feat: enhance ticket services to include authorization parameter

[michnowak]

What does this PR do?

• My bugfix

Related Ticket(s)

• Notion Ticket

Key Changes

• How does the code change address the issue? Describe, at a high level, what was done to affect change.
• What side effects does this change have? This is the most important question to answer, as it can point out problems where you are making too many changes in one commit or branch. One or two bullet points for related changes may be okay, but five or six are likely indicators of a commit that is doing too many things.

How to test

• Create a detailed description of what you need to do to set this PR up. ie: Does it need migrations? Do you need to install something?
• Create a step by step list of what the engineer needs to do to test.

Media (Loom or gif)

• Insert media here (if applicable)

Summary by CodeRabbit

• New Features

  • Multiple blocks now forward authorization context so lists, details, PDFs, notifications, invoices, payments, recommended products and service/resource details respect caller credentials.

• Chores

  • Minor releases published for affected blocks and mocked integrations to support the authorization changes.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
o2s-docs	Skipped		Mar 23, 2026 2:58pm

[coderabbitai]

Walkthrough

The PR threads Authorization header through multiple API-harmonization controllers and services: controllers now accept headers where needed, services extract Authorization before downstream calls and pass it as an extra argument, and mocked integration modules gain optional _authorization parameters in several method signatures.

Changes

Cohort / File(s)	Summary
Changesets \.changeset/breezy-humans-rescue.md, \.changeset/tough-aliens-throw.md	Add changeset entries marking minor bumps and describing authorization/header wiring across multiple packages.
Controllers (headers injected) packages/blocks/billing/invoice-list/src/api-harmonization/invoice-list.controller.ts, packages/blocks/notifications/notification-details/src/api-harmonization/notification-details.controller.ts	Controller handlers now accept @Headers() and forward headers to service methods (signature changes).
Ticket block services packages/blocks/support/ticket-details/.../ticket-details.service.ts, packages/blocks/support/ticket-list/.../ticket-list.service.ts, packages/blocks/support/ticket-recent/.../ticket-recent.service.ts, packages/blocks/support/ticket-summary/.../ticket-summary.service.ts	Extract authorization from headers up-front and pass it as an extra argument to underlying ticket service calls; permission/enrichment logic remains conditional on authorization.
Notification block services packages/blocks/notifications/notification-details/.../notification-details.service.ts, packages/blocks/notifications/notification-list/.../notification-list.service.ts, packages/blocks/notifications/notification-summary/.../notification-summary.service.ts	Move Authorization extraction out of map callbacks and pass authorization into notification service get/list/markAs calls. One service method signature (markNotificationAs) now accepts headers.
Billing & payments services packages/blocks/billing/invoice-list/.../invoice-list.service.ts, packages/blocks/billing/payments-history/.../payments-history.service.ts, packages/blocks/billing/payments-summary/.../payments-summary.service.ts	Extract Authorization before external calls and pass it into invoiceService calls (including getInvoicePdf now receives headers from controller).
Other block services packages/blocks/products/recommended-products/.../recommended-products.service.ts, packages/blocks/services/service-details/.../service-details.service.ts	Extract Authorization early and forward it to productsService.getProductList / resourceService.getService as an additional argument.
Integrations — mocked modules packages/integrations/mocked/src/modules/tickets/tickets.service.ts, .../invoices/invoices.service.ts, .../notifications/notifications.service.ts, .../resources/resources.service.ts	Added optional _authorization?: string parameter to many mocked integration methods (get*, get*List, markAs, getInvoicePdf, getService, getAsset, purchase/activate methods). Implementations unchanged (param unused).

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant Controller
  participant BlockService as Block Service
  participant Integration as Mocked Integration
  rect rgba(135,206,235,0.5)
    Client->>Controller: HTTP request (includes Authorization header)
    Controller->>BlockService: callBlock(..., headers)
    BlockService->>BlockService: const authorization = headers.Authorization
    BlockService->>Integration: getList(query, authorization)
    Integration-->>BlockService: items[]
    BlockService->>BlockService: map items -> enrich permissions if authorization
    BlockService-->>Controller: block response
    Controller-->>Client: HTTP response
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feature/list blocks update with initialFilters option #409: Modifies ticket-list.service.ts and changes arguments passed to ticket service methods — directly related to ticket list authorization wiring.
• Feat/medusajs integration for checkout process #679: Adds/changes authorization propagation in integration service APIs — similar signature additions in mocked modules.
• Feature/medusa integration - product section #662: Alters recommended-products getProductList call parameters (limit/args) — touches same product-list call modified here to accept authorization.

Suggested reviewers

• marcinkrasowski
• tomaszpacior

Poem

🐰 I hopped through headers, bright and spry,
Carried Authorization up high,
From controller burrow to service glade,
Mocked methods got a tiny braid,
Permissions peek out where tokens lie. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is a template placeholder with no actual content filled in; critical sections like Key Changes, How to test, and Related Ticket details are incomplete or generic.	Replace template placeholders with actual content: explain how authorization parameter changes address the issue, document side effects (the changeset shows updates across 11+ packages), and provide concrete testing steps.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding authorization parameter handling to ticket services across multiple service files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/enhance-ticket-services-to-include-authorization-parameter

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report for packages/configs/vitest-config

Status	Category	Percentage	Covered / Total
🔵	Lines	78.16%	1732 / 2216
🔵	Statements	77.11%	1822 / 2363
🔵	Functions	74.33%	524 / 705
🔵	Branches	65.79%	1148 / 1745

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
packages/blocks/products/recommended-products/src/api-harmonization/recommended-products.service.ts	20%	33.33%	14.28%	20%	24-68

Generated in workflow #563 for commit 6a25a68 by the Vitest Coverage Report Action

[coderabbitai]

🧹 Nitpick comments (1)

packages/blocks/billing/invoice-list/src/api-harmonization/invoice-list.service.ts (1)

72-74: Keep getInvoicePdf() transport-agnostic.

This method only uses headers[H.Authorization], so accepting the whole AppHeaders object makes the service boundary more HTTP-coupled than it needs to be.

♻️ Narrow the service boundary

-    getInvoicePdf(id: string, headers: AppHeaders): Observable<Buffer> {
-        const authorization = headers[H.Authorization];
-        return this.invoiceService.getInvoicePdf({ id }, authorization);
+    getInvoicePdf(id: string, authorization?: string): Observable<Buffer> {
+        return this.invoiceService.getInvoicePdf({ id }, authorization);
     }

The controller can extract the authorization value before calling this method.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/blocks/billing/invoice-list/src/api-harmonization/invoice-list.service.ts`
around lines 72 - 74, The getInvoicePdf method is HTTP-coupled by accepting the
whole AppHeaders; change its signature to accept the authorization string
instead (e.g., getInvoicePdf(id: string, authorization: string)) and update call
sites so the controller extracts headers[H.Authorization] before calling; inside
invoice-list.service.ts replace usage of headers[H.Authorization] with the new
authorization parameter and pass that into invoiceService.getInvoicePdf({ id },
authorization).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@packages/blocks/billing/invoice-list/src/api-harmonization/invoice-list.service.ts`:
- Around line 72-74: The getInvoicePdf method is HTTP-coupled by accepting the
whole AppHeaders; change its signature to accept the authorization string
instead (e.g., getInvoicePdf(id: string, authorization: string)) and update call
sites so the controller extracts headers[H.Authorization] before calling; inside
invoice-list.service.ts replace usage of headers[H.Authorization] with the new
authorization parameter and pass that into invoiceService.getInvoicePdf({ id },
authorization).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 84b00e6e-1121-475b-a676-606af9c31533

📥 Commits

Reviewing files that changed from the base of the PR and between 28d8248 and 6a25a68.

📒 Files selected for processing (14)

• .changeset/tough-aliens-throw.md
• packages/blocks/billing/invoice-list/src/api-harmonization/invoice-list.controller.ts
• packages/blocks/billing/invoice-list/src/api-harmonization/invoice-list.service.ts
• packages/blocks/billing/payments-history/src/api-harmonization/payments-history.service.ts
• packages/blocks/billing/payments-summary/src/api-harmonization/payments-summary.service.ts
• packages/blocks/notifications/notification-details/src/api-harmonization/notification-details.controller.ts
• packages/blocks/notifications/notification-details/src/api-harmonization/notification-details.service.ts
• packages/blocks/notifications/notification-list/src/api-harmonization/notification-list.service.ts
• packages/blocks/notifications/notification-summary/src/api-harmonization/notification-summary.service.ts
• packages/blocks/products/recommended-products/src/api-harmonization/recommended-products.service.ts
• packages/blocks/services/service-details/src/api-harmonization/service-details.service.ts
• packages/integrations/mocked/src/modules/invoices/invoices.service.ts
• packages/integrations/mocked/src/modules/notifications/notifications.service.ts
• packages/integrations/mocked/src/modules/resources/resources.service.ts

✅ Files skipped from review due to trivial changes (1)

• .changeset/tough-aliens-throw.md