From 31ffcfbf1013d206414c5a1e8923dab5f082d27e Mon Sep 17 00:00:00 2001
From: artur <artur.magalhaes@vtex.com>
Date: Thu, 20 Feb 2025 15:31:34 -0300
Subject: [PATCH] fix: withPermissions directive to support sender app
 detection

---
 CHANGELOG.md                                 |  4 ++++
 node/resolvers/directives/withPermissions.ts | 22 ++++++++++----------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a3dd022..c230bf60 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Fixed
+
+- Bug fix on `withPermissions` directive to allow the use of the `sender` directive
+
 ## [0.63.3] - 2025-01-28
 ### Fixed
 - Fix return from `removeUserWithEmail`
diff --git a/node/resolvers/directives/withPermissions.ts b/node/resolvers/directives/withPermissions.ts
index c4ea8123..a718d650 100644
--- a/node/resolvers/directives/withPermissions.ts
+++ b/node/resolvers/directives/withPermissions.ts
@@ -7,11 +7,10 @@ import { SchemaDirectiveVisitor } from 'graphql-tools'
 import type StorefrontPermissions from '../../clients/storefrontPermissions'
 
 export const getUserPermission = async (
-  storefrontPermissions: StorefrontPermissions
+  storefrontPermissions: StorefrontPermissions,
+  app = 'vtex.b2b-organizations@0.x'
 ) => {
-  const result = await storefrontPermissions.checkUserPermission(
-    'vtex.b2b-organizations@0.x'
-  )
+  const result = await storefrontPermissions.checkUserPermission(app)
 
   return result?.data?.checkUserPermission ?? null
 }
@@ -20,21 +19,22 @@ export class WithPermissions extends SchemaDirectiveVisitor {
   public visitFieldDefinition(field: GraphQLField<any, any>) {
     const { resolve = defaultFieldResolver } = field
 
-    field.resolve = async (
-      root: any,
-      args: any,
-      context: Context,
-      info: any
-    ) => {
+    field.resolve = async (root: any, args: any, context: any, info: any) => {
       const {
         clients: { storefrontPermissions },
         vtex: { adminUserAuthToken, logger },
       } = context
 
       const appClients = context.vtex as any
+      const sender =
+        context?.graphql?.query?.senderApp ??
+        context?.graphql?.query?.extensions?.persistedQuery?.sender ??
+        context?.request?.header['x-b2b-senderapp'] ??
+        undefined
 
       appClients.storefrontPermissions = await getUserPermission(
-        storefrontPermissions
+        storefrontPermissions,
+        sender
       ).catch((error: any) => {
         if (!adminUserAuthToken) {
           logger.error({