fulfillmentOrder.list calls `/assigned_fulfillment_orders` instead of `/orders/:id/fulfillment_orders`

[infiton]

We ran into an unexpected issue where we were calling shopify.fulfillmentOrder.list({orderId: ""}) with an access token that had the scopes read_merchant_managed_fulfillment_orders and read_third_party_fulfillment_orders but not read_ assigned_fulfillment_orders

We expected that this would call https://shopify.dev/docs/api/admin-rest/2023-10/resources/fulfillmentorder#get-orders-order-id-fulfillment-orders and respect:

API access scopes govern which fulfillments orders are returned. An API client will only receive a subset of the fulfillment orders which belong to an order if they don't have the necessary access scopes to view all of the fulfillment orders. In the case that an API client does not have the access scopes necessary to view any of the fulfillment orders belongs to an order, an empty array will be returned.

However we discovered that shopify.fulfillmentOrder.list calls orders/:id/assigned_fulfillment_orders instead.

Is this the expected behaviour?

[lpinca]

Yes, this was changed in https://github.com/MONEI/Shopify-api-node/commit/0505308fddec4556efcfc736bef08cdd85fbcfa4. /orders/:id/fulfillment_orders is called by shopify.order.fulfillmentOrders(id).

[infiton]

I see, as a suggestion maybe it should be shopify.assignedFulfillmentOrders