Merge pull request #43 from vtex-apps/hotfix/B2BTEAM-1487-remove-getR…

…oles-from-metrics fix: remove checkPermissions from metrics
vtex-apps · Nov 9, 2023 · bdb93fd · bdb93fd
2 parents a47b6b0 + 37e0855
commit bdb93fd
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- Remove get permissions from access audit metrics
+
 ## [2.4.0] - 2023-11-07
 
 ### Added

diff --git a/node/resolvers/directives/auditAccess.ts b/node/resolvers/directives/auditAccess.ts
@@ -2,7 +2,6 @@ import type { GraphQLField } from 'graphql'
 import { defaultFieldResolver } from 'graphql'
 import { SchemaDirectiveVisitor } from 'graphql-tools'
 
-import type StorefrontPermissions from '../../clients/storefrontPermissions'
 import sendAuthMetric, { AuthMetric } from '../../metrics/auth'
 
 export class AuditAccess extends SchemaDirectiveVisitor {
@@ -23,7 +22,6 @@ export class AuditAccess extends SchemaDirectiveVisitor {
 
   private async sendAuthMetric(field: GraphQLField<any, any>, context: any) {
     const {
-      clients: { storefrontPermissions },
       vtex: { adminUserAuthToken, storeUserAuthToken, account, logger },
       request,
     } = context
@@ -43,37 +41,15 @@ export class AuditAccess extends SchemaDirectiveVisitor {
     const hasStoreToken = !!storeUserAuthToken
     const hasApiToken = !!request.headers['vtex-api-apptoken']
 
-    let role
-    let permissions
-
-    if (hasAdminToken || hasStoreToken) {
-      const userPermissions = await this.getUserPermission(
-        storefrontPermissions
-      )
-
-      role = userPermissions?.role?.slug
-      permissions = userPermissions?.permissions
-    }
-
     const authMetric = new AuthMetric(account, {
       caller,
       forwardedHost,
       hasAdminToken,
       hasApiToken,
       hasStoreToken,
       operation,
-      permissions,
-      role,
     })
 
     await sendAuthMetric(logger, authMetric)
   }
-
-  private async getUserPermission(
-    storefrontPermissions: StorefrontPermissions
-  ) {
-    const result = await storefrontPermissions.checkUserPermission()
-
-    return result?.data?.checkUserPermission ?? null
-  }
 }