.
VTEX already has two features in the license manager that are not used, called:
Buyer Organization View
Buyer Organization Edit
These two features could be used to facilitate the requested changes
How should this be manually tested?
Screenshots or example usage:
Related to: vtex-apps/b2b-organizations-graphql#181