diff --git a/tests/test_authorization.py b/tests/test_authorization.py index dd00bd53..cd78a3e2 100644 --- a/tests/test_authorization.py +++ b/tests/test_authorization.py @@ -1,6 +1,8 @@ from typing import Union import pytest +from tests.utils.fixtures.mock_environment_role import MockEnvironmentRole +from tests.utils.fixtures.mock_organization_role import MockOrganizationRole from tests.utils.fixtures.mock_permission import MockPermission from tests.utils.list_resource import list_response_of from tests.utils.syncify import syncify @@ -170,3 +172,278 @@ def test_delete_permission(self, capture_and_mock_http_client_request): assert request_kwargs["url"].endswith( "/authorization/permissions/documents:read" ) + + # --- Organization Role fixtures --- + + @pytest.fixture + def mock_organization_role(self): + return MockOrganizationRole(id="role_01ABC").dict() + + @pytest.fixture + def mock_organization_roles(self): + return { + "data": [MockOrganizationRole(id=f"role_{i}").dict() for i in range(5)], + "object": "list", + } + + # --- Organization Role tests --- + + def test_create_organization_role( + self, mock_organization_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_organization_role, 201 + ) + + role = syncify( + self.authorization.create_organization_role( + "org_01EHT88Z8J8795GZNQ4ZP1J81T", + slug="admin", + name="Admin", + ) + ) + + assert role.id == "role_01ABC" + assert role.type == "OrganizationRole" + assert request_kwargs["method"] == "post" + assert request_kwargs["url"].endswith( + "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles" + ) + assert request_kwargs["json"] == {"slug": "admin", "name": "Admin"} + + def test_list_organization_roles( + self, mock_organization_roles, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_organization_roles, 200 + ) + + roles_response = syncify( + self.authorization.list_organization_roles("org_01EHT88Z8J8795GZNQ4ZP1J81T") + ) + + assert request_kwargs["method"] == "get" + assert request_kwargs["url"].endswith( + "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles" + ) + assert len(roles_response.data) == 5 + + def test_get_organization_role( + self, mock_organization_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_organization_role, 200 + ) + + role = syncify( + self.authorization.get_organization_role( + "org_01EHT88Z8J8795GZNQ4ZP1J81T", "admin" + ) + ) + + assert role.id == "role_01ABC" + assert request_kwargs["method"] == "get" + assert request_kwargs["url"].endswith( + "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles/admin" + ) + + def test_update_organization_role( + self, mock_organization_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_organization_role, 200 + ) + + role = syncify( + self.authorization.update_organization_role( + "org_01EHT88Z8J8795GZNQ4ZP1J81T", + "admin", + name="Super Admin", + ) + ) + + assert role.id == "role_01ABC" + assert request_kwargs["method"] == "patch" + assert request_kwargs["url"].endswith( + "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles/admin" + ) + assert request_kwargs["json"] == {"name": "Super Admin"} + + def test_set_organization_role_permissions( + self, mock_organization_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_organization_role, 200 + ) + + role = syncify( + self.authorization.set_organization_role_permissions( + "org_01EHT88Z8J8795GZNQ4ZP1J81T", + "admin", + permissions=["documents:read", "documents:write"], + ) + ) + + assert role.id == "role_01ABC" + assert request_kwargs["method"] == "put" + assert request_kwargs["url"].endswith( + "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles/admin/permissions" + ) + assert request_kwargs["json"] == { + "permissions": ["documents:read", "documents:write"] + } + + def test_add_organization_role_permission( + self, mock_organization_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_organization_role, 200 + ) + + role = syncify( + self.authorization.add_organization_role_permission( + "org_01EHT88Z8J8795GZNQ4ZP1J81T", + "admin", + permission_slug="documents:read", + ) + ) + + assert role.id == "role_01ABC" + assert request_kwargs["method"] == "post" + assert request_kwargs["url"].endswith( + "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles/admin/permissions" + ) + assert request_kwargs["json"] == {"slug": "documents:read"} + + def test_remove_organization_role_permission( + self, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, + 202, + headers={"content-type": "text/plain; charset=utf-8"}, + ) + + response = syncify( + self.authorization.remove_organization_role_permission( + "org_01EHT88Z8J8795GZNQ4ZP1J81T", + "admin", + permission_slug="documents:read", + ) + ) + + assert response is None + assert request_kwargs["method"] == "delete" + assert request_kwargs["url"].endswith( + "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles/admin/permissions/documents:read" + ) + + # --- Environment Role fixtures --- + + @pytest.fixture + def mock_environment_role(self): + return MockEnvironmentRole(id="role_01DEF").dict() + + @pytest.fixture + def mock_environment_roles(self): + return { + "data": [MockEnvironmentRole(id=f"role_{i}").dict() for i in range(5)], + "object": "list", + } + + # --- Environment Role tests --- + + def test_create_environment_role( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 201 + ) + + role = syncify( + self.authorization.create_environment_role(slug="member", name="Member") + ) + + assert role.id == "role_01DEF" + assert role.type == "EnvironmentRole" + assert request_kwargs["method"] == "post" + assert request_kwargs["url"].endswith("/authorization/roles") + assert request_kwargs["json"] == {"slug": "member", "name": "Member"} + + def test_list_environment_roles( + self, mock_environment_roles, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_roles, 200 + ) + + roles_response = syncify(self.authorization.list_environment_roles()) + + assert request_kwargs["method"] == "get" + assert request_kwargs["url"].endswith("/authorization/roles") + assert len(roles_response.data) == 5 + + def test_get_environment_role( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 200 + ) + + role = syncify(self.authorization.get_environment_role("member")) + + assert role.id == "role_01DEF" + assert request_kwargs["method"] == "get" + assert request_kwargs["url"].endswith("/authorization/roles/member") + + def test_update_environment_role( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 200 + ) + + role = syncify( + self.authorization.update_environment_role("member", name="Updated Member") + ) + + assert role.id == "role_01DEF" + assert request_kwargs["method"] == "patch" + assert request_kwargs["url"].endswith("/authorization/roles/member") + assert request_kwargs["json"] == {"name": "Updated Member"} + + def test_set_environment_role_permissions( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 200 + ) + + role = syncify( + self.authorization.set_environment_role_permissions( + "member", permissions=["documents:read"] + ) + ) + + assert role.id == "role_01DEF" + assert request_kwargs["method"] == "put" + assert request_kwargs["url"].endswith("/authorization/roles/member/permissions") + assert request_kwargs["json"] == {"permissions": ["documents:read"]} + + def test_add_environment_role_permission( + self, mock_environment_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_environment_role, 200 + ) + + role = syncify( + self.authorization.add_environment_role_permission( + "member", permission_slug="documents:read" + ) + ) + + assert role.id == "role_01DEF" + assert request_kwargs["method"] == "post" + assert request_kwargs["url"].endswith("/authorization/roles/member/permissions") + assert request_kwargs["json"] == {"slug": "documents:read"} diff --git a/tests/utils/fixtures/mock_environment_role.py b/tests/utils/fixtures/mock_environment_role.py new file mode 100644 index 00000000..6063f3ff --- /dev/null +++ b/tests/utils/fixtures/mock_environment_role.py @@ -0,0 +1,19 @@ +import datetime + +from workos.types.authorization.environment_role import EnvironmentRole + + +class MockEnvironmentRole(EnvironmentRole): + def __init__(self, id: str): + now = datetime.datetime.now().isoformat() + super().__init__( + object="role", + id=id, + name="Member", + slug="member", + description="Default environment member role", + permissions=["documents:read"], + type="EnvironmentRole", + created_at=now, + updated_at=now, + ) diff --git a/tests/utils/fixtures/mock_organization_role.py b/tests/utils/fixtures/mock_organization_role.py new file mode 100644 index 00000000..f2b5ac8c --- /dev/null +++ b/tests/utils/fixtures/mock_organization_role.py @@ -0,0 +1,24 @@ +import datetime + +from workos.types.authorization.organization_role import OrganizationRole + + +class MockOrganizationRole(OrganizationRole): + def __init__( + self, + id: str, + organization_id: str = "org_01EHT88Z8J8795GZNQ4ZP1J81T", + ): + now = datetime.datetime.now().isoformat() + super().__init__( + object="role", + id=id, + organization_id=organization_id, + name="Admin", + slug="admin", + description="Organization admin role", + permissions=["documents:read", "documents:write"], + type="OrganizationRole", + created_at=now, + updated_at=now, + ) diff --git a/workos/authorization.py b/workos/authorization.py index 9fb0985f..eb4cbfe8 100644 --- a/workos/authorization.py +++ b/workos/authorization.py @@ -1,6 +1,17 @@ -from typing import Any, Dict, Optional, Protocol +from typing import Any, Dict, Optional, Protocol, Sequence, Union +from pydantic import TypeAdapter + +from workos.types.authorization.environment_role import ( + EnvironmentRole, + EnvironmentRoleList, +) +from workos.types.authorization.organization_role import ( + OrganizationRole, + OrganizationRoleList, +) from workos.types.authorization.permission import Permission +from workos.types.authorization.role import Role, RoleList from workos.types.list_resource import ( ListArgs, ListMetadata, @@ -16,10 +27,13 @@ REQUEST_METHOD_GET, REQUEST_METHOD_PATCH, REQUEST_METHOD_POST, + REQUEST_METHOD_PUT, ) AUTHORIZATION_PERMISSIONS_PATH = "authorization/permissions" +_role_adapter: TypeAdapter[Role] = TypeAdapter(Role) + class PermissionListFilters(ListArgs, total=False): pass @@ -62,6 +76,94 @@ def update_permission( def delete_permission(self, slug: str) -> SyncOrAsync[None]: ... + # Organization Roles + + def create_organization_role( + self, + organization_id: str, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> SyncOrAsync[OrganizationRole]: ... + + def list_organization_roles( + self, organization_id: str + ) -> SyncOrAsync[RoleList]: ... + + def get_organization_role( + self, organization_id: str, slug: str + ) -> SyncOrAsync[Role]: ... + + def update_organization_role( + self, + organization_id: str, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> SyncOrAsync[OrganizationRole]: ... + + def set_organization_role_permissions( + self, + organization_id: str, + slug: str, + *, + permissions: Sequence[str], + ) -> SyncOrAsync[OrganizationRole]: ... + + def add_organization_role_permission( + self, + organization_id: str, + slug: str, + *, + permission_slug: str, + ) -> SyncOrAsync[OrganizationRole]: ... + + def remove_organization_role_permission( + self, + organization_id: str, + slug: str, + *, + permission_slug: str, + ) -> SyncOrAsync[None]: ... + + # Environment Roles + + def create_environment_role( + self, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> SyncOrAsync[EnvironmentRole]: ... + + def list_environment_roles(self) -> SyncOrAsync[EnvironmentRoleList]: ... + + def get_environment_role(self, slug: str) -> SyncOrAsync[EnvironmentRole]: ... + + def update_environment_role( + self, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> SyncOrAsync[EnvironmentRole]: ... + + def set_environment_role_permissions( + self, + slug: str, + *, + permissions: Sequence[str], + ) -> SyncOrAsync[EnvironmentRole]: ... + + def add_environment_role_permission( + self, + slug: str, + *, + permission_slug: str, + ) -> SyncOrAsync[EnvironmentRole]: ... + class Authorization(AuthorizationModule): _http_client: SyncHTTPClient @@ -150,6 +252,194 @@ def delete_permission(self, slug: str) -> None: method=REQUEST_METHOD_DELETE, ) + # Organization Roles + + def create_organization_role( + self, + organization_id: str, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> OrganizationRole: + json: Dict[str, Any] = {"slug": slug, "name": name} + if description is not None: + json["description"] = description + + response = self._http_client.request( + f"authorization/organizations/{organization_id}/roles", + method=REQUEST_METHOD_POST, + json=json, + ) + + return OrganizationRole.model_validate(response) + + def list_organization_roles(self, organization_id: str) -> RoleList: + response = self._http_client.request( + f"authorization/organizations/{organization_id}/roles", + method=REQUEST_METHOD_GET, + ) + + return RoleList.model_validate(response) + + def get_organization_role(self, organization_id: str, slug: str) -> Role: + response = self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}", + method=REQUEST_METHOD_GET, + ) + + return _role_adapter.validate_python(response) + + def update_organization_role( + self, + organization_id: str, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> OrganizationRole: + json: Dict[str, Any] = {} + if name is not None: + json["name"] = name + if description is not None: + json["description"] = description + + response = self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}", + method=REQUEST_METHOD_PATCH, + json=json, + ) + + return OrganizationRole.model_validate(response) + + def set_organization_role_permissions( + self, + organization_id: str, + slug: str, + *, + permissions: Sequence[str], + ) -> OrganizationRole: + response = self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}/permissions", + method=REQUEST_METHOD_PUT, + json={"permissions": list(permissions)}, + ) + + return OrganizationRole.model_validate(response) + + def add_organization_role_permission( + self, + organization_id: str, + slug: str, + *, + permission_slug: str, + ) -> OrganizationRole: + response = self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}/permissions", + method=REQUEST_METHOD_POST, + json={"slug": permission_slug}, + ) + + return OrganizationRole.model_validate(response) + + def remove_organization_role_permission( + self, + organization_id: str, + slug: str, + *, + permission_slug: str, + ) -> None: + self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}/permissions/{permission_slug}", + method=REQUEST_METHOD_DELETE, + ) + + # Environment Roles + + def create_environment_role( + self, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> EnvironmentRole: + json: Dict[str, Any] = {"slug": slug, "name": name} + if description is not None: + json["description"] = description + + response = self._http_client.request( + "authorization/roles", + method=REQUEST_METHOD_POST, + json=json, + ) + + return EnvironmentRole.model_validate(response) + + def list_environment_roles(self) -> EnvironmentRoleList: + response = self._http_client.request( + "authorization/roles", + method=REQUEST_METHOD_GET, + ) + + return EnvironmentRoleList.model_validate(response) + + def get_environment_role(self, slug: str) -> EnvironmentRole: + response = self._http_client.request( + f"authorization/roles/{slug}", + method=REQUEST_METHOD_GET, + ) + + return EnvironmentRole.model_validate(response) + + def update_environment_role( + self, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> EnvironmentRole: + json: Dict[str, Any] = {} + if name is not None: + json["name"] = name + if description is not None: + json["description"] = description + + response = self._http_client.request( + f"authorization/roles/{slug}", + method=REQUEST_METHOD_PATCH, + json=json, + ) + + return EnvironmentRole.model_validate(response) + + def set_environment_role_permissions( + self, + slug: str, + *, + permissions: Sequence[str], + ) -> EnvironmentRole: + response = self._http_client.request( + f"authorization/roles/{slug}/permissions", + method=REQUEST_METHOD_PUT, + json={"permissions": list(permissions)}, + ) + + return EnvironmentRole.model_validate(response) + + def add_environment_role_permission( + self, + slug: str, + *, + permission_slug: str, + ) -> EnvironmentRole: + response = self._http_client.request( + f"authorization/roles/{slug}/permissions", + method=REQUEST_METHOD_POST, + json={"slug": permission_slug}, + ) + + return EnvironmentRole.model_validate(response) + class AsyncAuthorization(AuthorizationModule): _http_client: AsyncHTTPClient @@ -237,3 +527,191 @@ async def delete_permission(self, slug: str) -> None: f"{AUTHORIZATION_PERMISSIONS_PATH}/{slug}", method=REQUEST_METHOD_DELETE, ) + + # Organization Roles + + async def create_organization_role( + self, + organization_id: str, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> OrganizationRole: + json: Dict[str, Any] = {"slug": slug, "name": name} + if description is not None: + json["description"] = description + + response = await self._http_client.request( + f"authorization/organizations/{organization_id}/roles", + method=REQUEST_METHOD_POST, + json=json, + ) + + return OrganizationRole.model_validate(response) + + async def list_organization_roles(self, organization_id: str) -> RoleList: + response = await self._http_client.request( + f"authorization/organizations/{organization_id}/roles", + method=REQUEST_METHOD_GET, + ) + + return RoleList.model_validate(response) + + async def get_organization_role(self, organization_id: str, slug: str) -> Role: + response = await self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}", + method=REQUEST_METHOD_GET, + ) + + return _role_adapter.validate_python(response) + + async def update_organization_role( + self, + organization_id: str, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> OrganizationRole: + json: Dict[str, Any] = {} + if name is not None: + json["name"] = name + if description is not None: + json["description"] = description + + response = await self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}", + method=REQUEST_METHOD_PATCH, + json=json, + ) + + return OrganizationRole.model_validate(response) + + async def set_organization_role_permissions( + self, + organization_id: str, + slug: str, + *, + permissions: Sequence[str], + ) -> OrganizationRole: + response = await self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}/permissions", + method=REQUEST_METHOD_PUT, + json={"permissions": list(permissions)}, + ) + + return OrganizationRole.model_validate(response) + + async def add_organization_role_permission( + self, + organization_id: str, + slug: str, + *, + permission_slug: str, + ) -> OrganizationRole: + response = await self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}/permissions", + method=REQUEST_METHOD_POST, + json={"slug": permission_slug}, + ) + + return OrganizationRole.model_validate(response) + + async def remove_organization_role_permission( + self, + organization_id: str, + slug: str, + *, + permission_slug: str, + ) -> None: + await self._http_client.request( + f"authorization/organizations/{organization_id}/roles/{slug}/permissions/{permission_slug}", + method=REQUEST_METHOD_DELETE, + ) + + # Environment Roles + + async def create_environment_role( + self, + *, + slug: str, + name: str, + description: Optional[str] = None, + ) -> EnvironmentRole: + json: Dict[str, Any] = {"slug": slug, "name": name} + if description is not None: + json["description"] = description + + response = await self._http_client.request( + "authorization/roles", + method=REQUEST_METHOD_POST, + json=json, + ) + + return EnvironmentRole.model_validate(response) + + async def list_environment_roles(self) -> EnvironmentRoleList: + response = await self._http_client.request( + "authorization/roles", + method=REQUEST_METHOD_GET, + ) + + return EnvironmentRoleList.model_validate(response) + + async def get_environment_role(self, slug: str) -> EnvironmentRole: + response = await self._http_client.request( + f"authorization/roles/{slug}", + method=REQUEST_METHOD_GET, + ) + + return EnvironmentRole.model_validate(response) + + async def update_environment_role( + self, + slug: str, + *, + name: Optional[str] = None, + description: Optional[str] = None, + ) -> EnvironmentRole: + json: Dict[str, Any] = {} + if name is not None: + json["name"] = name + if description is not None: + json["description"] = description + + response = await self._http_client.request( + f"authorization/roles/{slug}", + method=REQUEST_METHOD_PATCH, + json=json, + ) + + return EnvironmentRole.model_validate(response) + + async def set_environment_role_permissions( + self, + slug: str, + *, + permissions: Sequence[str], + ) -> EnvironmentRole: + response = await self._http_client.request( + f"authorization/roles/{slug}/permissions", + method=REQUEST_METHOD_PUT, + json={"permissions": list(permissions)}, + ) + + return EnvironmentRole.model_validate(response) + + async def add_environment_role_permission( + self, + slug: str, + *, + permission_slug: str, + ) -> EnvironmentRole: + response = await self._http_client.request( + f"authorization/roles/{slug}/permissions", + method=REQUEST_METHOD_POST, + json={"slug": permission_slug}, + ) + + return EnvironmentRole.model_validate(response) diff --git a/workos/types/authorization/__init__.py b/workos/types/authorization/__init__.py index 19893511..33cde309 100644 --- a/workos/types/authorization/__init__.py +++ b/workos/types/authorization/__init__.py @@ -1,3 +1,16 @@ +from workos.types.authorization.environment_role import ( + EnvironmentRole as EnvironmentRole, + EnvironmentRoleList as EnvironmentRoleList, +) +from workos.types.authorization.organization_role import ( + OrganizationRole as OrganizationRole, + OrganizationRoleEvent as OrganizationRoleEvent, + OrganizationRoleList as OrganizationRoleList, +) from workos.types.authorization.permission import ( Permission as Permission, ) +from workos.types.authorization.role import ( + Role as Role, + RoleList as RoleList, +) diff --git a/workos/types/authorization/environment_role.py b/workos/types/authorization/environment_role.py new file mode 100644 index 00000000..a73d8ed5 --- /dev/null +++ b/workos/types/authorization/environment_role.py @@ -0,0 +1,20 @@ +from typing import Literal, Optional, Sequence + +from workos.types.workos_model import WorkOSModel + + +class EnvironmentRole(WorkOSModel): + object: Literal["role"] + id: str + name: str + slug: str + description: Optional[str] = None + permissions: Sequence[str] + type: Literal["EnvironmentRole"] + created_at: str + updated_at: str + + +class EnvironmentRoleList(WorkOSModel): + object: Literal["list"] + data: Sequence[EnvironmentRole] diff --git a/workos/types/authorization/organization_role.py b/workos/types/authorization/organization_role.py new file mode 100644 index 00000000..2e343ad6 --- /dev/null +++ b/workos/types/authorization/organization_role.py @@ -0,0 +1,34 @@ +from typing import Literal, Optional, Sequence + +from workos.types.workos_model import WorkOSModel + + +class OrganizationRole(WorkOSModel): + object: Literal["role"] + id: str + name: str + slug: str + description: Optional[str] = None + permissions: Sequence[str] + type: Literal["OrganizationRole"] + created_at: str + updated_at: str + + +class OrganizationRoleEvent(WorkOSModel): + """Organization role type for Events API responses.""" + + object: Literal["organization_role"] + organization_id: str + slug: str + name: str + description: Optional[str] = None + resource_type_slug: str + permissions: Sequence[str] + created_at: str + updated_at: str + + +class OrganizationRoleList(WorkOSModel): + object: Literal["list"] + data: Sequence[OrganizationRole] diff --git a/workos/types/authorization/role.py b/workos/types/authorization/role.py new file mode 100644 index 00000000..7ea6f747 --- /dev/null +++ b/workos/types/authorization/role.py @@ -0,0 +1,18 @@ +from typing import Literal, Sequence, Union + +from pydantic import Field +from typing_extensions import Annotated + +from workos.types.authorization.environment_role import EnvironmentRole +from workos.types.authorization.organization_role import OrganizationRole +from workos.types.workos_model import WorkOSModel + +Role = Annotated[ + Union[EnvironmentRole, OrganizationRole], + Field(discriminator="type"), +] + + +class RoleList(WorkOSModel): + object: Literal["list"] + data: Sequence[Role] diff --git a/workos/types/events/event.py b/workos/types/events/event.py index 6df63091..fa5bd63f 100644 --- a/workos/types/events/event.py +++ b/workos/types/events/event.py @@ -32,6 +32,8 @@ from workos.types.events.directory_user_with_previous_attributes import ( DirectoryUserWithPreviousAttributes, ) +from workos.types.authorization.organization_role import OrganizationRoleEvent +from workos.types.authorization.permission import Permission from workos.types.events.event_model import EventModel from workos.types.events.organization_domain_verification_failed_payload import ( OrganizationDomainVerificationFailedPayload, @@ -225,6 +227,18 @@ class OrganizationMembershipUpdatedEvent(EventModel[OrganizationMembership]): event: Literal["organization_membership.updated"] +class OrganizationRoleCreatedEvent(EventModel[OrganizationRoleEvent]): + event: Literal["organization_role.created"] + + +class OrganizationRoleUpdatedEvent(EventModel[OrganizationRoleEvent]): + event: Literal["organization_role.updated"] + + +class OrganizationRoleDeletedEvent(EventModel[OrganizationRoleEvent]): + event: Literal["organization_role.deleted"] + + class PasswordResetCreatedEvent(EventModel[PasswordResetCommon]): event: Literal["password_reset.created"] @@ -233,6 +247,18 @@ class PasswordResetSucceededEvent(EventModel[PasswordResetCommon]): event: Literal["password_reset.succeeded"] +class PermissionCreatedEvent(EventModel[Permission]): + event: Literal["permission.created"] + + +class PermissionUpdatedEvent(EventModel[Permission]): + event: Literal["permission.updated"] + + +class PermissionDeletedEvent(EventModel[Permission]): + event: Literal["permission.deleted"] + + class RoleCreatedEvent(EventModel[EventRole]): event: Literal["role.created"] @@ -302,8 +328,14 @@ class UserUpdatedEvent(EventModel[User]): OrganizationMembershipCreatedEvent, OrganizationMembershipDeletedEvent, OrganizationMembershipUpdatedEvent, + OrganizationRoleCreatedEvent, + OrganizationRoleUpdatedEvent, + OrganizationRoleDeletedEvent, PasswordResetCreatedEvent, PasswordResetSucceededEvent, + PermissionCreatedEvent, + PermissionUpdatedEvent, + PermissionDeletedEvent, RoleCreatedEvent, RoleDeletedEvent, RoleUpdatedEvent, diff --git a/workos/types/events/event_model.py b/workos/types/events/event_model.py index 24443a52..dec276ae 100644 --- a/workos/types/events/event_model.py +++ b/workos/types/events/event_model.py @@ -38,6 +38,11 @@ from workos.types.events.session_created_payload import SessionCreatedPayload from workos.types.organizations.organization_common import OrganizationCommon from workos.types.organization_domains import OrganizationDomain +from workos.types.authorization.organization_role import ( + OrganizationRole, + OrganizationRoleEvent, +) +from workos.types.authorization.permission import Permission from workos.types.roles.role import EventRole from workos.types.sso.connection import Connection from workos.types.user_management.email_verification import ( @@ -79,7 +84,10 @@ OrganizationDomain, OrganizationDomainVerificationFailedPayload, OrganizationMembership, + OrganizationRole, + OrganizationRoleEvent, PasswordResetCommon, + Permission, SessionCreatedPayload, User, ) diff --git a/workos/types/events/event_type.py b/workos/types/events/event_type.py index 79856e54..8ba263e3 100644 --- a/workos/types/events/event_type.py +++ b/workos/types/events/event_type.py @@ -44,8 +44,14 @@ "organization_membership.created", "organization_membership.deleted", "organization_membership.updated", + "organization_role.created", + "organization_role.updated", + "organization_role.deleted", "password_reset.created", "password_reset.succeeded", + "permission.created", + "permission.updated", + "permission.deleted", "role.created", "role.deleted", "role.updated", diff --git a/workos/types/webhooks/webhook.py b/workos/types/webhooks/webhook.py index afe9e9ff..3a4c21b3 100644 --- a/workos/types/webhooks/webhook.py +++ b/workos/types/webhooks/webhook.py @@ -37,6 +37,8 @@ OrganizationDomainVerificationFailedPayload, ) from workos.types.events.session_created_payload import SessionCreatedPayload +from workos.types.authorization.organization_role import OrganizationRole +from workos.types.authorization.permission import Permission from workos.types.organization_domains import OrganizationDomain from workos.types.organizations.organization_common import OrganizationCommon from workos.types.roles.role import EventRole @@ -231,6 +233,18 @@ class OrganizationMembershipUpdatedWebhook(WebhookModel[OrganizationMembership]) event: Literal["organization_membership.updated"] +class OrganizationRoleCreatedWebhook(WebhookModel[OrganizationRole]): + event: Literal["organization_role.created"] + + +class OrganizationRoleUpdatedWebhook(WebhookModel[OrganizationRole]): + event: Literal["organization_role.updated"] + + +class OrganizationRoleDeletedWebhook(WebhookModel[OrganizationRole]): + event: Literal["organization_role.deleted"] + + class PasswordResetCreatedWebhook(WebhookModel[PasswordResetCommon]): event: Literal["password_reset.created"] @@ -239,6 +253,18 @@ class PasswordResetSucceededWebhook(WebhookModel[PasswordResetCommon]): event: Literal["password_reset.succeeded"] +class PermissionCreatedWebhook(WebhookModel[Permission]): + event: Literal["permission.created"] + + +class PermissionUpdatedWebhook(WebhookModel[Permission]): + event: Literal["permission.updated"] + + +class PermissionDeletedWebhook(WebhookModel[Permission]): + event: Literal["permission.deleted"] + + class RoleCreatedWebhook(WebhookModel[EventRole]): event: Literal["role.created"] @@ -308,8 +334,14 @@ class UserUpdatedWebhook(WebhookModel[User]): OrganizationMembershipCreatedWebhook, OrganizationMembershipDeletedWebhook, OrganizationMembershipUpdatedWebhook, + OrganizationRoleCreatedWebhook, + OrganizationRoleUpdatedWebhook, + OrganizationRoleDeletedWebhook, PasswordResetCreatedWebhook, PasswordResetSucceededWebhook, + PermissionCreatedWebhook, + PermissionUpdatedWebhook, + PermissionDeletedWebhook, RoleCreatedWebhook, RoleDeletedWebhook, RoleUpdatedWebhook,