All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- Fixed
canImpersonateparameter not being properly propagated inupdateUsermutation, which was preventing the field from being updated
- [B2BTEAM-3133] Add
view-sellerpermission to access Seller Register API endpoints. This is required to comply with VTEX's new granular permissions security policy.
- Updated GitHub Actions quality-engineering workflow to v3.1.0
- Remove status validation in
getOrganizationByIdStorefrontto allow retrieval of organizations with "on-hold" or "inactive" status, enabling users to view and switch to active organizations
- Introduced the getOrganizationsPaginatedByEmail function to retrieve organizations with pagination, preventing timeouts.
- Deduplicate emails in organization status change notification
- Policies for view and edit for buyer organizations
- Update dependency major version. If you are updating to this major version, make sure to update the following apps (if you have then installed) to the following major versions:
- vtex.b2b-admin-customers@2.x
- vtex.b2b-checkout-settings@3.x
- vtex.b2b-my-account@2.x
- vtex.b2b-orders-history@2.x
- vtex.b2b-organizations@3.x
- vtex.b2b-organizations-graphql@2.x
- vtex.b2b-quotes@3.x
- vtex.b2b-quotes-graphql@4.x
- vtex.b2b-suite@2.x
- vtex.b2b-theme@5.x
- vtex.storefront-permissions-components@2.x
- vtex.storefront-permissions-ui@1.x
- Added license manager permissions for read/write access (Product 97 Buyer Organizations View and Edit)
- Add user email to order cancellation reason
- Changed getOrganizationRequestById and getCostCenters cache control to private, allowing auth cookies to be sent
- Invalidate admin token if an invalid token is provided
- Generating new patch version
- Fixed token validation directives
- Update dependency major version. If you are updating to this major version, make sure to update the following apps (if you have then installed) to the following major versions:
- vtex.b2b-admin-customers@1.x
- vtex.b2b-checkout-settings@2.x
- vtex.b2b-my-account@1.x
- vtex.b2b-orders-history@1.x
- vtex.b2b-organizations@2.x
- vtex.b2b-quotes@2.x
- vtex.b2b-quotes-graphql@3.x
- vtex.b2b-suite@1.x
- vtex.b2b-theme@4.x
- vtex.storefront-permissions@2.x
- vtex.storefront-permissions-components@1.x
- vtex.storefront-permissions-ui@2.x
- Add
noteswhen updating organization request document
- Bug fix on
withPermissionsdirective to allow the use of thesenderdirective
- Fix return from
removeUserWithEmail
- Fix
saveB2BSettingsmutation whenuiSettingsis absent
- Added mail notification to
createOrganizationAndCostCenterWithAdminUsermutation
- Remove merge marker from code
- Add TopBarSettings type in B2B settings and updated saveB2BSettings to use the new topBar field in UISettings
- Add getActiveOrganizationsByEmail to return only active organizations
- Avoid calls to checkUserPermissions when session data is not available
Full ImpersonationOrganization Setting, this will allow a Impersonator to also Switch between the User's Organization/Cost Center
- Add new store user token validation directive to some APIs
- Add permission createQuote to organization
- Add new admin token validation directive to getOrganizationsWithoutSalesManager
- Change GetOrganizationRequests API cache control scope to private
- Add new admin token validation directive to some APIs
- Remove error log when file not found for marketing's tags.
- Add logging for store token validation
Adds a new getAccount query to retrieve account information. It includes fields such as id, name, accountName, tradingName, and isActive. This query is implemented in both the GraphQL schema and the LMClient class.
- Add paymentTerms field to cost center input on mutations
- Add new
getSellersPaginatedquery to allow pagination on sellers query
- Add paymentTerms field on create cost center mutation
- New admin user token validation directive
- Provide app token on calls to storefront-permissions app
- Audit metrics for some graphql APIs
- Improve access directives
- Removed 0.50.0 version changes which contained a bug
Trade Nameto be searchable (Admin)Trade Nameto the Organization listing page (Admin)Trade Nameto the Organization Requests listing page (Admin)- Event listener to update schemas once new app version is released
- Fix check access directive by allowing appkey tokens for authentication
- Improve logging and metrics for checkUserAccess and checkAdminAccess directives
- Add metric to check access directives
- Provide correct tokens to clients
- Use b2b-organizations app name on checkUserPermission to correctly get the user permissions
- Fix getCostCenterById query when the cost center is not found
- Add new removeUserWithEmail graphql API for bulk import use case
- Skip auth token validation when the x-vtex-caller is b2b-checkout-settings
- Policies config rollback for graphql operations. Enable configuration.
- add a check condition for the caller, to allow requests from storefront-permissions in the flow create session.
- Add analytics client to properly send metrics to redshift
- Add retries to
sendMetricto avoid connection errors
- Allow
paymentTerms,collectionsandsellersto be provided by name only oncreateOrganizationAndCostCenterWithAdminUser
- Validate if the session token is not undefined to set as headers to call storefront-permissions
- Add token validation in graphql operations and token to call storefront-permission
- Add new createUserWithEmail graphql API for bulk import use case
- allow creation of cost center with an user provided id
- Remove get permissions from access audit metrics
- add an authentication metric to check if the access is authenticated
- Fix costCenterId null in the response when using 'createOrganization' mutation
- use cost center ID created on approve organization request
- fallback to check an admin token on the header
- add new mutation to create organization and cost center specifying the id
- Fix to impersonate user with the role
sales
- Add change organization status metrics(approved or declined)
- Add metrics to maintain buyer organization users
- Add metrics on updating organization data
- Added event trigger on delete a user
- Use Orders endpoint instead of OMS to obtain order information
- Added metrics for impersonate user
- Load impersonated user email when using OOTB impersonation
- Fixed error when fetching a user's role slug
- Fix auth problem when fetching orders history
- Added the custom fields to the graphql query
- Add
/_v/privateprefix to service routes to allow session token to be forwarded to resolver
- Fixed messages errors on impersonate
- Added flag for not uploading log on Cabueta execution
- Fix Cabueta config
- Added security scan on pipeline
- Fix auth problem when fetching orders history
- Setup unit tests and fix lint errors
- Bug fixed on creating the organization with marketing tags and sellers
- Added marketing tags to the cost center payload
- Added sellers by cost center (scope)
- Fixed adding multiple cost centers from an organization request
- Fixed users when there are multiple cost centers
- Not able to add User
- Hotfix to force housekeeper to update the app
- Fixed impersonation user
- Security issue fixed
- [ENGINEERS-1247] - Disable cypress tests in PR level
- Added two new boolean values in order to prevent user from changing state and business field in the cost center
- Added the businessDocument as search field
- Fixed createOrganization schema to accept customFields
- Fixed VtexIdclientAutCookie when send the headers properly
- Run schedule job only on saturday
- Bug fix on checking app and api keys
- Bug fixed on save user (last name data)
- Added the email transactional to the organization request and the options for disabling/enabling them.
- Fixed the adminToken when get the users queries
- Added custom fields for organizations and cost centers
- added sellers to orgs
- added ui modal options to settings
- added sellers to organization request
- Added the apiToken apiKey validation
ListOrderspolicy
- Added the field to add multiple cost centers to an organization request
- Added the paymentTerms, sales channel and price tables do the organization request to add when the organization is created
- Added the notifyUser flag throughout the organization mutations which implies that the user will be notified when the organization is created or updated by email
- Removing JWT dependency
- Allow users to set auto approval for new organization with a new setting fields
- Cypress improvements
- Added the state registration number to cost center schema
- Split bindings testcase into two files
- Change app settings to store settings in VBase
- Added the salesChannel field to Organization type
- Updated graphql schema and added and fix a bug when the query is called
- Added marketing tags to the b2b scope
- Update GitHub reusable workflow to version 2
- Fixed the default accessibility for binding selection setting
- Added permission to save the app settings
- Added sales channels binding selection setting
- Added a check verification if the organization is active
- Bug fixed on impersonation user
- Added a graphql query to fetch all organizations from a user by email parameter
- Added the cookie header to storefront permissions requests passing the authentication token.
- If a cost center address is missing an
addressId, one will be automatically generated and saved when querying a cost center by ID
- App Review: Added logging, fixed security issues and code cleanup
- Fixed on update the user data, and it disappeared from the list
- Allow emails associated with declined requests to request new organization
- Add error messages improvement
- Allow
tradeNameandphoneNumberfields to be emptied when organization or cost center are updated
- Add optional
tradeNameargument toupdateOrganizationmutation
- Github Action to trigger manual tests by dispatch
- Support for organization
tradeNamefield and cost centerphoneNumberfield (both optional)
- Added the query to get the organizations without a sales manager
- Added handling to the addUser mutation by showing the correct message when the user already exists.
- Added the pagination to getUsers query
- Cancellation request route to support
vtex.b2b-orders-history - Checkout client
- Permission check in
orderroute
- Use admin OMS API to get order details, to ensure we have the user's email
- Added duplicate check for create organization request
- the structure of the components has been improved;
- Added 2 mutations in order to follow the mutations from storefront permissions (updateUser and addUser);
- Remove a couple of conditionals nested;
- Remove unnecessary variables, some changes to inline returns;
- add subfield
emailof theb2bCustomerAdminfield to check duplicate requests by email
Added 2 mutations to handle the cost center addresses
- updateCostCenterAddress
- createCostCenterAddress see schema/schema.graphql for more details
- Optional
businessDocumentfield for cost centers
- Adjust
getPaymentTermsquery so that it now returns all enabled payment methods, not just promissories
- In the
ordersroute handler, request the user's permissions forvtex.b2b-orders-historyinstead ofvtex.b2b-organizations
- In
impersonateUserresolver, ifclIdis provided butuserIdis not, check CL document to see if userId exists there and then update storefront-permissions' user record - Similarly, when editing a user, if
userIdis null, check CL document to see if userId exists there and then sync it with storefront-permissions
- Use storefront-permissions' GraphQL interface directly instead of sending requests through
vtex.graphql-server
impersonateUsermutation- Permission checks related to sales roles
- Increase timeout
checkConfigpromise bug that prevented MD schema from being created
- Correctly handle spaces when searching masterdata
- Use CL id instead of user id in
saveUserandremoveUseroperations
- SonarCloud PR integration
- Organization admins will be notified via email if an organization's status changes
- App no longer stores data in AppSettings, to allow app to function without being explicitly installed
- Enable immediate indexing for MD schemas
costCentersproperty in organization schema (expect this to be an empty array)
- Support for enabling/disabling specific payment terms per cost center
- When an organization request is approved, the user specified as the organization admin is now created and/or the appropriate permissions and organization / cost center are assigned to them.
- Improved email templates for organization creation / approval / denial
- Format of creation date MD schema fields to allow for proper date sorting
- Properly return ID of created MD document in GraphQL mutations that create documents
- Use returned value
DocumentIdfrom MD creation operations instead ofIdto eliminate unnecessaryreplace()functions
- Permissions check to
getUsersquery andsaveUser,removeUsermutations
getCostCenterByIdStorefrontquery ID argument is now optional, will use user's cost center ID as default
- Made storefront queries private
- Send email to Sales Admins and Customer Admin on organization and request updates.
/b2b/oms/user/checkout/route to returnpaymentTermsand Cost Center addresses
- Create separate queries for storefront users that check user's permissions
- Initialize
B2BUserquery field resolvers - Don't set
sessionTokenheader inGraphQLServerclient if token is null
getUsersquerysaveUserandremoveUsermutationswithSessiondirectivegetOrganizationByIdandgetCostCenterByOrganizationIdqueries will now use the user's organization ID if no ID argument is provided
- Allow organization names to be changed
- App sender from
vtex.b2b-organizations@0.xtovtex.b2b-orders-history@0.x
- Payment Term support
- Orders history support
getCostCentersquery
- handle spaces in masterdata search terms
- Add
schemaargument toupdateCostCentermasterdata call - Utilize
whereargument for masterdata searches (instead of unsupportedkeywordargument)
- Correct handling of masterdata document IDs in
createOrganizationandcreateCostCenterresolvers
- Initial release