diff --git a/tests/test_authorization.py b/tests/test_authorization.py index a4d0b1a8..cd78a3e2 100644 --- a/tests/test_authorization.py +++ b/tests/test_authorization.py @@ -1,6 +1,7 @@ from typing import Union import pytest +from tests.utils.fixtures.mock_environment_role import MockEnvironmentRole from tests.utils.fixtures.mock_organization_role import MockOrganizationRole from tests.utils.fixtures.mock_permission import MockPermission from tests.utils.list_resource import list_response_of @@ -218,9 +219,7 @@ def test_list_organization_roles( ) roles_response = syncify( - self.authorization.list_organization_roles( - "org_01EHT88Z8J8795GZNQ4ZP1J81T" - ) + self.authorization.list_organization_roles("org_01EHT88Z8J8795GZNQ4ZP1J81T") ) assert request_kwargs["method"] == "get" @@ -338,3 +337,113 @@ def test_remove_organization_role_permission( assert request_kwargs["url"].endswith( "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles/admin/permissions/documents:read" ) + + # --- Environment Role fixtures --- + + @pytest.fixture + def mock_environment_role(self): + return MockEnvironmentRole(id="role_01DEF").dict() + + @pytest.fixture + def mock_environment_roles(self): + return { + "data": [MockEnvironmentRole(id=f"role_{i}").dict() for i in range(5)], + "object": "list", + } + + # --- Environment Role tests --- + + def test_create_environment_role( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 201 + ) + + role = syncify( + self.authorization.create_environment_role(slug="member", name="Member") + ) + + assert role.id == "role_01DEF" + assert role.type == "EnvironmentRole" + assert request_kwargs["method"] == "post" + assert request_kwargs["url"].endswith("/authorization/roles") + assert request_kwargs["json"] == {"slug": "member", "name": "Member"} + + def test_list_environment_roles( + self, mock_environment_roles, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_roles, 200 + ) + + roles_response = syncify(self.authorization.list_environment_roles()) + + assert request_kwargs["method"] == "get" + assert request_kwargs["url"].endswith("/authorization/roles") + assert len(roles_response.data) == 5 + + def test_get_environment_role( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 200 + ) + + role = syncify(self.authorization.get_environment_role("member")) + + assert role.id == "role_01DEF" + assert request_kwargs["method"] == "get" + assert request_kwargs["url"].endswith("/authorization/roles/member") + + def test_update_environment_role( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 200 + ) + + role = syncify( + self.authorization.update_environment_role("member", name="Updated Member") + ) + + assert role.id == "role_01DEF" + assert request_kwargs["method"] == "patch" + assert request_kwargs["url"].endswith("/authorization/roles/member") + assert request_kwargs["json"] == {"name": "Updated Member"} + + def test_set_environment_role_permissions( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 200 + ) + + role = syncify( + self.authorization.set_environment_role_permissions( + "member", permissions=["documents:read"] + ) + ) + + assert role.id == "role_01DEF" + assert request_kwargs["method"] == "put" + assert request_kwargs["url"].endswith("/authorization/roles/member/permissions") + assert request_kwargs["json"] == {"permissions": ["documents:read"]} + + def test_add_environment_role_permission( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 200 + ) + + role = syncify( + self.authorization.add_environment_role_permission( + "member", permission_slug="documents:read" + ) + ) + + assert role.id == "role_01DEF" + assert request_kwargs["method"] == "post" + assert request_kwargs["url"].endswith("/authorization/roles/member/permissions") + assert request_kwargs["json"] == {"slug": "documents:read"} diff --git a/tests/utils/fixtures/mock_environment_role.py b/tests/utils/fixtures/mock_environment_role.py new file mode 100644 index 00000000..6063f3ff --- /dev/null +++ b/tests/utils/fixtures/mock_environment_role.py @@ -0,0 +1,19 @@ +import datetime + +from workos.types.authorization.environment_role import EnvironmentRole + + +class MockEnvironmentRole(EnvironmentRole): + def __init__(self, id: str): + now = datetime.datetime.now().isoformat() + super().__init__( + object="role", + id=id, + name="Member", + slug="member", + description="Default environment member role", + permissions=["documents:read"], + type="EnvironmentRole", + created_at=now, + updated_at=now, + ) diff --git a/workos/authorization.py b/workos/authorization.py index 2805652b..eb4cbfe8 100644 --- a/workos/authorization.py +++ b/workos/authorization.py @@ -1,10 +1,17 @@ -from typing import Any, Dict, Optional, Protocol, Sequence +from typing import Any, Dict, Optional, Protocol, Sequence, Union +from pydantic import TypeAdapter + +from workos.types.authorization.environment_role import ( + EnvironmentRole, + EnvironmentRoleList, +) from workos.types.authorization.organization_role import ( OrganizationRole, OrganizationRoleList, ) from workos.types.authorization.permission import Permission +from workos.types.authorization.role import Role, RoleList from workos.types.list_resource import ( ListArgs, ListMetadata, @@ -25,6 +32,8 @@ AUTHORIZATION_PERMISSIONS_PATH = "authorization/permissions" +_role_adapter: TypeAdapter[Role] = TypeAdapter(Role) + class PermissionListFilters(ListArgs, total=False): pass @@ -80,11 +89,11 @@ def create_organization_role( def list_organization_roles( self, organization_id: str - ) -> SyncOrAsync[OrganizationRoleList]: ... + ) -> SyncOrAsync[RoleList]: ... def get_organization_role( self, organization_id: str, slug: str - ) -> SyncOrAsync[OrganizationRole]: ... + ) -> SyncOrAsync[Role]: ... def update_organization_role( self, @@ -119,6 +128,42 @@ def remove_organization_role_permission( permission_slug: str, ) -> SyncOrAsync[None]: ... + # Environment Roles + + def create_environment_role( + self, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> SyncOrAsync[EnvironmentRole]: ... + + def list_environment_roles(self) -> SyncOrAsync[EnvironmentRoleList]: ... + + def get_environment_role(self, slug: str) -> SyncOrAsync[EnvironmentRole]: ... + + def update_environment_role( + self, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> SyncOrAsync[EnvironmentRole]: ... + + def set_environment_role_permissions( + self, + slug: str, + *, + permissions: Sequence[str], + ) -> SyncOrAsync[EnvironmentRole]: ... + + def add_environment_role_permission( + self, + slug: str, + *, + permission_slug: str, + ) -> SyncOrAsync[EnvironmentRole]: ... + class Authorization(AuthorizationModule): _http_client: SyncHTTPClient @@ -229,23 +274,21 @@ def create_organization_role( return OrganizationRole.model_validate(response) - def list_organization_roles(self, organization_id: str) -> OrganizationRoleList: + def list_organization_roles(self, organization_id: str) -> RoleList: response = self._http_client.request( f"authorization/organizations/{organization_id}/roles", method=REQUEST_METHOD_GET, ) - return OrganizationRoleList.model_validate(response) + return RoleList.model_validate(response) - def get_organization_role( - self, organization_id: str, slug: str - ) -> OrganizationRole: + def get_organization_role(self, organization_id: str, slug: str) -> Role: response = self._http_client.request( f"authorization/organizations/{organization_id}/roles/{slug}", method=REQUEST_METHOD_GET, ) - return OrganizationRole.model_validate(response) + return _role_adapter.validate_python(response) def update_organization_role( self, @@ -311,6 +354,92 @@ def remove_organization_role_permission( method=REQUEST_METHOD_DELETE, ) + # Environment Roles + + def create_environment_role( + self, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> EnvironmentRole: + json: Dict[str, Any] = {"slug": slug, "name": name} + if description is not None: + json["description"] = description + + response = self._http_client.request( + "authorization/roles", + method=REQUEST_METHOD_POST, + json=json, + ) + + return EnvironmentRole.model_validate(response) + + def list_environment_roles(self) -> EnvironmentRoleList: + response = self._http_client.request( + "authorization/roles", + method=REQUEST_METHOD_GET, + ) + + return EnvironmentRoleList.model_validate(response) + + def get_environment_role(self, slug: str) -> EnvironmentRole: + response = self._http_client.request( + f"authorization/roles/{slug}", + method=REQUEST_METHOD_GET, + ) + + return EnvironmentRole.model_validate(response) + + def update_environment_role( + self, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> EnvironmentRole: + json: Dict[str, Any] = {} + if name is not None: + json["name"] = name + if description is not None: + json["description"] = description + + response = self._http_client.request( + f"authorization/roles/{slug}", + method=REQUEST_METHOD_PATCH, + json=json, + ) + + return EnvironmentRole.model_validate(response) + + def set_environment_role_permissions( + self, + slug: str, + *, + permissions: Sequence[str], + ) -> EnvironmentRole: + response = self._http_client.request( + f"authorization/roles/{slug}/permissions", + method=REQUEST_METHOD_PUT, + json={"permissions": list(permissions)}, + ) + + return EnvironmentRole.model_validate(response) + + def add_environment_role_permission( + self, + slug: str, + *, + permission_slug: str, + ) -> EnvironmentRole: + response = self._http_client.request( + f"authorization/roles/{slug}/permissions", + method=REQUEST_METHOD_POST, + json={"slug": permission_slug}, + ) + + return EnvironmentRole.model_validate(response) + class AsyncAuthorization(AuthorizationModule): _http_client: AsyncHTTPClient @@ -421,25 +550,21 @@ async def create_organization_role( return OrganizationRole.model_validate(response) - async def list_organization_roles( - self, organization_id: str - ) -> OrganizationRoleList: + async def list_organization_roles(self, organization_id: str) -> RoleList: response = await self._http_client.request( f"authorization/organizations/{organization_id}/roles", method=REQUEST_METHOD_GET, ) - return OrganizationRoleList.model_validate(response) + return RoleList.model_validate(response) - async def get_organization_role( - self, organization_id: str, slug: str - ) -> OrganizationRole: + async def get_organization_role(self, organization_id: str, slug: str) -> Role: response = await self._http_client.request( f"authorization/organizations/{organization_id}/roles/{slug}", method=REQUEST_METHOD_GET, ) - return OrganizationRole.model_validate(response) + return _role_adapter.validate_python(response) async def update_organization_role( self, @@ -504,3 +629,89 @@ async def remove_organization_role_permission( f"authorization/organizations/{organization_id}/roles/{slug}/permissions/{permission_slug}", method=REQUEST_METHOD_DELETE, ) + + # Environment Roles + + async def create_environment_role( + self, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> EnvironmentRole: + json: Dict[str, Any] = {"slug": slug, "name": name} + if description is not None: + json["description"] = description + + response = await self._http_client.request( + "authorization/roles", + method=REQUEST_METHOD_POST, + json=json, + ) + + return EnvironmentRole.model_validate(response) + + async def list_environment_roles(self) -> EnvironmentRoleList: + response = await self._http_client.request( + "authorization/roles", + method=REQUEST_METHOD_GET, + ) + + return EnvironmentRoleList.model_validate(response) + + async def get_environment_role(self, slug: str) -> EnvironmentRole: + response = await self._http_client.request( + f"authorization/roles/{slug}", + method=REQUEST_METHOD_GET, + ) + + return EnvironmentRole.model_validate(response) + + async def update_environment_role( + self, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> EnvironmentRole: + json: Dict[str, Any] = {} + if name is not None: + json["name"] = name + if description is not None: + json["description"] = description + + response = await self._http_client.request( + f"authorization/roles/{slug}", + method=REQUEST_METHOD_PATCH, + json=json, + ) + + return EnvironmentRole.model_validate(response) + + async def set_environment_role_permissions( + self, + slug: str, + *, + permissions: Sequence[str], + ) -> EnvironmentRole: + response = await self._http_client.request( + f"authorization/roles/{slug}/permissions", + method=REQUEST_METHOD_PUT, + json={"permissions": list(permissions)}, + ) + + return EnvironmentRole.model_validate(response) + + async def add_environment_role_permission( + self, + slug: str, + *, + permission_slug: str, + ) -> EnvironmentRole: + response = await self._http_client.request( + f"authorization/roles/{slug}/permissions", + method=REQUEST_METHOD_POST, + json={"slug": permission_slug}, + ) + + return EnvironmentRole.model_validate(response) diff --git a/workos/types/authorization/__init__.py b/workos/types/authorization/__init__.py index 93dfa580..51ebd570 100644 --- a/workos/types/authorization/__init__.py +++ b/workos/types/authorization/__init__.py @@ -1,3 +1,7 @@ +from workos.types.authorization.environment_role import ( + EnvironmentRole as EnvironmentRole, + EnvironmentRoleList as EnvironmentRoleList, +) from workos.types.authorization.organization_role import ( OrganizationRole as OrganizationRole, OrganizationRoleList as OrganizationRoleList, @@ -5,3 +9,7 @@ from workos.types.authorization.permission import ( Permission as Permission, ) +from workos.types.authorization.role import ( + Role as Role, + RoleList as RoleList, +) diff --git a/workos/types/authorization/environment_role.py b/workos/types/authorization/environment_role.py new file mode 100644 index 00000000..a73d8ed5 --- /dev/null +++ b/workos/types/authorization/environment_role.py @@ -0,0 +1,20 @@ +from typing import Literal, Optional, Sequence + +from workos.types.workos_model import WorkOSModel + + +class EnvironmentRole(WorkOSModel): + object: Literal["role"] + id: str + name: str + slug: str + description: Optional[str] = None + permissions: Sequence[str] + type: Literal["EnvironmentRole"] + created_at: str + updated_at: str + + +class EnvironmentRoleList(WorkOSModel): + object: Literal["list"] + data: Sequence[EnvironmentRole] diff --git a/workos/types/authorization/role.py b/workos/types/authorization/role.py new file mode 100644 index 00000000..7ea6f747 --- /dev/null +++ b/workos/types/authorization/role.py @@ -0,0 +1,18 @@ +from typing import Literal, Sequence, Union + +from pydantic import Field +from typing_extensions import Annotated + +from workos.types.authorization.environment_role import EnvironmentRole +from workos.types.authorization.organization_role import OrganizationRole +from workos.types.workos_model import WorkOSModel + +Role = Annotated[ + Union[EnvironmentRole, OrganizationRole], + Field(discriminator="type"), +] + + +class RoleList(WorkOSModel): + object: Literal["list"] + data: Sequence[Role]