From 4fb08386d6372c0a99126a5ada10380a7a354b88 Mon Sep 17 00:00:00 2001 From: "Garen J. Torikian" Date: Fri, 19 Jun 2026 11:09:12 -0400 Subject: [PATCH] feat(authorization): own the Authorization service via oagen Bring Authorization under oagen ownership, regenerated from the published baseline (10.2.0) so the public surface is preserved: - Role CRUD responses use the full OrganizationRole / EnvironmentRole wire types (org-scoped vs top-level); the slim Role/RoleResponse stays reserved for SSO/UserManagement. RoleList shim lives under src/roles. - Role-assignment methods keep their published names and RoleAssignment (string-timestamp) return types: listResourceRoleAssignments is preserved (not renamed), and assignRole stays on RoleAssignment. - Hand-owned option interfaces, fixtures, and the relocated UpdateAuthorizationResourceOptions fill gaps oagen can't express; dead per-options serializers are removed in favor of inline wire serializers. Generated with the instability-1 extractor/emitter fixes so options-type names stay stable across regenerations. (Manifest tracks 94 generated files.) Co-Authored-By: Claude Opus 4.8 (1M context) --- .oagen-manifest.json | 94 + src/authorization/authorization.spec.ts | 3111 ++++------------- src/authorization/authorization.ts | 1994 ++++++----- .../fixtures/add-role-permission.json | 3 + src/authorization/fixtures/assign-role.json | 6 + .../fixtures/authorization-check.json | 3 + .../fixtures/authorization-permission.json | 11 + .../fixtures/authorization-resource.json | 18 +- .../fixtures/check-authorization.json | 6 + .../create-authorization-permission.json | 6 + .../create-authorization-resource.json | 10 + .../fixtures/create-organization-role.json | 6 + src/authorization/fixtures/create-role.json | 6 + .../list-authorization-permission.json | 19 + .../fixtures/list-authorization-resource.json | 20 + ...rganization-membership-base-list-data.json | 42 + .../fixtures/list-user-role-assignment.json | 23 + src/authorization/fixtures/permission.json | 14 +- src/authorization/fixtures/remove-role.json | 6 + .../fixtures/set-role-permissions.json | 8 + src/authorization/fixtures/slim-role.json | 3 + .../update-authorization-permission.json | 4 + .../update-authorization-resource.json | 7 + .../fixtures/update-organization-role.json | 4 + src/authorization/fixtures/update-role.json | 4 + .../user-role-assignment-resource.json | 5 + .../fixtures/user-role-assignment.json | 15 + ...nment-role-permission-options.interface.ts | 7 +- ...ation-role-permission-options.interface.ts | 9 +- .../add-role-permission.interface.ts | 10 + .../assign-role-options.interface.ts | 32 +- .../interfaces/assign-role.interface.ts | 19 + .../authorization-assignment.interface.ts | 9 + .../authorization-check.interface.ts | 10 + .../authorization-permission.interface.ts | 34 + .../authorization-resource.interface.ts | 68 +- .../check-authorization.interface.ts | 19 + .../interfaces/check-options.interface.ts | 14 + ...eate-authorization-permission.interface.ts | 19 + ...create-authorization-resource.interface.ts | 31 + ...ate-organization-role-options.interface.ts | 17 +- .../create-organization-role.interface.ts | 19 + .../create-resource-options.interface.ts | 20 + .../interfaces/create-role.interface.ts | 19 + ...ete-organization-role-options.interface.ts | 8 + .../delete-permission-options.interface.ts | 6 + .../get-environment-role-options.interface.ts | 6 + ...get-organization-role-options.interface.ts | 8 + .../get-permission-options.interface.ts | 6 + .../get-resource-options.interface.ts | 6 + src/authorization/interfaces/index.ts | 85 +- ...thorization-resources-options.interface.ts | 2 + ...st-organization-roles-options.interface.ts | 6 + ...ources-for-membership-options.interface.ts | 34 +- .../interfaces/pagination-order.interface.ts | 10 + .../interfaces/permission.interface.ts | 19 +- ...ation-role-permission-options.interface.ts | 7 + .../remove-role-options.interface.ts | 32 +- .../interfaces/remove-role.interface.ts | 19 + .../interfaces/role-type.interface.ts | 8 + ...ment-role-permissions-options.interface.ts | 5 + ...tion-role-permissions-options.interface.ts | 7 + .../set-role-permissions.interface.ts | 10 + .../interfaces/slim-role.interface.ts | 11 + ...date-authorization-permission.interface.ts | 10 + ...source-by-external-id-options.interface.ts | 1 + ...uthorization-resource-options.interface.ts | 11 + ...update-authorization-resource.interface.ts | 22 + ...date-environment-role-options.interface.ts | 11 +- ...ate-organization-role-options.interface.ts | 13 +- .../update-organization-role.interface.ts | 13 + .../update-permission-options.interface.ts | 11 +- .../interfaces/update-role.interface.ts | 13 + ...user-role-assignment-resource.interface.ts | 17 + .../user-role-assignment.interface.ts | 34 + src/authorization/serializers.spec.ts | 25 + .../add-role-permission.serializer.ts | 12 + .../assign-role-options.serializer.ts | 15 - .../serializers/assign-role.serializer.ts | 13 + .../authorization-check-options.serializer.ts | 15 - .../authorization-check.serializer.ts | 12 + .../authorization-permission.serializer.ts | 20 + .../authorization-resource.serializer.ts | 26 +- .../check-authorization.serializer.ts | 15 + ...ate-authorization-permission.serializer.ts | 15 + ...thorization-resource-options.serializer.ts | 23 - ...reate-authorization-resource.serializer.ts | 19 + ...ate-environment-role-options.serializer.ts | 13 - ...te-organization-role-options.serializer.ts | 13 - .../create-organization-role.serializer.ts | 15 + .../create-permission-options.serializer.ts | 13 - .../serializers/create-role.serializer.ts | 13 + src/authorization/serializers/index.ts | 43 +- ...horization-resources-options.serializer.ts | 26 - ...ffective-permissions-options.serializer.ts | 13 - ...erships-for-resource-options.serializer.ts | 15 - ...urces-for-membership-options.serializer.ts | 19 - ...gnments-for-resource-options.serializer.ts | 14 - ...ist-role-assignments-options.serializer.ts | 18 - .../serializers/permission.serializer.ts | 24 +- .../remove-role-options.serializer.ts | 15 - .../serializers/remove-role.serializer.ts | 13 + .../set-role-permissions.serializer.ts | 12 + .../serializers/slim-role.serializer.ts | 14 + ...ate-authorization-permission.serializer.ts | 3 + ...ource-by-external-id-options.serializer.ts | 11 - ...thorization-resource-options.serializer.ts | 13 - ...pdate-authorization-resource.serializer.ts | 16 + ...ate-environment-role-options.serializer.ts | 11 - ...te-organization-role-options.serializer.ts | 11 - .../update-organization-role.serializer.ts | 13 + .../update-permission-options.serializer.ts | 11 - .../serializers/update-role.serializer.ts | 11 + ...ser-role-assignment-resource.serializer.ts | 14 + .../user-role-assignment.serializer.ts | 20 + src/common/fixtures/environment-role.json | 12 + src/common/fixtures/organization-role.json | 12 + src/common/fixtures/role-assignment.json | 15 + src/roles/fixtures/role-list.json | 41 + src/roles/interfaces/index.ts | 1 + src/roles/interfaces/role-list.interface.ts | 8 + src/roles/serializers/role-list.serializer.ts | 8 + 122 files changed, 3095 insertions(+), 3894 deletions(-) create mode 100644 src/authorization/fixtures/add-role-permission.json create mode 100644 src/authorization/fixtures/assign-role.json create mode 100644 src/authorization/fixtures/authorization-check.json create mode 100644 src/authorization/fixtures/authorization-permission.json create mode 100644 src/authorization/fixtures/check-authorization.json create mode 100644 src/authorization/fixtures/create-authorization-permission.json create mode 100644 src/authorization/fixtures/create-authorization-resource.json create mode 100644 src/authorization/fixtures/create-organization-role.json create mode 100644 src/authorization/fixtures/create-role.json create mode 100644 src/authorization/fixtures/list-authorization-permission.json create mode 100644 src/authorization/fixtures/list-authorization-resource.json create mode 100644 src/authorization/fixtures/list-user-organization-membership-base-list-data.json create mode 100644 src/authorization/fixtures/list-user-role-assignment.json create mode 100644 src/authorization/fixtures/remove-role.json create mode 100644 src/authorization/fixtures/set-role-permissions.json create mode 100644 src/authorization/fixtures/slim-role.json create mode 100644 src/authorization/fixtures/update-authorization-permission.json create mode 100644 src/authorization/fixtures/update-authorization-resource.json create mode 100644 src/authorization/fixtures/update-organization-role.json create mode 100644 src/authorization/fixtures/update-role.json create mode 100644 src/authorization/fixtures/user-role-assignment-resource.json create mode 100644 src/authorization/fixtures/user-role-assignment.json create mode 100644 src/authorization/interfaces/add-role-permission.interface.ts create mode 100644 src/authorization/interfaces/assign-role.interface.ts create mode 100644 src/authorization/interfaces/authorization-assignment.interface.ts create mode 100644 src/authorization/interfaces/authorization-check.interface.ts create mode 100644 src/authorization/interfaces/authorization-permission.interface.ts create mode 100644 src/authorization/interfaces/check-authorization.interface.ts create mode 100644 src/authorization/interfaces/check-options.interface.ts create mode 100644 src/authorization/interfaces/create-authorization-permission.interface.ts create mode 100644 src/authorization/interfaces/create-authorization-resource.interface.ts create mode 100644 src/authorization/interfaces/create-organization-role.interface.ts create mode 100644 src/authorization/interfaces/create-resource-options.interface.ts create mode 100644 src/authorization/interfaces/create-role.interface.ts create mode 100644 src/authorization/interfaces/delete-organization-role-options.interface.ts create mode 100644 src/authorization/interfaces/delete-permission-options.interface.ts create mode 100644 src/authorization/interfaces/get-environment-role-options.interface.ts create mode 100644 src/authorization/interfaces/get-organization-role-options.interface.ts create mode 100644 src/authorization/interfaces/get-permission-options.interface.ts create mode 100644 src/authorization/interfaces/get-resource-options.interface.ts create mode 100644 src/authorization/interfaces/list-organization-roles-options.interface.ts create mode 100644 src/authorization/interfaces/pagination-order.interface.ts create mode 100644 src/authorization/interfaces/remove-role.interface.ts create mode 100644 src/authorization/interfaces/role-type.interface.ts create mode 100644 src/authorization/interfaces/set-role-permissions.interface.ts create mode 100644 src/authorization/interfaces/slim-role.interface.ts create mode 100644 src/authorization/interfaces/update-authorization-permission.interface.ts create mode 100644 src/authorization/interfaces/update-authorization-resource-options.interface.ts create mode 100644 src/authorization/interfaces/update-authorization-resource.interface.ts create mode 100644 src/authorization/interfaces/update-organization-role.interface.ts create mode 100644 src/authorization/interfaces/update-role.interface.ts create mode 100644 src/authorization/interfaces/user-role-assignment-resource.interface.ts create mode 100644 src/authorization/interfaces/user-role-assignment.interface.ts create mode 100644 src/authorization/serializers.spec.ts create mode 100644 src/authorization/serializers/add-role-permission.serializer.ts delete mode 100644 src/authorization/serializers/assign-role-options.serializer.ts create mode 100644 src/authorization/serializers/assign-role.serializer.ts delete mode 100644 src/authorization/serializers/authorization-check-options.serializer.ts create mode 100644 src/authorization/serializers/authorization-check.serializer.ts create mode 100644 src/authorization/serializers/authorization-permission.serializer.ts create mode 100644 src/authorization/serializers/check-authorization.serializer.ts create mode 100644 src/authorization/serializers/create-authorization-permission.serializer.ts delete mode 100644 src/authorization/serializers/create-authorization-resource-options.serializer.ts create mode 100644 src/authorization/serializers/create-authorization-resource.serializer.ts delete mode 100644 src/authorization/serializers/create-environment-role-options.serializer.ts delete mode 100644 src/authorization/serializers/create-organization-role-options.serializer.ts create mode 100644 src/authorization/serializers/create-organization-role.serializer.ts delete mode 100644 src/authorization/serializers/create-permission-options.serializer.ts create mode 100644 src/authorization/serializers/create-role.serializer.ts delete mode 100644 src/authorization/serializers/list-authorization-resources-options.serializer.ts delete mode 100644 src/authorization/serializers/list-effective-permissions-options.serializer.ts delete mode 100644 src/authorization/serializers/list-memberships-for-resource-options.serializer.ts delete mode 100644 src/authorization/serializers/list-resources-for-membership-options.serializer.ts delete mode 100644 src/authorization/serializers/list-role-assignments-for-resource-options.serializer.ts delete mode 100644 src/authorization/serializers/list-role-assignments-options.serializer.ts delete mode 100644 src/authorization/serializers/remove-role-options.serializer.ts create mode 100644 src/authorization/serializers/remove-role.serializer.ts create mode 100644 src/authorization/serializers/set-role-permissions.serializer.ts create mode 100644 src/authorization/serializers/slim-role.serializer.ts create mode 100644 src/authorization/serializers/update-authorization-permission.serializer.ts delete mode 100644 src/authorization/serializers/update-authorization-resource-by-external-id-options.serializer.ts delete mode 100644 src/authorization/serializers/update-authorization-resource-options.serializer.ts create mode 100644 src/authorization/serializers/update-authorization-resource.serializer.ts delete mode 100644 src/authorization/serializers/update-environment-role-options.serializer.ts delete mode 100644 src/authorization/serializers/update-organization-role-options.serializer.ts create mode 100644 src/authorization/serializers/update-organization-role.serializer.ts delete mode 100644 src/authorization/serializers/update-permission-options.serializer.ts create mode 100644 src/authorization/serializers/update-role.serializer.ts create mode 100644 src/authorization/serializers/user-role-assignment-resource.serializer.ts create mode 100644 src/authorization/serializers/user-role-assignment.serializer.ts create mode 100644 src/common/fixtures/environment-role.json create mode 100644 src/common/fixtures/organization-role.json create mode 100644 src/common/fixtures/role-assignment.json create mode 100644 src/roles/fixtures/role-list.json create mode 100644 src/roles/interfaces/role-list.interface.ts create mode 100644 src/roles/serializers/role-list.serializer.ts diff --git a/.oagen-manifest.json b/.oagen-manifest.json index ba29803e3..597bab9a5 100644 --- a/.oagen-manifest.json +++ b/.oagen-manifest.json @@ -5,6 +5,100 @@ "files": [ "src/api-keys/interfaces/create-validation-options.interface.ts", "src/api-keys/interfaces/delete-api-key-options.interface.ts", + "src/authorization/authorization.spec.ts", + "src/authorization/authorization.ts", + "src/authorization/fixtures/add-role-permission.json", + "src/authorization/fixtures/assign-role.json", + "src/authorization/fixtures/authorization-check.json", + "src/authorization/fixtures/authorization-permission.json", + "src/authorization/fixtures/authorization-resource.json", + "src/authorization/fixtures/check-authorization.json", + "src/authorization/fixtures/create-authorization-permission.json", + "src/authorization/fixtures/create-authorization-resource.json", + "src/authorization/fixtures/create-organization-role.json", + "src/authorization/fixtures/create-role.json", + "src/authorization/fixtures/list-authorization-permission.json", + "src/authorization/fixtures/list-authorization-resource.json", + "src/authorization/fixtures/list-user-organization-membership-base-list-data.json", + "src/authorization/fixtures/list-user-role-assignment.json", + "src/authorization/fixtures/permission.json", + "src/authorization/fixtures/remove-role.json", + "src/authorization/fixtures/set-role-permissions.json", + "src/authorization/fixtures/slim-role.json", + "src/authorization/fixtures/update-authorization-permission.json", + "src/authorization/fixtures/update-authorization-resource.json", + "src/authorization/fixtures/update-organization-role.json", + "src/authorization/fixtures/update-role.json", + "src/authorization/fixtures/user-role-assignment-resource.json", + "src/authorization/fixtures/user-role-assignment.json", + "src/authorization/interfaces/add-environment-role-permission-options.interface.ts", + "src/authorization/interfaces/add-organization-role-permission-options.interface.ts", + "src/authorization/interfaces/add-role-permission.interface.ts", + "src/authorization/interfaces/assign-role-options.interface.ts", + "src/authorization/interfaces/assign-role.interface.ts", + "src/authorization/interfaces/authorization-assignment.interface.ts", + "src/authorization/interfaces/authorization-check.interface.ts", + "src/authorization/interfaces/authorization-permission.interface.ts", + "src/authorization/interfaces/authorization-resource.interface.ts", + "src/authorization/interfaces/check-authorization.interface.ts", + "src/authorization/interfaces/check-options.interface.ts", + "src/authorization/interfaces/create-authorization-permission.interface.ts", + "src/authorization/interfaces/create-authorization-resource.interface.ts", + "src/authorization/interfaces/create-organization-role-options.interface.ts", + "src/authorization/interfaces/create-organization-role.interface.ts", + "src/authorization/interfaces/create-resource-options.interface.ts", + "src/authorization/interfaces/create-role.interface.ts", + "src/authorization/interfaces/delete-organization-role-options.interface.ts", + "src/authorization/interfaces/delete-permission-options.interface.ts", + "src/authorization/interfaces/get-environment-role-options.interface.ts", + "src/authorization/interfaces/get-organization-role-options.interface.ts", + "src/authorization/interfaces/get-permission-options.interface.ts", + "src/authorization/interfaces/get-resource-options.interface.ts", + "src/authorization/interfaces/index.ts", + "src/authorization/interfaces/list-organization-roles-options.interface.ts", + "src/authorization/interfaces/list-resources-for-membership-options.interface.ts", + "src/authorization/interfaces/list-role-assignments-for-resource-by-external-id-options.interface.ts", + "src/authorization/interfaces/pagination-order.interface.ts", + "src/authorization/interfaces/permission.interface.ts", + "src/authorization/interfaces/remove-organization-role-permission-options.interface.ts", + "src/authorization/interfaces/remove-role-options.interface.ts", + "src/authorization/interfaces/remove-role.interface.ts", + "src/authorization/interfaces/role-type.interface.ts", + "src/authorization/interfaces/set-environment-role-permissions-options.interface.ts", + "src/authorization/interfaces/set-organization-role-permissions-options.interface.ts", + "src/authorization/interfaces/set-role-permissions.interface.ts", + "src/authorization/interfaces/slim-role.interface.ts", + "src/authorization/interfaces/update-authorization-permission.interface.ts", + "src/authorization/interfaces/update-authorization-resource.interface.ts", + "src/authorization/interfaces/update-environment-role-options.interface.ts", + "src/authorization/interfaces/update-organization-role-options.interface.ts", + "src/authorization/interfaces/update-organization-role.interface.ts", + "src/authorization/interfaces/update-permission-options.interface.ts", + "src/authorization/interfaces/update-role.interface.ts", + "src/authorization/interfaces/user-role-assignment-resource.interface.ts", + "src/authorization/interfaces/user-role-assignment.interface.ts", + "src/authorization/serializers.spec.ts", + "src/authorization/serializers/add-role-permission.serializer.ts", + "src/authorization/serializers/assign-role.serializer.ts", + "src/authorization/serializers/authorization-check.serializer.ts", + "src/authorization/serializers/authorization-permission.serializer.ts", + "src/authorization/serializers/authorization-resource.serializer.ts", + "src/authorization/serializers/check-authorization.serializer.ts", + "src/authorization/serializers/create-authorization-permission.serializer.ts", + "src/authorization/serializers/create-authorization-resource.serializer.ts", + "src/authorization/serializers/create-organization-role.serializer.ts", + "src/authorization/serializers/create-role.serializer.ts", + "src/authorization/serializers/index.ts", + "src/authorization/serializers/permission.serializer.ts", + "src/authorization/serializers/remove-role.serializer.ts", + "src/authorization/serializers/set-role-permissions.serializer.ts", + "src/authorization/serializers/slim-role.serializer.ts", + "src/authorization/serializers/update-authorization-permission.serializer.ts", + "src/authorization/serializers/update-authorization-resource.serializer.ts", + "src/authorization/serializers/update-organization-role.serializer.ts", + "src/authorization/serializers/update-role.serializer.ts", + "src/authorization/serializers/user-role-assignment-resource.serializer.ts", + "src/authorization/serializers/user-role-assignment.serializer.ts", "src/connect/connect.spec.ts", "src/connect/connect.ts", "src/connect/fixtures/application-credentials-list-item.json", diff --git a/src/authorization/authorization.spec.ts b/src/authorization/authorization.spec.ts index cb8aa8bd4..321e5f7a8 100644 --- a/src/authorization/authorization.spec.ts +++ b/src/authorization/authorization.spec.ts @@ -1,2722 +1,839 @@ +// This file is auto-generated by oagen. Do not edit. + import fetch from 'jest-fetch-mock'; import { fetchOnce, fetchURL, + fetchMethod, fetchSearchParams, fetchBody, } from '../common/utils/test-utils'; import { WorkOS } from '../workos'; -import environmentRoleFixture from './fixtures/environment-role.json'; -import listEnvironmentRolesFixture from './fixtures/list-environment-roles.json'; -import organizationRoleFixture from './fixtures/organization-role.json'; -import listOrganizationRolesFixture from './fixtures/list-organization-roles.json'; -import permissionFixture from './fixtures/permission.json'; -import listPermissionsFixture from './fixtures/list-permissions.json'; + +import authorizationCheckFixture from './fixtures/authorization-check.json'; +import listAuthorizationResourceFixture from './fixtures/list-authorization-resource.json'; +import listAuthorizationPermissionFixture from './fixtures/list-authorization-permission.json'; +import listUserRoleAssignmentFixture from './fixtures/list-user-role-assignment.json'; +import roleAssignmentFixture from '../common/fixtures/role-assignment.json'; +import roleListFixture from '../roles/fixtures/role-list.json'; +import organizationRoleFixture from '../common/fixtures/organization-role.json'; import authorizationResourceFixture from './fixtures/authorization-resource.json'; -import listResourcesFixture from './fixtures/list-resources.json'; -import roleAssignmentFixture from './fixtures/role-assignment.json'; -import listRoleAssignmentsFixture from './fixtures/list-role-assignments.json'; -import listOrganizationMembershipsForResourceFixture from './fixtures/list-organization-memberships-for-resource.json'; -import listEffectivePermissionsFixture from './fixtures/list-effective-permissions.json'; +import listUserOrganizationMembershipBaseListDataFixture from './fixtures/list-user-organization-membership-base-list-data.json'; +import environmentRoleFixture from '../common/fixtures/environment-role.json'; +import permissionFixture from './fixtures/permission.json'; +import authorizationPermissionFixture from './fixtures/authorization-permission.json'; const workos = new WorkOS('sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU'); -const testOrgId = 'org_01HXYZ123ABC456DEF789ABC'; -const testResourceId = 'authz_resource_01HXYZ123ABC456DEF789ABC'; -const testOrgMembershipId = 'om_01HXYZ123ABC456DEF789ABC'; -const testRoleAssignmentId = 'role_assignment_01HXYZ123ABC456DEF789ABC'; + +function expectAuthorizationResource(result: any) { + expect(result.object).toBe('authorization_resource'); + expect(result.name).toBe('Website Redesign'); + expect(result.description).toBe('Company website redesign project'); + expect(result.organizationId).toBe('org_01EHZNVPK3SFK441A1RGBFSHRT'); + expect(result.parentResourceId).toBe( + 'authz_resource_01HXYZ123456789ABCDEFGHIJ', + ); + expect(result.id).toBe('authz_resource_01HXYZ123456789ABCDEFGH'); + expect(result.externalId).toBe('proj-456'); + expect(result.resourceTypeSlug).toBe('project'); + expect(result.createdAt.toISOString()).toBe('2026-01-15T12:00:00.000Z'); + expect(result.updatedAt.toISOString()).toBe('2026-01-15T12:00:00.000Z'); +} + +function expectAuthorizationPermission(result: any) { + expect(result.object).toBe('permission'); + expect(result.id).toBe('perm_01HXYZ123456789ABCDEFGHIJ'); + expect(result.slug).toBe('documents:read'); + expect(result.name).toBe('View Documents'); + expect(result.description).toBe('Allows viewing document contents'); + expect(result.system).toBe(false); + expect(result.resourceTypeSlug).toBe('workspace'); + expect(result.createdAt.toISOString()).toBe('2026-01-15T12:00:00.000Z'); + expect(result.updatedAt.toISOString()).toBe('2026-01-15T12:00:00.000Z'); +} + +function expectRoleList(result: any) { + expect(result.object).toBe('list'); +} describe('Authorization', () => { beforeEach(() => fetch.resetMocks()); - describe('createEnvironmentRole', () => { - it('creates an environment role', async () => { - fetchOnce(environmentRoleFixture, { status: 201 }); + describe('check', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(authorizationCheckFixture); - const role = await workos.authorization.createEnvironmentRole({ - slug: 'admin', - name: 'Admin', - description: 'Full administrative access', + const result = await workos.authorization.check({ + organizationMembershipId: 'test_organizationMembershipId', + permissionSlug: 'test_permission_slug', }); - expect(fetchURL()).toContain('/authorization/roles'); - expect(fetchBody()).toEqual({ - slug: 'admin', - name: 'Admin', - description: 'Full administrative access', - }); - expect(role).toMatchObject({ - object: 'role', - id: 'role_01HXYZ123ABC456DEF789GHI', - slug: 'admin', - name: 'Admin', - description: 'Full administrative access', - resourceTypeSlug: 'organization', - type: 'EnvironmentRole', - }); - expect(role.permissions).toEqual( - expect.arrayContaining([ - 'users:read', - 'users:write', - 'settings:manage', - ]), + expect(fetchMethod()).toBe('POST'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organization_memberships/test_organizationMembershipId/check', ); + expect(fetchBody()).toEqual( + expect.objectContaining({ permission_slug: 'test_permission_slug' }), + ); + expect(result.authorized).toBe(true); }); + }); - it('creates an environment role with resourceTypeSlug', async () => { - fetchOnce(environmentRoleFixture, { status: 201 }); - - const role = await workos.authorization.createEnvironmentRole({ - slug: 'admin', - name: 'Admin', - description: 'Full administrative access', - resourceTypeSlug: 'organization', - }); - - expect(fetchBody()).toEqual({ - slug: 'admin', - name: 'Admin', - description: 'Full administrative access', - resource_type_slug: 'organization', - }); - expect(role.resourceTypeSlug).toEqual('organization'); - }); + describe('listResourcesForMembership', () => { + it('returns paginated results', async () => { + fetchOnce(listAuthorizationResourceFixture); + + const { data, listMetadata } = + await workos.authorization.listResourcesForMembership({ + organizationMembershipId: 'test_organizationMembershipId', + order: 'desc', + permissionSlug: 'project:read', + parentResourceId: 'authz_resource_01XYZ789', + parentResourceTypeSlug: 'project', + parentResourceExternalId: 'external_project_123', + }); - it('creates an environment role without description', async () => { - fetchOnce( - { ...environmentRoleFixture, description: null }, - { status: 201 }, + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organization_memberships/test_organizationMembershipId/resources', ); - - const role = await workos.authorization.createEnvironmentRole({ - slug: 'member', - name: 'Member', - }); - - expect(fetchBody()).toEqual({ - slug: 'member', - name: 'Member', - }); - expect(role.description).toBeNull(); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); + expectAuthorizationResource(data[0]); }); }); - describe('listEnvironmentRoles', () => { - it('returns environment roles', async () => { - fetchOnce(listEnvironmentRolesFixture); - - const { data, object } = - await workos.authorization.listEnvironmentRoles(); - - expect(fetchURL()).toContain('/authorization/roles'); - expect(object).toEqual('list'); - expect(data).toHaveLength(2); - expect(data).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - object: 'role', - id: 'role_01HXYZ123ABC456DEF789GHI', - slug: 'admin', - name: 'Admin', - resourceTypeSlug: 'organization', - type: 'EnvironmentRole', - }), - expect.objectContaining({ - object: 'role', - id: 'role_01HXYZ123ABC456DEF789GHJ', - slug: 'member', - name: 'Member', - resourceTypeSlug: 'organization', - type: 'EnvironmentRole', - }), - ]), + describe('listEffectivePermissions', () => { + it('returns paginated results', async () => { + fetchOnce(listAuthorizationPermissionFixture); + + const { data, listMetadata } = + await workos.authorization.listEffectivePermissions({ + organizationMembershipId: 'test_organizationMembershipId', + resourceId: 'test_resourceId', + order: 'desc', + }); + + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organization_memberships/test_organizationMembershipId/resources/test_resourceId/permissions', ); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); }); }); - describe('getEnvironmentRole', () => { - it('gets an environment role by slug', async () => { - fetchOnce(environmentRoleFixture); + describe('listEffectivePermissionsByExternalId', () => { + it('returns paginated results', async () => { + fetchOnce(listAuthorizationPermissionFixture); - const role = await workos.authorization.getEnvironmentRole('admin'); - - expect(fetchURL()).toContain('/authorization/roles/admin'); - expect(role).toMatchObject({ - object: 'role', - id: 'role_01HXYZ123ABC456DEF789GHI', - slug: 'admin', - name: 'Admin', - description: 'Full administrative access', - resourceTypeSlug: 'organization', - type: 'EnvironmentRole', - }); + const { data, listMetadata } = + await workos.authorization.listEffectivePermissionsByExternalId({ + organizationMembershipId: 'test_organizationMembershipId', + resourceTypeSlug: 'test_resourceTypeSlug', + externalId: 'test_externalId', + order: 'desc', + }); + + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organization_memberships/test_organizationMembershipId/resources/test_resourceTypeSlug/test_externalId/permissions', + ); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); }); }); - describe('updateEnvironmentRole', () => { - it('updates an environment role', async () => { - const updatedRoleFixture = { - ...environmentRoleFixture, - name: 'Super Admin', - description: 'Updated description', - }; - fetchOnce(updatedRoleFixture); - - const role = await workos.authorization.updateEnvironmentRole('admin', { - name: 'Super Admin', - description: 'Updated description', - }); + describe('listRoleAssignments', () => { + it('returns paginated results', async () => { + fetchOnce(listUserRoleAssignmentFixture); + + const { data, listMetadata } = + await workos.authorization.listRoleAssignments({ + organizationMembershipId: 'test_organizationMembershipId', + order: 'desc', + resourceId: 'authz_resource_01HXYZ123456789ABCDEFGH', + resourceExternalId: 'project-ext-456', + resourceTypeSlug: 'project', + }); - expect(fetchURL()).toContain('/authorization/roles/admin'); - expect(fetchBody()).toEqual({ - name: 'Super Admin', - description: 'Updated description', - }); - expect(role).toMatchObject({ - name: 'Super Admin', - description: 'Updated description', - }); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organization_memberships/test_organizationMembershipId/role_assignments', + ); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); }); + }); - it('clears description when set to null', async () => { - const updatedRoleFixture = { - ...environmentRoleFixture, - description: null, - }; - fetchOnce(updatedRoleFixture); - - const role = await workos.authorization.updateEnvironmentRole('admin', { - description: null, - }); + describe('assignRole', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(roleAssignmentFixture); - expect(fetchBody()).toEqual({ - description: null, + const result = await workos.authorization.assignRole({ + organizationMembershipId: 'test_organizationMembershipId', + roleSlug: 'test_role_slug', }); - expect(role.description).toBeNull(); - }); - }); - describe('setEnvironmentRolePermissions', () => { - it('sets permissions for an environment role', async () => { - const updatedRoleFixture = { - ...environmentRoleFixture, - permissions: ['users:read', 'users:write'], - }; - fetchOnce(updatedRoleFixture); - - const role = await workos.authorization.setEnvironmentRolePermissions( - 'admin', - { permissions: ['users:read', 'users:write'] }, + expect(fetchMethod()).toBe('POST'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organization_memberships/test_organizationMembershipId/role_assignments', ); - - expect(fetchURL()).toContain('/authorization/roles/admin/permissions'); - expect(fetchBody()).toEqual({ - permissions: ['users:read', 'users:write'], - }); - expect(role.permissions).toHaveLength(2); - expect(role.permissions).toEqual( - expect.arrayContaining(['users:read', 'users:write']), + expect(fetchBody()).toEqual( + expect.objectContaining({ role_slug: 'test_role_slug' }), ); + expect(result).toBeDefined(); }); + }); - it('clears all permissions when given empty array', async () => { - const updatedRoleFixture = { ...environmentRoleFixture, permissions: [] }; - fetchOnce(updatedRoleFixture); - - const role = await workos.authorization.setEnvironmentRolePermissions( - 'admin', - { permissions: [] }, - ); + describe('removeRole', () => { + it('sends a DELETE request', async () => { + fetchOnce({}, { status: 204 }); - expect(fetchBody()).toEqual({ - permissions: [], + await workos.authorization.removeRole({ + organizationMembershipId: 'test_organizationMembershipId', + roleSlug: 'test_role_slug', }); - expect(role.permissions).toHaveLength(0); - }); - }); - describe('addEnvironmentRolePermission', () => { - it('adds a permission to an environment role', async () => { - const updatedRoleFixture = { - ...environmentRoleFixture, - permissions: [ - 'users:read', - 'users:write', - 'settings:manage', - 'billing:read', - ], - }; - fetchOnce(updatedRoleFixture); - - const role = await workos.authorization.addEnvironmentRolePermission( - 'admin', - { permissionSlug: 'billing:read' }, + expect(fetchMethod()).toBe('DELETE'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organization_memberships/test_organizationMembershipId/role_assignments', ); - - expect(fetchURL()).toContain('/authorization/roles/admin/permissions'); - expect(fetchBody()).toEqual({ - slug: 'billing:read', - }); - expect(role.permissions).toEqual( - expect.arrayContaining(['billing:read']), + expect(fetchBody()).toEqual( + expect.objectContaining({ role_slug: 'test_role_slug' }), ); }); }); - describe('createOrganizationRole', () => { - it('creates an organization role', async () => { - fetchOnce(organizationRoleFixture, { status: 201 }); - - const role = await workos.authorization.createOrganizationRole( - testOrgId, - { - slug: 'org-admin', - name: 'Org Admin', - description: 'Organization administrator', - }, - ); + describe('removeRoleAssignment', () => { + it('sends a DELETE request', async () => { + fetchOnce({}, { status: 204 }); - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/roles`, - ); - expect(fetchBody()).toEqual({ - slug: 'org-admin', - name: 'Org Admin', - description: 'Organization administrator', - }); - expect(role).toMatchObject({ - object: 'role', - id: 'role_01HXYZ123ABC456DEF789ORG', - slug: 'org-admin', - name: 'Org Admin', - resourceTypeSlug: 'organization', - type: 'OrganizationRole', + await workos.authorization.removeRoleAssignment({ + organizationMembershipId: 'test_organizationMembershipId', + roleAssignmentId: 'test_roleAssignmentId', }); - }); - it('creates an organization role with resourceTypeSlug', async () => { - fetchOnce(organizationRoleFixture, { status: 201 }); - - const role = await workos.authorization.createOrganizationRole( - testOrgId, - { - slug: 'org-admin', - name: 'Org Admin', - resourceTypeSlug: 'organization', - }, + expect(fetchMethod()).toBe('DELETE'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organization_memberships/test_organizationMembershipId/role_assignments/test_roleAssignmentId', ); - - expect(fetchBody()).toEqual({ - slug: 'org-admin', - name: 'Org Admin', - resource_type_slug: 'organization', - }); - expect(role.resourceTypeSlug).toEqual('organization'); }); + }); - it('creates an organization role without slug', async () => { - fetchOnce(organizationRoleFixture, { status: 201 }); - - const role = await workos.authorization.createOrganizationRole( - testOrgId, - { - name: 'Org Admin', - description: 'Organization administrator', - }, - ); + describe('listOrganizationRoles', () => { + it('returns the expected result', async () => { + fetchOnce(roleListFixture); - expect(fetchBody()).toEqual({ - name: 'Org Admin', - description: 'Organization administrator', - }); - expect(role).toMatchObject({ - object: 'role', - name: 'Org Admin', - type: 'OrganizationRole', + const result = await workos.authorization.listOrganizationRoles({ + organizationId: 'test_organizationId', }); + + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/roles', + ); + expectRoleList(result); }); }); - describe('listOrganizationRoles', () => { - it('returns both environment and organization roles', async () => { - fetchOnce(listOrganizationRolesFixture); + describe('createOrganizationRole', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(organizationRoleFixture); - const { data, object } = - await workos.authorization.listOrganizationRoles(testOrgId); + const result = await workos.authorization.createOrganizationRole({ + organizationId: 'test_organizationId', + name: 'Test', + }); - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/roles`, - ); - expect(object).toEqual('list'); - expect(data).toHaveLength(3); - expect(data).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - slug: 'admin', - resourceTypeSlug: 'organization', - type: 'EnvironmentRole', - }), - expect.objectContaining({ - slug: 'org-admin', - resourceTypeSlug: 'organization', - type: 'OrganizationRole', - }), - expect.objectContaining({ - slug: 'org-member', - resourceTypeSlug: 'organization', - type: 'OrganizationRole', - }), - ]), + expect(fetchMethod()).toBe('POST'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/roles', ); + expect(fetchBody()).toEqual(expect.objectContaining({ name: 'Test' })); + expect(result).toBeDefined(); }); }); describe('getOrganizationRole', () => { - it('gets an organization role by slug', async () => { + it('returns the expected result', async () => { fetchOnce(organizationRoleFixture); - const role = await workos.authorization.getOrganizationRole( - testOrgId, - 'org-admin', - ); + const result = await workos.authorization.getOrganizationRole({ + organizationId: 'test_organizationId', + slug: 'test_slug', + }); - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/roles/org-admin`, + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/roles/test_slug', ); - expect(role).toMatchObject({ - object: 'role', - slug: 'org-admin', - resourceTypeSlug: 'organization', - type: 'OrganizationRole', - }); + expect(result).toBeDefined(); }); }); describe('updateOrganizationRole', () => { - it('updates an organization role', async () => { - const updatedRoleFixture = { - ...organizationRoleFixture, - name: 'Super Org Admin', - description: 'Updated description', - }; - fetchOnce(updatedRoleFixture); - - const role = await workos.authorization.updateOrganizationRole( - testOrgId, - 'org-admin', - { - name: 'Super Org Admin', - description: 'Updated description', - }, - ); + it('sends the correct request and returns result', async () => { + fetchOnce(organizationRoleFixture); - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/roles/org-admin`, - ); - expect(fetchBody()).toEqual({ - name: 'Super Org Admin', - description: 'Updated description', - }); - expect(role).toMatchObject({ - name: 'Super Org Admin', - description: 'Updated description', + const result = await workos.authorization.updateOrganizationRole({ + organizationId: 'test_organizationId', + slug: 'test_slug', + name: 'Test', }); + + expect(fetchMethod()).toBe('PATCH'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/roles/test_slug', + ); + expect(fetchBody()).toEqual(expect.objectContaining({ name: 'Test' })); + expect(result).toBeDefined(); }); }); describe('deleteOrganizationRole', () => { - it('deletes an organization role', async () => { + it('sends a DELETE request', async () => { fetchOnce({}, { status: 204 }); - await workos.authorization.deleteOrganizationRole(testOrgId, 'org-admin'); + await workos.authorization.deleteOrganizationRole({ + organizationId: 'test_organizationId', + slug: 'test_slug', + }); - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/roles/org-admin`, + expect(fetchMethod()).toBe('DELETE'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/roles/test_slug', ); }); }); - describe('setOrganizationRolePermissions', () => { - it('sets permissions for an organization role', async () => { - const updatedRoleFixture = { - ...organizationRoleFixture, - permissions: ['org:read', 'org:write'], - }; - fetchOnce(updatedRoleFixture); - - const role = await workos.authorization.setOrganizationRolePermissions( - testOrgId, - 'org-admin', - { permissions: ['org:read', 'org:write'] }, - ); + describe('addOrganizationRolePermission', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(organizationRoleFixture); - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/roles/org-admin/permissions`, - ); - expect(fetchBody()).toEqual({ - permissions: ['org:read', 'org:write'], + const result = await workos.authorization.addOrganizationRolePermission({ + organizationId: 'test_organizationId', + roleSlug: 'test_slug', + slug: 'test_slug', }); - expect(role.permissions).toEqual( - expect.arrayContaining(['org:read', 'org:write']), + + expect(fetchMethod()).toBe('POST'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/roles/test_slug/permissions', + ); + expect(fetchBody()).toEqual( + expect.objectContaining({ slug: 'test_slug' }), ); + expect(result).toBeDefined(); }); }); - describe('addOrganizationRolePermission', () => { - it('adds a permission to an organization role', async () => { - const updatedRoleFixture = { - ...organizationRoleFixture, - permissions: ['org:manage', 'members:invite', 'billing:read'], - }; - fetchOnce(updatedRoleFixture); - - const role = await workos.authorization.addOrganizationRolePermission( - testOrgId, - 'org-admin', - { permissionSlug: 'billing:read' }, - ); + describe('setOrganizationRolePermissions', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(organizationRoleFixture); - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/roles/org-admin/permissions`, - ); - expect(fetchBody()).toEqual({ - slug: 'billing:read', + const result = await workos.authorization.setOrganizationRolePermissions({ + organizationId: 'test_organizationId', + slug: 'test_slug', + permissions: ['test_permissions'], }); - expect(role.permissions).toEqual( - expect.arrayContaining(['billing:read']), + + expect(fetchMethod()).toBe('PUT'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/roles/test_slug/permissions', ); + expect(fetchBody()).toEqual( + expect.objectContaining({ permissions: ['test_permissions'] }), + ); + expect(result).toBeDefined(); }); }); describe('removeOrganizationRolePermission', () => { - it('removes a permission from an organization role', async () => { - fetchOnce({}, { status: 200 }); + it('sends a DELETE request', async () => { + fetchOnce({}, { status: 204 }); - await workos.authorization.removeOrganizationRolePermission( - testOrgId, - 'org-admin', - { permissionSlug: 'members:invite' }, - ); + await workos.authorization.removeOrganizationRolePermission({ + organizationId: 'test_organizationId', + slug: 'test_slug', + permissionSlug: 'test_permissionSlug', + }); - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/roles/org-admin/permissions/members:invite`, + expect(fetchMethod()).toBe('DELETE'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/roles/test_slug/permissions/test_permissionSlug', ); }); }); - describe('createPermission', () => { - it('creates a permission', async () => { - fetchOnce(permissionFixture, { status: 201 }); + describe('getResourceByExternalId', () => { + it('returns the expected result', async () => { + fetchOnce(authorizationResourceFixture); - const permission = await workos.authorization.createPermission({ - slug: 'users:read', - name: 'Read Users', - description: 'Allows reading user data', + const result = await workos.authorization.getResourceByExternalId({ + organizationId: 'test_organizationId', + resourceTypeSlug: 'test_resourceTypeSlug', + externalId: 'test_externalId', }); - expect(fetchURL()).toContain('/authorization/permissions'); - expect(fetchBody()).toEqual({ - slug: 'users:read', - name: 'Read Users', - description: 'Allows reading user data', - }); - expect(permission).toMatchObject({ - object: 'permission', - id: 'perm_01HXYZ123ABC456DEF789GHI', - slug: 'users:read', - name: 'Read Users', - description: 'Allows reading user data', - resourceTypeSlug: 'organization', - system: false, - }); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/resources/test_resourceTypeSlug/test_externalId', + ); + expectAuthorizationResource(result); }); + }); - it('creates a permission with resourceTypeSlug', async () => { - fetchOnce(permissionFixture, { status: 201 }); + describe('updateResourceByExternalId', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(authorizationResourceFixture); - const permission = await workos.authorization.createPermission({ - slug: 'users:read', - name: 'Read Users', - description: 'Allows reading user data', - resourceTypeSlug: 'organization', + const result = await workos.authorization.updateResourceByExternalId({ + organizationId: 'test_organizationId', + resourceTypeSlug: 'test_resourceTypeSlug', + externalId: 'test_externalId', + name: 'Test', + parentResourceId: 'parent_resource_id_01234', }); - expect(fetchBody()).toEqual({ - slug: 'users:read', - name: 'Read Users', - description: 'Allows reading user data', - resource_type_slug: 'organization', - }); - expect(permission.resourceTypeSlug).toEqual('organization'); + expect(fetchMethod()).toBe('PATCH'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/resources/test_resourceTypeSlug/test_externalId', + ); + expect(fetchBody()).toEqual( + expect.objectContaining({ + name: 'Test', + parent_resource_id: 'parent_resource_id_01234', + }), + ); + expectAuthorizationResource(result); }); + }); - it('creates a permission without description', async () => { - fetchOnce({ ...permissionFixture, description: null }, { status: 201 }); + describe('deleteResourceByExternalId', () => { + it('sends a DELETE request', async () => { + fetchOnce({}, { status: 204 }); - const permission = await workos.authorization.createPermission({ - slug: 'users:read', - name: 'Read Users', + await workos.authorization.deleteResourceByExternalId({ + organizationId: 'test_organizationId', + resourceTypeSlug: 'test_resourceTypeSlug', + externalId: 'test_externalId', + cascadeDelete: false, }); - expect(fetchBody()).toEqual({ - slug: 'users:read', - name: 'Read Users', - }); - expect(permission.description).toBeNull(); + expect(fetchMethod()).toBe('DELETE'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/resources/test_resourceTypeSlug/test_externalId', + ); }); }); - describe('listPermissions', () => { - it('returns permissions', async () => { - fetchOnce(listPermissionsFixture); - - const result = await workos.authorization.listPermissions(); - - expect(fetchURL()).toContain('/authorization/permissions'); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(2); - expect(result.data).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - object: 'permission', - id: 'perm_01HXYZ123ABC456DEF789GHI', - slug: 'users:read', - name: 'Read Users', - resourceTypeSlug: 'organization', - }), - expect.objectContaining({ - object: 'permission', - id: 'perm_01HXYZ123ABC456DEF789GHJ', - slug: 'users:write', - name: 'Write Users', - resourceTypeSlug: 'organization', - }), - ]), + describe('listMembershipsForResourceByExternalId', () => { + it('returns paginated results', async () => { + fetchOnce(listUserOrganizationMembershipBaseListDataFixture); + + const { data, listMetadata } = + await workos.authorization.listMembershipsForResourceByExternalId({ + organizationId: 'test_organizationId', + resourceTypeSlug: 'test_resourceTypeSlug', + externalId: 'test_externalId', + order: 'desc', + permissionSlug: 'project:read', + assignment: 'direct', + }); + + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/resources/test_resourceTypeSlug/test_externalId/organization_memberships', ); - expect(result.listMetadata).toEqual({ - before: null, - after: 'perm_01HXYZ123ABC456DEF789GHJ', - }); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); }); + }); - it('passes pagination parameters', async () => { - fetchOnce(listPermissionsFixture); - - await workos.authorization.listPermissions({ - limit: 10, - after: 'perm_01HXYZ123ABC456DEF789GHI', - order: 'desc', - }); + describe('listResourceRoleAssignments', () => { + it('returns paginated results', async () => { + fetchOnce(listUserRoleAssignmentFixture); + + const { data, listMetadata } = + await workos.authorization.listResourceRoleAssignments({ + organizationId: 'test_organizationId', + resourceTypeSlug: 'test_resourceTypeSlug', + externalId: 'test_externalId', + order: 'desc', + roleSlug: 'editor', + }); - expect(fetchSearchParams()).toEqual({ - limit: '10', - after: 'perm_01HXYZ123ABC456DEF789GHI', - order: 'desc', - }); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/organizations/test_organizationId/resources/test_resourceTypeSlug/test_externalId/role_assignments', + ); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); }); + }); - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listPermissionsFixture); - - await workos.authorization.listPermissions(); + describe('listResources', () => { + it('returns paginated results', async () => { + fetchOnce(listAuthorizationResourceFixture); - expect(fetchSearchParams()).toMatchObject({ + const { data, listMetadata } = await workos.authorization.listResources({ order: 'desc', + organizationId: 'org_01EHZNVPK3SFK441A1RGBFSHRT', + resourceTypeSlug: 'project', + resourceExternalId: 'my-project-123', + parentResourceId: 'authz_resource_01HXYZ123456789ABCDEFGHIJ', + parentResourceTypeSlug: 'workspace', + parentExternalId: 'ext-workspace-123', }); - }); - - it('passes order asc when explicitly set', async () => { - fetchOnce(listPermissionsFixture); - await workos.authorization.listPermissions({ order: 'asc' }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'asc', - }); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/resources', + ); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); + expectAuthorizationResource(data[0]); }); + }); - it('passes order desc when explicitly set', async () => { - fetchOnce(listPermissionsFixture); - - await workos.authorization.listPermissions({ order: 'desc' }); + describe('createResource', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(authorizationResourceFixture); - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', + const result = await workos.authorization.createResource({ + externalId: 'external_id_01234', + name: 'Test', + resourceTypeSlug: 'test_resource_type_slug', + organizationId: 'organization_id_01234', }); + + expect(fetchMethod()).toBe('POST'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/resources', + ); + expect(fetchBody()).toEqual( + expect.objectContaining({ + external_id: 'external_id_01234', + name: 'Test', + resource_type_slug: 'test_resource_type_slug', + organization_id: 'organization_id_01234', + }), + ); + expectAuthorizationResource(result); }); }); - describe('getPermission', () => { - it('gets a permission by slug', async () => { - fetchOnce(permissionFixture); + describe('getResource', () => { + it('returns the expected result', async () => { + fetchOnce(authorizationResourceFixture); - const permission = await workos.authorization.getPermission('users:read'); - - expect(fetchURL()).toContain('/authorization/permissions/users:read'); - expect(permission).toMatchObject({ - object: 'permission', - id: 'perm_01HXYZ123ABC456DEF789GHI', - slug: 'users:read', - name: 'Read Users', - description: 'Allows reading user data', - resourceTypeSlug: 'organization', - system: false, + const result = await workos.authorization.getResource({ + resourceId: 'test_resourceId', }); + + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/resources/test_resourceId', + ); + expectAuthorizationResource(result); }); }); - describe('updatePermission', () => { - it('updates a permission', async () => { - const updatedPermissionFixture = { - ...permissionFixture, - name: 'Read All Users', - description: 'Updated description', - }; - fetchOnce(updatedPermissionFixture); - - const permission = await workos.authorization.updatePermission( - 'users:read', - { - name: 'Read All Users', - description: 'Updated description', - }, - ); + describe('updateResource', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(authorizationResourceFixture); - expect(fetchURL()).toContain('/authorization/permissions/users:read'); - expect(fetchBody()).toEqual({ - name: 'Read All Users', - description: 'Updated description', - }); - expect(permission).toMatchObject({ - name: 'Read All Users', - description: 'Updated description', + const result = await workos.authorization.updateResource({ + resourceId: 'test_resourceId', + name: 'Test', + parentResourceId: 'parent_resource_id_01234', }); - }); - it('clears description when set to null', async () => { - const updatedPermissionFixture = { - ...permissionFixture, - description: null, - }; - fetchOnce(updatedPermissionFixture); - - const permission = await workos.authorization.updatePermission( - 'users:read', - { - description: null, - }, + expect(fetchMethod()).toBe('PATCH'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/resources/test_resourceId', ); - - expect(fetchBody()).toEqual({ - description: null, - }); - expect(permission.description).toBeNull(); + expect(fetchBody()).toEqual( + expect.objectContaining({ + name: 'Test', + parent_resource_id: 'parent_resource_id_01234', + }), + ); + expectAuthorizationResource(result); }); }); - describe('deletePermission', () => { - it('deletes a permission', async () => { + describe('deleteResource', () => { + it('sends a DELETE request', async () => { fetchOnce({}, { status: 204 }); - await workos.authorization.deletePermission('users:read'); + await workos.authorization.deleteResource({ + resourceId: 'test_resourceId', + cascadeDelete: false, + }); - expect(fetchURL()).toContain('/authorization/permissions/users:read'); + expect(fetchMethod()).toBe('DELETE'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/resources/test_resourceId', + ); }); }); - describe('getResource', () => { - it('gets an authorization resource by internal ID', async () => { - fetchOnce(authorizationResourceFixture); - - const resource = await workos.authorization.getResource(testResourceId); + describe('listMembershipsForResource', () => { + it('returns paginated results', async () => { + fetchOnce(listUserOrganizationMembershipBaseListDataFixture); + + const { data, listMetadata } = + await workos.authorization.listMembershipsForResource({ + resourceId: 'test_resourceId', + order: 'desc', + permissionSlug: 'document:edit', + assignment: 'direct', + }); - expect(fetchURL()).toContain( - `/authorization/resources/${testResourceId}`, + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/resources/test_resourceId/organization_memberships', ); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Q4 Budget Report', - description: 'Financial report for Q4 2025', - resourceTypeSlug: 'document', - organizationId: testOrgId, - parentResourceId: 'authz_resource_01HXYZ123ABC456DEF789XYZ', - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); - }); - - it('handles resource without parent', async () => { - fetchOnce({ ...authorizationResourceFixture, parent_resource_id: null }); - - const resource = await workos.authorization.getResource(testResourceId); - - expect(resource.parentResourceId).toBeNull(); - expect(resource.description).not.toBeNull(); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); }); + }); - it('handles resource without description', async () => { - fetchOnce({ ...authorizationResourceFixture, description: null }); + describe('listRoleAssignmentsForResource', () => { + it('returns paginated results', async () => { + fetchOnce(listUserRoleAssignmentFixture); + + const { data, listMetadata } = + await workos.authorization.listRoleAssignmentsForResource({ + resourceId: 'test_resourceId', + order: 'desc', + roleSlug: 'editor', + }); - const resource = await workos.authorization.getResource(testResourceId); - expect(resource.description).toBeNull(); - expect(resource.parentResourceId).not.toBeNull(); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/resources/test_resourceId/role_assignments', + ); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); }); + }); - it('handles resource without parent and without description', async () => { - fetchOnce({ - ...authorizationResourceFixture, - parent_resource_id: null, - description: null, - }); + describe('listEnvironmentRoles', () => { + it('returns the expected result', async () => { + fetchOnce(roleListFixture); - const resource = await workos.authorization.getResource(testResourceId); + const result = await workos.authorization.listEnvironmentRoles(); - expect(resource.parentResourceId).toBeNull(); - expect(resource.description).toBeNull(); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe('/authorization/roles'); + expectRoleList(result); }); }); - describe('createResource', () => { - it('creates a resource without a parent', async () => { - fetchOnce(authorizationResourceFixture, { status: 201 }); - - await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - }); - - const body = fetchBody(); - expect(body).toEqual({ - organization_id: testOrgId, - resource_type_slug: 'document', - external_id: 'doc-456', - name: 'Q4 Budget Report', - }); - expect(body).not.toHaveProperty('parent_resource_id'); - expect(body).not.toHaveProperty('parent_resource_external_id'); - expect(body).not.toHaveProperty('parent_resource_type_slug'); - }); - - it('creates an authorization resource with all fields', async () => { - fetchOnce(authorizationResourceFixture, { status: 201 }); + describe('createEnvironmentRole', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(environmentRoleFixture); - const resource = await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - description: 'Financial report for Q4 2025', - parentResourceId: 'authz_resource_01HXYZ123ABC456DEF789XYZ', + const result = await workos.authorization.createEnvironmentRole({ + slug: 'test_slug', + name: 'Test', }); - expect(fetchURL()).toContain('/authorization/resources'); - expect(fetchBody()).toEqual({ - organization_id: testOrgId, - resource_type_slug: 'document', - external_id: 'doc-456', - name: 'Q4 Budget Report', - description: 'Financial report for Q4 2025', - parent_resource_id: 'authz_resource_01HXYZ123ABC456DEF789XYZ', - }); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Q4 Budget Report', - description: 'Financial report for Q4 2025', - resourceTypeSlug: 'document', - parentResourceId: 'authz_resource_01HXYZ123ABC456DEF789XYZ', - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); + expect(fetchMethod()).toBe('POST'); + expect(new URL(String(fetchURL())).pathname).toBe('/authorization/roles'); + expect(fetchBody()).toEqual( + expect.objectContaining({ slug: 'test_slug', name: 'Test' }), + ); + expect(result).toBeDefined(); }); + }); - it('creates an authorization resource with parentResourceId', async () => { - fetchOnce(authorizationResourceFixture, { status: 201 }); + describe('getEnvironmentRole', () => { + it('returns the expected result', async () => { + fetchOnce(environmentRoleFixture); - const resource = await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - parentResourceId: 'resource_01HXYZ', + const result = await workos.authorization.getEnvironmentRole({ + slug: 'test_slug', }); - expect(fetchBody()).toEqual({ - organization_id: testOrgId, - resource_type_slug: 'document', - external_id: 'doc-456', - name: 'Q4 Budget Report', - parent_resource_id: 'resource_01HXYZ', - }); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Q4 Budget Report', - resourceTypeSlug: 'document', - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/roles/test_slug', + ); + expect(result).toBeDefined(); }); + }); - it('creates an authorization resource with description and parentResourceId', async () => { - fetchOnce(authorizationResourceFixture, { status: 201 }); + describe('updateEnvironmentRole', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(environmentRoleFixture); - const resource = await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - description: 'Financial report for Q4 2025', - parentResourceId: 'resource_01HXYZ', + const result = await workos.authorization.updateEnvironmentRole({ + slug: 'test_slug', + name: 'Test', }); - expect(fetchBody()).toEqual({ - organization_id: testOrgId, - resource_type_slug: 'document', - external_id: 'doc-456', - name: 'Q4 Budget Report', - description: 'Financial report for Q4 2025', - parent_resource_id: 'resource_01HXYZ', - }); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Q4 Budget Report', - description: 'Financial report for Q4 2025', - resourceTypeSlug: 'document', - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); + expect(fetchMethod()).toBe('PATCH'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/roles/test_slug', + ); + expect(fetchBody()).toEqual(expect.objectContaining({ name: 'Test' })); + expect(result).toBeDefined(); }); + }); - it('creates an authorization resource with parent resource but no description', async () => { - fetchOnce( - { - ...authorizationResourceFixture, - description: null, - }, - { status: 201 }, - ); + describe('addEnvironmentRolePermission', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(environmentRoleFixture); - const resource = await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - parentResourceId: 'authz_resource_01HXYZ123ABC456DEF789XYZ', + const result = await workos.authorization.addEnvironmentRolePermission({ + roleSlug: 'test_slug', + slug: 'test_slug', }); - expect(fetchBody()).toEqual({ - organization_id: testOrgId, - resource_type_slug: 'document', - external_id: 'doc-456', - name: 'Q4 Budget Report', - parent_resource_id: 'authz_resource_01HXYZ123ABC456DEF789XYZ', - }); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Q4 Budget Report', - description: null, - resourceTypeSlug: 'document', - parentResourceId: 'authz_resource_01HXYZ123ABC456DEF789XYZ', - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); + expect(fetchMethod()).toBe('POST'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/roles/test_slug/permissions', + ); + expect(fetchBody()).toEqual( + expect.objectContaining({ slug: 'test_slug' }), + ); + expect(result).toBeDefined(); }); + }); - it('excludes description when omitted', async () => { - fetchOnce(authorizationResourceFixture, { status: 201 }); + describe('setEnvironmentRolePermissions', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(environmentRoleFixture); - await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - parentResourceId: 'resource_01HXYZ', + const result = await workos.authorization.setEnvironmentRolePermissions({ + slug: 'test_slug', + permissions: ['test_permissions'], }); - const body = fetchBody(); - expect(body).not.toHaveProperty('description'); - expect(body).toHaveProperty('parent_resource_id', 'resource_01HXYZ'); + expect(fetchMethod()).toBe('PUT'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/roles/test_slug/permissions', + ); + expect(fetchBody()).toEqual( + expect.objectContaining({ permissions: ['test_permissions'] }), + ); + expect(result).toBeDefined(); }); + }); - it('sends null when description is explicitly set to null', async () => { - fetchOnce( - { - ...authorizationResourceFixture, - description: null, - }, - { status: 201 }, - ); + describe('listPermissions', () => { + it('returns paginated results', async () => { + fetchOnce(listAuthorizationPermissionFixture); - await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - description: null, - parentResourceId: 'resource_01HXYZ', - }); + const { data, listMetadata } = await workos.authorization.listPermissions( + { order: 'desc' }, + ); - const body = fetchBody(); - expect(body).toHaveProperty('description', null); - expect(body).toHaveProperty('parent_resource_id', 'resource_01HXYZ'); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/permissions', + ); + expect(fetchSearchParams()).toHaveProperty('order'); + expect(Array.isArray(data)).toBe(true); + expect(listMetadata).toBeDefined(); + expect(data.length).toBeGreaterThan(0); }); + }); - it('creates a resource with parentResourceExternalId and parentResourceTypeSlug', async () => { - fetchOnce(authorizationResourceFixture, { status: 201 }); + describe('createPermission', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(permissionFixture); - const resource = await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - parentResourceExternalId: 'folder-123', - parentResourceTypeSlug: 'folder', + const result = await workos.authorization.createPermission({ + slug: 'test_slug', + name: 'Test', }); - expect(fetchURL()).toContain('/authorization/resources'); - expect(fetchBody()).toEqual({ - organization_id: testOrgId, - resource_type_slug: 'document', - external_id: 'doc-456', - name: 'Q4 Budget Report', - parent_resource_external_id: 'folder-123', - parent_resource_type_slug: 'folder', - }); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Q4 Budget Report', - }); + expect(fetchMethod()).toBe('POST'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/permissions', + ); + expect(fetchBody()).toEqual( + expect.objectContaining({ slug: 'test_slug', name: 'Test' }), + ); + expect(result.object).toBe('permission'); + expect(result.id).toBe('perm_01HXYZ123456789ABCDEFGHIJ'); + expect(result.slug).toBe('documents:read'); + expect(result.name).toBe('View Documents'); + expect(result.description).toBe('Allows viewing document contents'); + expect(result.system).toBe(false); + expect(result.resourceTypeSlug).toBe('document'); + expect(result.createdAt.toISOString()).toBe('2026-01-15T12:00:00.000Z'); + expect(result.updatedAt.toISOString()).toBe('2026-01-15T12:00:00.000Z'); }); + }); - it('excludes parentResourceExternalId and parentResourceTypeSlug when parentResourceId is used', async () => { - fetchOnce(authorizationResourceFixture, { status: 201 }); + describe('getPermission', () => { + it('returns the expected result', async () => { + fetchOnce(authorizationPermissionFixture); - await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - parentResourceId: 'resource_01HXYZ', + const result = await workos.authorization.getPermission({ + slug: 'test_slug', }); - const body = fetchBody(); - expect(body).toHaveProperty('parent_resource_id', 'resource_01HXYZ'); - expect(body).not.toHaveProperty('parent_resource_external_id'); - expect(body).not.toHaveProperty('parent_resource_type_slug'); + expect(fetchMethod()).toBe('GET'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/permissions/test_slug', + ); + expectAuthorizationPermission(result); }); + }); - it('excludes parentResourceId when parentResourceExternalId is used', async () => { - fetchOnce(authorizationResourceFixture, { status: 201 }); + describe('updatePermission', () => { + it('sends the correct request and returns result', async () => { + fetchOnce(authorizationPermissionFixture); - await workos.authorization.createResource({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Q4 Budget Report', - parentResourceExternalId: 'folder-123', - parentResourceTypeSlug: 'folder', + const result = await workos.authorization.updatePermission({ + slug: 'test_slug', + name: 'Test', }); - const body = fetchBody(); - expect(body).toHaveProperty('parent_resource_external_id', 'folder-123'); - expect(body).toHaveProperty('parent_resource_type_slug', 'folder'); - expect(body).not.toHaveProperty('parent_resource_id'); + expect(fetchMethod()).toBe('PATCH'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/permissions/test_slug', + ); + expect(fetchBody()).toEqual(expect.objectContaining({ name: 'Test' })); + expectAuthorizationPermission(result); }); }); - describe('updateResource', () => { - it('updates name when description is omitted', async () => { - const updatedResourceFixture = { - ...authorizationResourceFixture, - name: 'Updated Report Name', - }; - fetchOnce(updatedResourceFixture); - - const resource = await workos.authorization.updateResource({ - resourceId: testResourceId, - name: 'Updated Report Name', - }); - - expect(fetchURL()).toContain( - `/authorization/resources/${testResourceId}`, - ); - const body = fetchBody(); - expect(body).toEqual({ name: 'Updated Report Name' }); - expect(body).not.toHaveProperty('description'); - expect(resource.name).toBe('Updated Report Name'); - expect(resource.description).toBe('Financial report for Q4 2025'); - }); - - it('updates description when name is omitted', async () => { - const updatedResourceFixture = { - ...authorizationResourceFixture, - description: 'Updated description', - }; - fetchOnce(updatedResourceFixture); - - const resource = await workos.authorization.updateResource({ - resourceId: testResourceId, - description: 'Updated description', - }); - - const body = fetchBody(); - expect(body).toEqual({ description: 'Updated description' }); - expect(body).not.toHaveProperty('name'); - expect(resource.description).toBe('Updated description'); - expect(resource.name).toBe('Q4 Budget Report'); - }); - - it('updates both name and description', async () => { - const updatedResourceFixture = { - ...authorizationResourceFixture, - name: 'New Name', - description: 'New Description', - }; - fetchOnce(updatedResourceFixture); - - const resource = await workos.authorization.updateResource({ - resourceId: testResourceId, - name: 'New Name', - description: 'New Description', - }); - - expect(fetchBody()).toEqual({ - name: 'New Name', - description: 'New Description', - }); - expect(resource.name).toBe('New Name'); - expect(resource.description).toBe('New Description'); - }); - - it('clears description when set to null', async () => { - const updatedResourceFixture = { - ...authorizationResourceFixture, - description: null, - }; - fetchOnce(updatedResourceFixture); - - const resource = await workos.authorization.updateResource({ - resourceId: testResourceId, - description: null, - }); - - const body = fetchBody(); - expect(body).toEqual({ description: null }); - expect(body).not.toHaveProperty('name'); - expect(resource.description).toBeNull(); - }); - - it('excludes description from request body when undefined', async () => { - fetchOnce(authorizationResourceFixture); - - await workos.authorization.updateResource({ - resourceId: testResourceId, - name: 'Some Name', - }); - - const body = fetchBody(); - expect(body).not.toHaveProperty('description'); - }); - }); - - describe('deleteResource', () => { - it('deletes an authorization resource', async () => { - fetchOnce({}, { status: 204 }); - - await workos.authorization.deleteResource({ resourceId: testResourceId }); - - expect(fetchURL()).toContain( - `/authorization/resources/${testResourceId}`, - ); - expect(fetchSearchParams()).toEqual({}); - }); - - it('deletes a resource with cascadeDelete=true', async () => { - fetchOnce({}, { status: 204 }); - - await workos.authorization.deleteResource({ - resourceId: testResourceId, - cascadeDelete: true, - }); - - expect(fetchURL()).toContain( - `/authorization/resources/${testResourceId}`, - ); - expect(fetchSearchParams()).toEqual({ cascade_delete: 'true' }); - }); - - it('deletes a resource with cascadeDelete=false', async () => { - fetchOnce({}, { status: 204 }); - - await workos.authorization.deleteResource({ - resourceId: testResourceId, - cascadeDelete: false, - }); - - expect(fetchURL()).toContain( - `/authorization/resources/${testResourceId}`, - ); - expect(fetchSearchParams()).toEqual({ cascade_delete: 'false' }); - }); - }); - - describe('listResources', () => { - it('returns a paginated list of resources', async () => { - fetchOnce(listResourcesFixture); - - const result = await workos.authorization.listResources(); - - expect(fetchURL()).toContain('/authorization/resources'); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(2); - expect(result.data).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - object: 'authorization_resource', - id: 'authz_resource_01HXYZ123ABC456DEF789ABC', - externalId: 'doc-12345678', - name: 'Q5 Budget Report', - resourceTypeSlug: 'document', - }), - expect.objectContaining({ - object: 'authorization_resource', - id: 'authz_resource_01HXYZ123ABC456DEF789DEF', - externalId: 'folder-123', - name: 'Finance Folder', - resourceTypeSlug: 'folder', - }), - ]), - ); - expect(result.listMetadata).toEqual({ - before: null, - after: 'authz_resource_01HXYZ123ABC456DEF789DEF', - }); - }); - - it('passes pagination parameters with after cursor', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResources({ - limit: 10, - after: 'resource_01HXYZ123ABC456DEF789ABC', - order: 'desc', - }); - - expect(fetchSearchParams()).toEqual({ - limit: '10', - after: 'resource_01HXYZ123ABC456DEF789ABC', - order: 'desc', - }); - }); - - it('passes pagination parameters with before cursor', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResources({ - limit: 10, - before: 'resource_01HXYZ123ABC456DEF789DEF', - order: 'asc', - }); - - expect(fetchSearchParams()).toEqual({ - limit: '10', - before: 'resource_01HXYZ123ABC456DEF789DEF', - order: 'asc', - }); - }); - - it('passes parent resource filters', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResources({ - parentResourceId: 'resource_01HXYZ123ABC456DEF789XYZ', - }); - - expect(fetchSearchParams()).toEqual({ - parent_resource_id: 'resource_01HXYZ123ABC456DEF789XYZ', - order: 'desc', - }); - }); - - it('passes parent external ID filters', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResources({ - parentResourceTypeSlug: 'folder', - parentExternalId: 'folder-123', - }); - - expect(fetchSearchParams()).toEqual({ - parent_resource_type_slug: 'folder', - parent_external_id: 'folder-123', - order: 'desc', - }); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResources(); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - - it('passes order asc when explicitly set', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResources({ order: 'asc' }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'asc', - }); - }); - - it('passes order desc when explicitly set', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResources({ order: 'desc' }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - }); - - describe('getResourceByExternalId', () => { - it('gets a resource by organization, type, and external ID', async () => { - fetchOnce(authorizationResourceFixture); - - const resource = await workos.authorization.getResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - }); - - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/resources/document/doc-456`, - ); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Q4 Budget Report', - resourceTypeSlug: 'document', - organizationId: testOrgId, - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); - }); - - it('handles resource without parent', async () => { - fetchOnce({ ...authorizationResourceFixture, parent_resource_id: null }); - - const resource = await workos.authorization.getResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - }); - - expect(resource.parentResourceId).toBeNull(); - }); - - it('handles resource without description', async () => { - fetchOnce({ ...authorizationResourceFixture, description: null }); - - const resource = await workos.authorization.getResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - }); - - expect(resource.description).toBeNull(); - }); - }); - - describe('updateResourceByExternalId', () => { - it('updates a resource by external ID', async () => { - const updatedResourceFixture = { - ...authorizationResourceFixture, - name: 'Updated Report Name', - description: 'Updated description', - }; - fetchOnce(updatedResourceFixture); - - const resource = await workos.authorization.updateResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'Updated Report Name', - description: 'Updated description', - }); - - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/resources/document/doc-456`, - ); - expect(fetchBody()).toEqual({ - name: 'Updated Report Name', - description: 'Updated description', - }); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Updated Report Name', - description: 'Updated description', - resourceTypeSlug: 'document', - organizationId: testOrgId, - }); - }); - - it('updates only name when description is omitted', async () => { - const updatedResourceFixture = { - ...authorizationResourceFixture, - name: 'New Name', - }; - fetchOnce(updatedResourceFixture); - - await workos.authorization.updateResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - name: 'New Name', - }); - - const body = fetchBody(); - expect(body).toEqual({ name: 'New Name' }); - expect(body).not.toHaveProperty('description'); - }); - - it('updates only description when name is omitted', async () => { - const updatedResourceFixture = { - ...authorizationResourceFixture, - description: 'new description', - }; - fetchOnce(updatedResourceFixture); - - await workos.authorization.updateResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - description: 'new description', - }); - - const body = fetchBody(); - expect(body).toEqual({ description: 'new description' }); - expect(body).not.toHaveProperty('name'); - }); - - it('returns unchanged resource when body is empty', async () => { - fetchOnce(authorizationResourceFixture); - - const resource = await workos.authorization.updateResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - }); - - expect(fetchBody()).toEqual({}); - expect(resource).toMatchObject({ - object: 'authorization_resource', - id: testResourceId, - externalId: 'doc-456', - name: 'Q4 Budget Report', - description: 'Financial report for Q4 2025', - resourceTypeSlug: 'document', - organizationId: testOrgId, - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); - }); - - it('clears description when set to null', async () => { - const updatedResourceFixture = { - ...authorizationResourceFixture, - description: null, - }; - fetchOnce(updatedResourceFixture); - - const resource = await workos.authorization.updateResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - description: null, - }); - - expect(fetchBody()).toEqual({ description: null }); - expect(resource.description).toBeNull(); - }); - }); - - describe('deleteResourceByExternalId', () => { - it('deletes a resource by external ID', async () => { - fetchOnce({}, { status: 204 }); - const resourceTypeSlug = 'document'; - const externalId = 'externalId'; - - await workos.authorization.deleteResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: resourceTypeSlug, - externalId: externalId, - }); - - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/resources/${resourceTypeSlug}/${externalId}`, - ); - expect(fetchSearchParams()).toEqual({}); - }); - - it('deletes a resource with cascadeDelete=true', async () => { - fetchOnce({}, { status: 204 }); - const resourceTypeSlug = 'document'; - const externalId = 'externalId'; - - await workos.authorization.deleteResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: resourceTypeSlug, - externalId: externalId, - cascadeDelete: true, - }); - - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/resources/${resourceTypeSlug}/${externalId}`, - ); - expect(fetchSearchParams()).toEqual({ cascade_delete: 'true' }); - }); - - it('deletes a resource with cascadeDelete=false', async () => { - fetchOnce({}, { status: 204 }); - const resourceTypeSlug = 'document'; - const externalId = 'externalId'; - - await workos.authorization.deleteResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: resourceTypeSlug, - externalId: externalId, - cascadeDelete: false, - }); - - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/resources/${resourceTypeSlug}/${externalId}`, - ); - expect(fetchSearchParams()).toEqual({ cascade_delete: 'false' }); - }); - }); - - describe('check', () => { - it('returns authorized when permission is granted by resource ID', async () => { - fetchOnce({ authorized: true }, { status: 200 }); - - const result = await workos.authorization.check({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'documents:edit', - resourceId: testResourceId, - }); - - expect(fetchURL()).toContain( - `/authorization/organization_memberships/${testOrgMembershipId}/check`, - ); - expect(fetchBody()).toEqual({ - permission_slug: 'documents:edit', - resource_id: testResourceId, - }); - expect(result).toEqual({ authorized: true }); - }); - - it('returns authorized when permission is granted by resource external ID and type slug', async () => { - fetchOnce({ authorized: true }, { status: 200 }); - - const result = await workos.authorization.check({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'documents:edit', - resourceExternalId: 'doc-456', - resourceTypeSlug: 'document', - }); - - expect(fetchURL()).toContain( - `/authorization/organization_memberships/${testOrgMembershipId}/check`, - ); - expect(fetchBody()).toEqual({ - permission_slug: 'documents:edit', - resource_external_id: 'doc-456', - resource_type_slug: 'document', - }); - expect(result).toEqual({ authorized: true }); - }); - - it('returns unauthorized when permission is not granted by resource ID', async () => { - fetchOnce({ authorized: false }, { status: 200 }); - - const result = await workos.authorization.check({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'documents:delete', - resourceId: testResourceId, - }); - - expect(result).toEqual({ authorized: false }); - }); - - it('returns unauthorized when permission is not granted by resource external ID and type slug', async () => { - fetchOnce({ authorized: false }, { status: 200 }); - - const result = await workos.authorization.check({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'documents:delete', - resourceExternalId: 'doc-456', - resourceTypeSlug: 'document', - }); - - expect(result).toEqual({ authorized: false }); - }); - - it('only includes provided resource identification fields when permission is granted by resource ID', async () => { - fetchOnce({ authorized: true }, { status: 200 }); - - await workos.authorization.check({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'documents:read', - resourceId: testResourceId, - }); - - const body = fetchBody(); - expect(body).toEqual({ - permission_slug: 'documents:read', - resource_id: testResourceId, - }); - expect(body).toHaveProperty('resource_id', testResourceId); - expect(body).not.toHaveProperty('resource_external_id'); - expect(body).not.toHaveProperty('resource_type_slug'); - }); - - it('only includes provided resource identification fields when permission is granted by resource external ID and type slug', async () => { - fetchOnce({ authorized: true }, { status: 200 }); - - await workos.authorization.check({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'documents:read', - resourceExternalId: 'doc-456', - resourceTypeSlug: 'document', - }); - - const body = fetchBody(); - expect(body).toEqual({ - permission_slug: 'documents:read', - resource_external_id: 'doc-456', - resource_type_slug: 'document', - }); - expect(body).not.toHaveProperty('resource_id'); - expect(body).toHaveProperty('resource_external_id', 'doc-456'); - expect(body).toHaveProperty('resource_type_slug', 'document'); - }); - }); - - describe('listRoleAssignments', () => { - it('lists role assignments for an organization membership', async () => { - fetchOnce(listRoleAssignmentsFixture); - - const result = await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - }); - - expect(fetchURL()).toContain( - `/authorization/organization_memberships/${testOrgMembershipId}/role_assignments`, - ); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(1); - expect(result.data[0]).toMatchObject({ - object: 'role_assignment', - id: 'role_assignment_01HXYZ123ABC456DEF789ABC', - organizationMembershipId: testOrgMembershipId, - role: { slug: 'editor' }, - resource: { - id: 'resource_01HXYZ123ABC456DEF789XYZ', - externalId: 'doc-123', - resourceTypeSlug: 'document', - }, - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); - expect(result.listMetadata).toEqual({ - before: null, - after: 'role_assignment_01HXYZ123ABC456DEF789ABC', - }); - }); - - it('passes pagination parameters', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - limit: 10, - after: 'ra_cursor123', - order: 'desc', - }); - - expect(fetchSearchParams()).toEqual({ - limit: '10', - after: 'ra_cursor123', - order: 'desc', - }); - }); - - it('passes before pagination parameter', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - limit: 10, - before: 'ra_cursor456', - order: 'asc', - }); - - expect(fetchSearchParams()).toEqual({ - limit: '10', - before: 'ra_cursor456', - order: 'asc', - }); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - - it('passes order asc when explicitly set', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'asc', - }); - }); - - it('passes order desc when explicitly set', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - - it('filters by resource id', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - resourceId: testResourceId, - }); - - expect(fetchSearchParams()).toMatchObject({ - resource_id: testResourceId, - }); - }); - - it('filters by resource external id and resource type slug', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - resourceExternalId: 'doc-456', - resourceTypeSlug: 'document', - }); - - expect(fetchSearchParams()).toMatchObject({ - resource_external_id: 'doc-456', - resource_type_slug: 'document', - }); - }); - - it('filters by resource type slug only', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignments({ - organizationMembershipId: testOrgMembershipId, - resourceTypeSlug: 'document', - }); - - expect(fetchSearchParams()).toMatchObject({ - resource_type_slug: 'document', - }); - }); - }); - - describe('listRoleAssignmentsForResource', () => { - it('lists role assignments for a resource by internal ID', async () => { - fetchOnce(listRoleAssignmentsFixture); - - const result = await workos.authorization.listRoleAssignmentsForResource({ - resourceId: testResourceId, - }); - - expect(fetchURL()).toContain( - `/authorization/resources/${testResourceId}/role_assignments`, - ); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(1); - expect(result.data[0]).toMatchObject({ - object: 'role_assignment', - id: 'role_assignment_01HXYZ123ABC456DEF789ABC', - organizationMembershipId: testOrgMembershipId, - role: { slug: 'editor' }, - resource: { - id: 'resource_01HXYZ123ABC456DEF789XYZ', - externalId: 'doc-123', - resourceTypeSlug: 'document', - }, - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); - expect(result.listMetadata).toEqual({ - before: null, - after: 'role_assignment_01HXYZ123ABC456DEF789ABC', - }); - }); - - it('passes pagination parameters', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignmentsForResource({ - resourceId: testResourceId, - limit: 10, - after: 'ra_cursor123', - order: 'desc', - }); - - expect(fetchSearchParams()).toEqual({ - limit: '10', - after: 'ra_cursor123', - order: 'desc', - }); - }); - - it('passes before pagination parameter', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignmentsForResource({ - resourceId: testResourceId, - limit: 10, - before: 'ra_cursor456', - order: 'asc', - }); - - expect(fetchSearchParams()).toEqual({ - limit: '10', - before: 'ra_cursor456', - order: 'asc', - }); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignmentsForResource({ - resourceId: testResourceId, - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - - it('filters by role slug', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listRoleAssignmentsForResource({ - resourceId: testResourceId, - roleSlug: 'editor', - }); - - expect(fetchSearchParams()).toMatchObject({ - role_slug: 'editor', - }); - }); - }); - - describe('listResourceRoleAssignments', () => { - it('lists role assignments for a resource by external ID', async () => { - fetchOnce(listRoleAssignmentsFixture); - - const result = await workos.authorization.listResourceRoleAssignments({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - }); - - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/resources/document/doc-456/role_assignments`, - ); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(1); - expect(result.data[0]).toMatchObject({ - object: 'role_assignment', - id: 'role_assignment_01HXYZ123ABC456DEF789ABC', - organizationMembershipId: testOrgMembershipId, - role: { slug: 'editor' }, - resource: { - id: 'resource_01HXYZ123ABC456DEF789XYZ', - externalId: 'doc-123', - resourceTypeSlug: 'document', - }, - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); - expect(result.listMetadata).toEqual({ - before: null, - after: 'role_assignment_01HXYZ123ABC456DEF789ABC', - }); - }); - - it('passes pagination parameters', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listResourceRoleAssignments({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - limit: 10, - after: 'ra_cursor123', - order: 'desc', - }); - - expect(fetchSearchParams()).toEqual({ - limit: '10', - after: 'ra_cursor123', - order: 'desc', - }); - }); - - it('passes before cursor for backward pagination', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listResourceRoleAssignments({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - before: 'ra_cursor789', - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - before: 'ra_cursor789', - order: 'asc', - }); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listResourceRoleAssignments({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - - it('filters by role slug', async () => { - fetchOnce(listRoleAssignmentsFixture); - - await workos.authorization.listResourceRoleAssignments({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - roleSlug: 'editor', - }); - - expect(fetchSearchParams()).toMatchObject({ - role_slug: 'editor', - }); - }); - }); - - describe('assignRole', () => { - it('assigns a role by resource ID', async () => { - fetchOnce(roleAssignmentFixture, { status: 201 }); - - const assignment = await workos.authorization.assignRole({ - organizationMembershipId: testOrgMembershipId, - roleSlug: 'editor', - resourceId: testResourceId, - }); - - expect(fetchURL()).toContain( - `/authorization/organization_memberships/${testOrgMembershipId}/role_assignments`, - ); - expect(fetchBody()).toEqual({ - role_slug: 'editor', - resource_id: testResourceId, - }); - expect(assignment).toMatchObject({ - object: 'role_assignment', - id: 'role_assignment_01HXYZ123ABC456DEF789ABC', - organizationMembershipId: testOrgMembershipId, - role: { slug: 'editor' }, - resource: { - id: 'resource_01HXYZ123ABC456DEF789XYZ', - externalId: 'doc-123', - resourceTypeSlug: 'document', - }, - createdAt: '2024-01-15T09:30:00.000Z', - updatedAt: '2024-01-15T09:30:00.000Z', - }); - }); - - it('assigns a role by external ID & resourceTypeSlug', async () => { - fetchOnce(roleAssignmentFixture, { status: 201 }); - - const assignment = await workos.authorization.assignRole({ - organizationMembershipId: testOrgMembershipId, - roleSlug: 'editor', - resourceExternalId: 'doc-123', - resourceTypeSlug: 'document', - }); - - expect(fetchBody()).toEqual({ - role_slug: 'editor', - resource_external_id: 'doc-123', - resource_type_slug: 'document', - }); - expect(assignment.resource.externalId).toBe('doc-123'); - expect(assignment.createdAt).toBe('2024-01-15T09:30:00.000Z'); - expect(assignment.updatedAt).toBe('2024-01-15T09:30:00.000Z'); - }); - - it('body only includes resource_id when resourceId is provided', async () => { - fetchOnce(roleAssignmentFixture, { status: 201 }); - - await workos.authorization.assignRole({ - organizationMembershipId: testOrgMembershipId, - roleSlug: 'editor', - resourceId: testResourceId, - }); - - const body = fetchBody(); - expect(body).toHaveProperty('resource_id'); - expect(body).not.toHaveProperty('resource_external_id'); - expect(body).not.toHaveProperty('resource_type_slug'); - }); - - it('body only includes externalId and typeSlug when provided', async () => { - fetchOnce(roleAssignmentFixture, { status: 201 }); - - await workos.authorization.assignRole({ - organizationMembershipId: testOrgMembershipId, - roleSlug: 'editor', - resourceExternalId: 'doc-123', - resourceTypeSlug: 'document', - }); - - const body = fetchBody(); - expect(body).not.toHaveProperty('resource_id'); - expect(body).toHaveProperty('resource_external_id'); - expect(body).toHaveProperty('resource_type_slug'); - }); - }); - - describe('removeRole', () => { - it('removes a role by resource ID', async () => { - fetchOnce({}, { status: 204 }); - - await workos.authorization.removeRole({ - organizationMembershipId: testOrgMembershipId, - roleSlug: 'editor', - resourceId: testResourceId, - }); - - expect(fetchURL()).toContain( - `/authorization/organization_memberships/${testOrgMembershipId}/role_assignments`, - ); - expect(fetchBody()).toEqual({ - role_slug: 'editor', - resource_id: testResourceId, - }); - }); - - it('removes a role by externalId and resourceTypeSlug', async () => { - fetchOnce({}, { status: 204 }); - - await workos.authorization.removeRole({ - organizationMembershipId: testOrgMembershipId, - roleSlug: 'editor', - resourceExternalId: 'doc-123', - resourceTypeSlug: 'document', - }); - - expect(fetchBody()).toEqual({ - role_slug: 'editor', - resource_external_id: 'doc-123', - resource_type_slug: 'document', - }); - }); - - it('body only includes resource_id when resourceId is provided', async () => { - fetchOnce(roleAssignmentFixture, { status: 201 }); - - await workos.authorization.removeRole({ - organizationMembershipId: testOrgMembershipId, - roleSlug: 'editor', - resourceId: testResourceId, - }); - - const body = fetchBody(); - expect(body).toHaveProperty('resource_id'); - expect(body).not.toHaveProperty('resource_external_id'); - expect(body).not.toHaveProperty('resource_type_slug'); - }); - - it('body only includes externalId and typeSlug when provided', async () => { - fetchOnce(roleAssignmentFixture, { status: 201 }); - - await workos.authorization.removeRole({ - organizationMembershipId: testOrgMembershipId, - roleSlug: 'editor', - resourceExternalId: 'doc-123', - resourceTypeSlug: 'document', - }); - - const body = fetchBody(); - expect(body).not.toHaveProperty('resource_id'); - expect(body).toHaveProperty('resource_external_id'); - expect(body).toHaveProperty('resource_type_slug'); - }); - }); - - describe('removeRoleAssignment', () => { - it('removes a role assignment by ID', async () => { + describe('deletePermission', () => { + it('sends a DELETE request', async () => { fetchOnce({}, { status: 204 }); - await workos.authorization.removeRoleAssignment({ - organizationMembershipId: testOrgMembershipId, - roleAssignmentId: testRoleAssignmentId, - }); - - expect(fetchURL()).toContain( - `/authorization/organization_memberships/${testOrgMembershipId}/role_assignments/${testRoleAssignmentId}`, - ); - }); - }); - - describe('listResourcesForMembership', () => { - it('lists resources with parentResourceId', async () => { - fetchOnce(listResourcesFixture); - - const result = await workos.authorization.listResourcesForMembership({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'document:read', - parentResourceId: testResourceId, - }); - - expect(fetchURL()).toContain( - `/authorization/organization_memberships/${testOrgMembershipId}/resources`, - ); - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'document:read', - parent_resource_id: testResourceId, - }); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(2); - expect(result.data[0]).toMatchObject({ - object: 'authorization_resource', - id: 'authz_resource_01HXYZ123ABC456DEF789ABC', - }); - expect(result.listMetadata).toEqual({ - before: null, - after: 'authz_resource_01HXYZ123ABC456DEF789DEF', - }); - }); - - it('lists resources with parentResourceTypeSlug and parentResourceExternalId', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResourcesForMembership({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'document:read', - parentResourceTypeSlug: 'document', - parentResourceExternalId: 'doc-456', - }); - - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'document:read', - parent_resource_type_slug: 'document', - parent_resource_external_id: 'doc-456', - }); - }); - - it('passes pagination parameters', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResourcesForMembership({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'document:read', - parentResourceId: testResourceId, - limit: 10, - after: 'resource_cursor123', - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'document:read', - parent_resource_id: testResourceId, - limit: '10', - after: 'resource_cursor123', - order: 'desc', - }); - }); - - it('passes before cursor for backward pagination', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResourcesForMembership({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'document:read', - parentResourceId: testResourceId, - limit: 10, - before: 'resource_cursor789', - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'document:read', - parent_resource_id: testResourceId, - limit: '10', - before: 'resource_cursor789', - order: 'asc', - }); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResourcesForMembership({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'document:read', - parentResourceId: testResourceId, - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - - it('passes order asc when explicitly set', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResourcesForMembership({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'document:read', - parentResourceId: testResourceId, - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'asc', - }); - }); - - it('passes order desc when explicitly set', async () => { - fetchOnce(listResourcesFixture); - - await workos.authorization.listResourcesForMembership({ - organizationMembershipId: testOrgMembershipId, - permissionSlug: 'document:read', - parentResourceId: testResourceId, - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - }); - - describe('listMembershipsForResource', () => { - it('lists organization memberships for a resource by internal ID', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - const result = await workos.authorization.listMembershipsForResource({ - resourceId: testResourceId, - permissionSlug: 'documents:read', - }); - - expect(fetchURL()).toContain( - `/authorization/resources/${testResourceId}/organization_memberships`, - ); - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'documents:read', - }); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(1); - expect(result.data[0]).toMatchObject({ - object: 'organization_membership', - id: 'om_01HXYZ123ABC456DEF789ABC', - userId: 'user_01HXYZ123ABC456DEF789XYZ', - organizationId: 'org_01HXYZ123ABC456DEF789ABC', - status: 'active', - customAttributes: { department: 'Engineering', level: 'senior' }, - }); - expect(result.listMetadata).toEqual({ - before: null, - after: 'om_01HXYZ123ABC456DEF789ABC', - }); - }); - - it('returns empty list when no memberships match', async () => { - const emptyFixture = { - object: 'list', - data: [], - list_metadata: { before: null, after: null }, - }; - fetchOnce(emptyFixture); - - const result = await workos.authorization.listMembershipsForResource({ - resourceId: testResourceId, - permissionSlug: 'documents:read', - }); - - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(0); - expect(result.listMetadata).toEqual({ before: null, after: null }); - }); - - it('passes pagination parameters', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResource({ - resourceId: testResourceId, - permissionSlug: 'documents:read', - limit: 10, - after: 'om_cursor123', - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'documents:read', - limit: '10', - after: 'om_cursor123', - order: 'desc', - }); - }); - - it('passes assignment filter when provided', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResource({ - resourceId: testResourceId, - permissionSlug: 'documents:read', - assignment: 'direct', - }); - - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'documents:read', - assignment: 'direct', - }); - }); - - it('handles membership without custom_attributes', async () => { - const fixtureWithoutCustomAttrs = { - object: 'list', - data: [ - { - ...listOrganizationMembershipsForResourceFixture.data[0], - custom_attributes: undefined, - }, - ], - list_metadata: - listOrganizationMembershipsForResourceFixture.list_metadata, - }; - fetchOnce(fixtureWithoutCustomAttrs); - - const result = await workos.authorization.listMembershipsForResource({ - resourceId: testResourceId, - permissionSlug: 'documents:read', - }); - - expect(result.data[0].customAttributes).toEqual({}); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResource({ - resourceId: testResourceId, - permissionSlug: 'documents:read', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - - it('passes order asc when explicitly set', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResource({ - resourceId: testResourceId, - permissionSlug: 'documents:read', - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'asc', - }); - }); - - it('passes order desc when explicitly set', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResource({ - resourceId: testResourceId, - permissionSlug: 'documents:read', - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - }); - - describe('listMembershipsForResourceByExternalId', () => { - it('lists organization memberships for a resource by external ID', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - const result = - await workos.authorization.listMembershipsForResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - permissionSlug: 'documents:read', - }); - - expect(fetchURL()).toContain( - `/authorization/organizations/${testOrgId}/resources/document/doc-456/organization_memberships`, - ); - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'documents:read', - }); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(1); - expect(result.data[0]).toMatchObject({ - object: 'organization_membership', - id: 'om_01HXYZ123ABC456DEF789ABC', - userId: 'user_01HXYZ123ABC456DEF789XYZ', - organizationId: 'org_01HXYZ123ABC456DEF789ABC', - status: 'active', - customAttributes: { department: 'Engineering', level: 'senior' }, - }); - expect(result.listMetadata).toEqual({ - before: null, - after: 'om_01HXYZ123ABC456DEF789ABC', - }); - }); - - it('passes pagination parameters', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - permissionSlug: 'documents:read', - limit: 10, - after: 'om_cursor123', - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'documents:read', - limit: '10', - after: 'om_cursor123', - order: 'desc', - }); - }); - - it('passes before cursor for backward pagination', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - permissionSlug: 'documents:read', - before: 'om_cursor789', - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'documents:read', - before: 'om_cursor789', - order: 'asc', - }); - }); - - it('passes assignment filter when provided', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - permissionSlug: 'documents:read', - assignment: 'direct', - }); - - expect(fetchSearchParams()).toMatchObject({ - permission_slug: 'documents:read', - assignment: 'direct', - }); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - permissionSlug: 'documents:read', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - - it('passes order asc when explicitly set', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - permissionSlug: 'documents:read', - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'asc', - }); - }); - - it('passes order desc when explicitly set', async () => { - fetchOnce(listOrganizationMembershipsForResourceFixture); - - await workos.authorization.listMembershipsForResourceByExternalId({ - organizationId: testOrgId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - permissionSlug: 'documents:read', - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - }); - - describe('listEffectivePermissions', () => { - it('lists effective permissions for a membership on a resource', async () => { - fetchOnce(listEffectivePermissionsFixture); - - const result = await workos.authorization.listEffectivePermissions({ - organizationMembershipId: testOrgMembershipId, - resourceId: testResourceId, - }); - - expect(fetchURL()).toContain( - `/authorization/resources/${testResourceId}/organization_memberships/${testOrgMembershipId}/permissions`, - ); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(2); - expect(result.data).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - object: 'permission', - id: 'perm_01HXYZ123ABC456DEF789GHI', - slug: 'documents:read', - name: 'Read Documents', - resourceTypeSlug: 'document', - }), - expect.objectContaining({ - object: 'permission', - id: 'perm_01HXYZ123ABC456DEF789GHJ', - slug: 'documents:edit', - name: 'Edit Documents', - resourceTypeSlug: 'document', - }), - ]), - ); - expect(result.listMetadata).toEqual({ - before: null, - after: 'perm_01HXYZ123ABC456DEF789GHJ', - }); - }); - - it('passes pagination parameters', async () => { - fetchOnce(listEffectivePermissionsFixture); - - await workos.authorization.listEffectivePermissions({ - organizationMembershipId: testOrgMembershipId, - resourceId: testResourceId, - limit: 10, - after: 'perm_cursor123', - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - limit: '10', - after: 'perm_cursor123', - order: 'desc', - }); - }); - - it('passes before cursor for backward pagination', async () => { - fetchOnce(listEffectivePermissionsFixture); - - await workos.authorization.listEffectivePermissions({ - organizationMembershipId: testOrgMembershipId, - resourceId: testResourceId, - before: 'perm_cursor789', - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - before: 'perm_cursor789', - order: 'asc', - }); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listEffectivePermissionsFixture); - - await workos.authorization.listEffectivePermissions({ - organizationMembershipId: testOrgMembershipId, - resourceId: testResourceId, - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); - }); - }); - - describe('listEffectivePermissionsByExternalId', () => { - it('lists effective permissions for a membership on a resource by external ID', async () => { - fetchOnce(listEffectivePermissionsFixture); - - const result = - await workos.authorization.listEffectivePermissionsByExternalId({ - organizationMembershipId: testOrgMembershipId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - }); + await workos.authorization.deletePermission({ slug: 'test_slug' }); - expect(fetchURL()).toContain( - `/authorization/organization_memberships/${testOrgMembershipId}/resources/document/doc-456/permissions`, - ); - expect(result.object).toEqual('list'); - expect(result.data).toHaveLength(2); - expect(result.data).toEqual( - expect.arrayContaining([ - expect.objectContaining({ - object: 'permission', - slug: 'documents:read', - resourceTypeSlug: 'document', - }), - expect.objectContaining({ - object: 'permission', - slug: 'documents:edit', - resourceTypeSlug: 'document', - }), - ]), + expect(fetchMethod()).toBe('DELETE'); + expect(new URL(String(fetchURL())).pathname).toBe( + '/authorization/permissions/test_slug', ); - expect(result.listMetadata).toEqual({ - before: null, - after: 'perm_01HXYZ123ABC456DEF789GHJ', - }); - }); - - it('passes pagination parameters', async () => { - fetchOnce(listEffectivePermissionsFixture); - - await workos.authorization.listEffectivePermissionsByExternalId({ - organizationMembershipId: testOrgMembershipId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - limit: 10, - after: 'perm_cursor123', - order: 'desc', - }); - - expect(fetchSearchParams()).toMatchObject({ - limit: '10', - after: 'perm_cursor123', - order: 'desc', - }); - }); - - it('passes before cursor for backward pagination', async () => { - fetchOnce(listEffectivePermissionsFixture); - - await workos.authorization.listEffectivePermissionsByExternalId({ - organizationMembershipId: testOrgMembershipId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - before: 'perm_cursor789', - order: 'asc', - }); - - expect(fetchSearchParams()).toMatchObject({ - before: 'perm_cursor789', - order: 'asc', - }); - }); - - it('defaults to desc order when order is not specified', async () => { - fetchOnce(listEffectivePermissionsFixture); - - await workos.authorization.listEffectivePermissionsByExternalId({ - organizationMembershipId: testOrgMembershipId, - resourceTypeSlug: 'document', - externalId: 'doc-456', - }); - - expect(fetchSearchParams()).toMatchObject({ - order: 'desc', - }); }); }); }); diff --git a/src/authorization/authorization.ts b/src/authorization/authorization.ts index 545ae217f..bde9ff7a9 100644 --- a/src/authorization/authorization.ts +++ b/src/authorization/authorization.ts @@ -1,340 +1,617 @@ -import { WorkOS } from '../workos'; +// This file is auto-generated by oagen. Do not edit. + +import type { WorkOS } from '../workos'; +import type { PaginationOptions } from '../common/interfaces/pagination-options.interface'; import { AutoPaginatable } from '../common/utils/pagination'; import { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize'; -import { - Role, +import type { CheckOptions } from './interfaces/check-options.interface'; +import type { ListResourcesForMembershipOptions } from './interfaces/list-resources-for-membership-options.interface'; +import type { ListEffectivePermissionsOptions } from './interfaces/list-effective-permissions-options.interface'; +import type { ListEffectivePermissionsByExternalIdOptions } from './interfaces/list-effective-permissions-by-external-id-options.interface'; +import type { ListRoleAssignmentsOptions } from './interfaces/list-role-assignments-options.interface'; +import type { AssignRoleOptions } from './interfaces/assign-role-options.interface'; +import type { RemoveRoleOptions } from './interfaces/remove-role-options.interface'; +import type { RemoveRoleAssignmentOptions } from './interfaces/remove-role-assignment-options.interface'; +import type { ListOrganizationRolesOptions } from './interfaces/list-organization-roles-options.interface'; +import type { CreateOrganizationRoleOptions } from './interfaces/create-organization-role-options.interface'; +import type { GetOrganizationRoleOptions } from './interfaces/get-organization-role-options.interface'; +import type { UpdateOrganizationRoleOptions } from './interfaces/update-organization-role-options.interface'; +import type { DeleteOrganizationRoleOptions } from './interfaces/delete-organization-role-options.interface'; +import type { AddOrganizationRolePermissionOptions } from './interfaces/add-organization-role-permission-options.interface'; +import type { SetOrganizationRolePermissionsOptions } from './interfaces/set-organization-role-permissions-options.interface'; +import type { RemoveOrganizationRolePermissionOptions } from './interfaces/remove-organization-role-permission-options.interface'; +import type { GetAuthorizationResourceByExternalIdOptions } from './interfaces/get-authorization-resource-by-external-id-options.interface'; +import type { UpdateAuthorizationResourceByExternalIdOptions } from './interfaces/update-authorization-resource-by-external-id-options.interface'; +import type { DeleteAuthorizationResourceByExternalIdOptions } from './interfaces/delete-authorization-resource-by-external-id-options.interface'; +import type { ListMembershipsForResourceByExternalIdOptions } from './interfaces/list-memberships-for-resource-by-external-id-options.interface'; +import type { ListRoleAssignmentsForResourceByExternalIdOptions } from './interfaces/list-role-assignments-for-resource-by-external-id-options.interface'; +import type { ListAuthorizationResourcesOptions } from './interfaces/list-authorization-resources-options.interface'; +import type { CreateResourceOptions } from './interfaces/create-resource-options.interface'; +import type { GetResourceOptions } from './interfaces/get-resource-options.interface'; +import type { UpdateAuthorizationResourceOptions } from './interfaces/update-authorization-resource-options.interface'; +import type { DeleteAuthorizationResourceOptions } from './interfaces/delete-authorization-resource-options.interface'; +import type { ListMembershipsForResourceOptions } from './interfaces/list-memberships-for-resource-options.interface'; +import type { ListRoleAssignmentsForResourceOptions } from './interfaces/list-role-assignments-for-resource-options.interface'; +import type { CreateEnvironmentRoleOptions } from './interfaces/create-environment-role-options.interface'; +import type { GetEnvironmentRoleOptions } from './interfaces/get-environment-role-options.interface'; +import type { UpdateEnvironmentRoleOptions } from './interfaces/update-environment-role-options.interface'; +import type { AddEnvironmentRolePermissionOptions } from './interfaces/add-environment-role-permission-options.interface'; +import type { SetEnvironmentRolePermissionsOptions } from './interfaces/set-environment-role-permissions-options.interface'; +import type { CreatePermissionOptions } from './interfaces/create-permission-options.interface'; +import type { GetPermissionOptions } from './interfaces/get-permission-options.interface'; +import type { UpdatePermissionOptions } from './interfaces/update-permission-options.interface'; +import type { DeletePermissionOptions } from './interfaces/delete-permission-options.interface'; +import type { + AuthorizationCheck, + AuthorizationCheckResponse, +} from './interfaces/authorization-check.interface'; +import type { + RoleAssignment, + RoleAssignmentResponse, +} from './interfaces/role-assignment.interface'; +import type { RoleList, - OrganizationRoleResponse, - ListOrganizationRolesResponse, -} from '../roles/interfaces'; -import { + RoleListResponse, +} from '../roles/interfaces/role-list.interface'; +import type { OrganizationRole } from './interfaces/organization-role.interface'; +import type { OrganizationRoleResponse } from '../roles/interfaces/role.interface'; +import type { + AuthorizationResource, + AuthorizationResourceResponse, +} from './interfaces/authorization-resource.interface'; +import type { EnvironmentRole, EnvironmentRoleResponse, - EnvironmentRoleList, - EnvironmentRoleListResponse, - CreateEnvironmentRoleOptions, - UpdateEnvironmentRoleOptions, - SetEnvironmentRolePermissionsOptions, - AddEnvironmentRolePermissionOptions, - OrganizationRole, - CreateOrganizationRoleOptions, - UpdateOrganizationRoleOptions, - SetOrganizationRolePermissionsOptions, - AddOrganizationRolePermissionOptions, - RemoveOrganizationRolePermissionOptions, +} from './interfaces/environment-role.interface'; +import type { Permission, PermissionResponse, - CreatePermissionOptions, - UpdatePermissionOptions, - ListPermissionsOptions, - AuthorizationResource, - AuthorizationResourceResponse, - ListAuthorizationResourcesOptions, - GetAuthorizationResourceByExternalIdOptions, - UpdateAuthorizationResourceByExternalIdOptions, - DeleteAuthorizationResourceByExternalIdOptions, - DeleteAuthorizationResourceOptions, - CreateAuthorizationResourceOptions, - UpdateAuthorizationResourceOptions, - AuthorizationCheckOptions, - AuthorizationCheckResult, - AssignRoleOptions, - ListRoleAssignmentsOptions, - RemoveRoleAssignmentOptions, - RemoveRoleOptions, - RoleAssignment, - RoleAssignmentResponse, - ListMembershipsForResourceByExternalIdOptions, - ListMembershipsForResourceOptions, - ListResourcesForMembershipOptions, - ListRoleAssignmentsForResourceOptions, - ListRoleAssignmentsForResourceByExternalIdOptions, - ListEffectivePermissionsOptions, - ListEffectivePermissionsByExternalIdOptions, -} from './interfaces'; -import { - deserializeEnvironmentRole, - serializeCreateEnvironmentRoleOptions, - serializeUpdateEnvironmentRoleOptions, - deserializeRole, - deserializeOrganizationRole, - serializeCreateOrganizationRoleOptions, - serializeUpdateOrganizationRoleOptions, - deserializePermission, - serializeCreatePermissionOptions, - serializeUpdatePermissionOptions, - deserializeAuthorizationResource, - serializeCreateResourceOptions, - serializeUpdateResourceOptions, - serializeUpdateResourceByExternalIdOptions, - serializeListAuthorizationResourcesOptions, - serializeAuthorizationCheckOptions, - deserializeRoleAssignment, - serializeAssignRoleOptions, - serializeRemoveRoleOptions, - serializeListMembershipsForResourceOptions, - serializeListResourcesForMembershipOptions, - serializeListEffectivePermissionsOptions, - serializeListRoleAssignmentsOptions, - serializeListRoleAssignmentsForResourceOptions, -} from './serializers'; -import { +} from './interfaces/permission.interface'; +import type { + AuthorizationPermission, + AuthorizationPermissionResponse, +} from './interfaces/authorization-permission.interface'; +import type { CheckAuthorizationResponse } from './interfaces/check-authorization.interface'; +import type { AssignRoleResponse } from './interfaces/assign-role.interface'; +import type { RemoveRoleResponse } from './interfaces/remove-role.interface'; +import type { CreateOrganizationRoleResponse } from './interfaces/create-organization-role.interface'; +import type { UpdateOrganizationRoleResponse } from './interfaces/update-organization-role.interface'; +import type { AddRolePermissionResponse } from './interfaces/add-role-permission.interface'; +import type { SetRolePermissionsResponse } from './interfaces/set-role-permissions.interface'; +import type { UpdateAuthorizationResourceResponse } from './interfaces/update-authorization-resource.interface'; +import type { CreateAuthorizationResourceResponse } from './interfaces/create-authorization-resource.interface'; +import type { CreateRoleResponse } from './interfaces/create-role.interface'; +import type { UpdateRoleResponse } from './interfaces/update-role.interface'; +import type { CreateAuthorizationPermissionResponse } from './interfaces/create-authorization-permission.interface'; +import type { UpdateAuthorizationPermissionResponse } from './interfaces/update-authorization-permission.interface'; +import type { AuthorizationOrganizationMembership, AuthorizationOrganizationMembershipResponse, } from '../user-management/interfaces/organization-membership.interface'; +import { deserializeAuthorizationCheck } from './serializers/authorization-check.serializer'; +import { deserializeRoleAssignment } from './serializers/role-assignment.serializer'; +import { deserializeRoleList } from '../roles/serializers/role-list.serializer'; +import { deserializeOrganizationRole } from './serializers/organization-role.serializer'; +import { deserializeAuthorizationResource } from './serializers/authorization-resource.serializer'; +import { deserializeEnvironmentRole } from './serializers/environment-role.serializer'; +import { deserializePermission } from './serializers/permission.serializer'; +import { deserializeAuthorizationPermission } from './serializers/authorization-permission.serializer'; import { deserializeAuthorizationOrganizationMembership } from '../user-management/serializers/organization-membership.serializer'; +import { serializeCheckAuthorization } from './serializers/check-authorization.serializer'; +import { serializeAssignRole } from './serializers/assign-role.serializer'; +import { serializeRemoveRole } from './serializers/remove-role.serializer'; +import { serializeCreateOrganizationRole } from './serializers/create-organization-role.serializer'; +import { serializeUpdateOrganizationRole } from './serializers/update-organization-role.serializer'; +import { serializeAddRolePermission } from './serializers/add-role-permission.serializer'; +import { serializeSetRolePermissions } from './serializers/set-role-permissions.serializer'; +import { serializeUpdateAuthorizationResource } from './serializers/update-authorization-resource.serializer'; +import { serializeCreateAuthorizationResource } from './serializers/create-authorization-resource.serializer'; +import { serializeCreateRole } from './serializers/create-role.serializer'; +import { serializeUpdateRole } from './serializers/update-role.serializer'; +import { serializeCreateAuthorizationPermission } from './serializers/create-authorization-permission.serializer'; +import { serializeUpdateAuthorizationPermission } from './serializers/update-authorization-permission.serializer'; + +const serializeListResourcesForMembershipOptions = ( + options: ListResourcesForMembershipOptions, +): PaginationOptions => { + const wire: Record = { + limit: options.limit, + before: options.before, + after: options.after, + order: options.order, + }; + if (options.permissionSlug !== undefined) + wire.permission_slug = options.permissionSlug; + if (options.parentResourceId !== undefined) + wire.parent_resource_id = options.parentResourceId; + if (options.parentResourceTypeSlug !== undefined) + wire.parent_resource_type_slug = options.parentResourceTypeSlug; + if (options.parentResourceExternalId !== undefined) + wire.parent_resource_external_id = options.parentResourceExternalId; + return wire as PaginationOptions; +}; + +const serializeListRoleAssignmentsOptions = ( + options: ListRoleAssignmentsOptions, +): PaginationOptions => { + const wire: Record = { + limit: options.limit, + before: options.before, + after: options.after, + order: options.order, + }; + if (options.resourceId !== undefined) wire.resource_id = options.resourceId; + if (options.resourceExternalId !== undefined) + wire.resource_external_id = options.resourceExternalId; + if (options.resourceTypeSlug !== undefined) + wire.resource_type_slug = options.resourceTypeSlug; + return wire as PaginationOptions; +}; + +const serializeListMembershipsForResourceByExternalIdOptions = ( + options: ListMembershipsForResourceByExternalIdOptions, +): PaginationOptions => { + const wire: Record = { + limit: options.limit, + before: options.before, + after: options.after, + order: options.order, + }; + if (options.permissionSlug !== undefined) + wire.permission_slug = options.permissionSlug; + if (options.assignment !== undefined) wire.assignment = options.assignment; + return wire as PaginationOptions; +}; + +const serializeListRoleAssignmentsForResourceByExternalIdOptions = ( + options: ListRoleAssignmentsForResourceByExternalIdOptions, +): PaginationOptions => { + const wire: Record = { + limit: options.limit, + before: options.before, + after: options.after, + order: options.order, + }; + if (options.roleSlug !== undefined) wire.role_slug = options.roleSlug; + return wire as PaginationOptions; +}; + +const serializeListAuthorizationResourcesOptions = ( + options: ListAuthorizationResourcesOptions, +): PaginationOptions => { + const wire: Record = { + limit: options.limit, + before: options.before, + after: options.after, + order: options.order, + }; + if (options.organizationId !== undefined) + wire.organization_id = options.organizationId; + if (options.resourceTypeSlug !== undefined) + wire.resource_type_slug = options.resourceTypeSlug; + if (options.resourceExternalId !== undefined) + wire.resource_external_id = options.resourceExternalId; + if (options.parentResourceId !== undefined) + wire.parent_resource_id = options.parentResourceId; + if (options.parentResourceTypeSlug !== undefined) + wire.parent_resource_type_slug = options.parentResourceTypeSlug; + if (options.parentExternalId !== undefined) + wire.parent_external_id = options.parentExternalId; + return wire as PaginationOptions; +}; + +const serializeListMembershipsForResourceOptions = ( + options: ListMembershipsForResourceOptions, +): PaginationOptions => { + const wire: Record = { + limit: options.limit, + before: options.before, + after: options.after, + order: options.order, + }; + if (options.permissionSlug !== undefined) + wire.permission_slug = options.permissionSlug; + if (options.assignment !== undefined) wire.assignment = options.assignment; + return wire as PaginationOptions; +}; + +const serializeListRoleAssignmentsForResourceOptions = ( + options: ListRoleAssignmentsForResourceOptions, +): PaginationOptions => { + const wire: Record = { + limit: options.limit, + before: options.before, + after: options.after, + order: options.order, + }; + if (options.roleSlug !== undefined) wire.role_slug = options.roleSlug; + return wire as PaginationOptions; +}; export class Authorization { constructor(private readonly workos: WorkOS) {} /** - * Create an environment role + * Check authorization * - * Create a new environment role. - * @param options - Object containing slug, name. - * @returns {Promise} - * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug. + * @param options - Object containing permissionSlug. + * @param options.organizationMembershipId - The ID of the organization membership to check. + * @example "om_01HXYZ123456789ABCDEFGHIJ" + * @param options.permissionSlug - The slug of the permission to check. + * @example "posts:create" + * @param options.resourceId - The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. + * @example "resource_01HXYZ123456789ABCDEFGHIJ" + * @param options.resourceExternalId - The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. + * @example "my-custom-id" + * @param options.resourceTypeSlug - The slug of the resource type. Required with `resource_external_id`. Mutually exclusive with `resource_id`. + * @example "document" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 - * @throws {ConflictException} 409 * @throws {UnprocessableEntityException} 422 */ - async createEnvironmentRole( - options: CreateEnvironmentRoleOptions, - ): Promise { - const { data } = await this.workos.post( - '/authorization/roles', - serializeCreateEnvironmentRoleOptions(options), + async check(options: CheckOptions): Promise { + const { organizationMembershipId, ...payload } = options; + const { data } = await this.workos.post< + AuthorizationCheckResponse, + CheckAuthorizationResponse + >( + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/check`, + serializeCheckAuthorization(payload), ); - return deserializeEnvironmentRole(data); + return deserializeAuthorizationCheck(data); } /** - * List environment roles + * List resources for organization membership * - * List all environment roles in priority order. - * @returns {Promise} - * @throws 403 response from the API. + * Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?" + * + * You must provide either `parent_resource_id` or both `parent_resource_external_id` and `parent_resource_type_slug` to identify the parent resource. + * @param options - Pagination and filter options. + * @param options.organizationMembershipId - The ID of the organization membership. + * @example "om_01HXYZ123456789ABCDEFGHIJ" + * @returns {Promise>} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 + * @throws {NotFoundException} 404 + * @throws {UnprocessableEntityException} 422 */ - async listEnvironmentRoles(): Promise { - const { data } = await this.workos.get( - '/authorization/roles', + async listResourcesForMembership( + options: ListResourcesForMembershipOptions, + ): Promise> { + const { organizationMembershipId } = options; + return new AutoPaginatable( + await fetchAndDeserialize< + AuthorizationResourceResponse, + AuthorizationResource + >( + this.workos, + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/resources`, + deserializeAuthorizationResource, + options + ? serializeListResourcesForMembershipOptions(options) + : undefined, + ), + (params) => + fetchAndDeserialize< + AuthorizationResourceResponse, + AuthorizationResource + >( + this.workos, + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/resources`, + deserializeAuthorizationResource, + params, + ), + options ? serializeListResourcesForMembershipOptions(options) : undefined, ); - return { - object: 'list', - data: data.data.map(deserializeEnvironmentRole), - }; } /** - * Get an environment role - * - * Get an environment role by its slug. - * @param slug - The slug of the environment role. - * - * @example - * "admin" + * List effective permissions for an organization membership on a resource * - * @returns {Promise} - * @throws 403 response from the API. + * Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources. + * @param options - Pagination and filter options. + * @param options.organizationMembershipId - The ID of the organization membership. + * @example "om_01HXYZ123456789ABCDEFGHIJ" + * @param options.resourceId - The ID of the authorization resource. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * @returns {Promise>} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 + * @throws {UnprocessableEntityException} 422 */ - async getEnvironmentRole(slug: string): Promise { - const { data } = await this.workos.get( - `/authorization/roles/${slug}`, + async listEffectivePermissions( + options: ListEffectivePermissionsOptions, + ): Promise> { + const { organizationMembershipId, resourceId, ...paginationOptions } = + options; + return new AutoPaginatable( + await fetchAndDeserialize( + this.workos, + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/resources/${encodeURIComponent(resourceId)}/permissions`, + deserializePermission, + paginationOptions, + ), + (params) => + fetchAndDeserialize( + this.workos, + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/resources/${encodeURIComponent(resourceId)}/permissions`, + deserializePermission, + params, + ), + paginationOptions, ); - return deserializeEnvironmentRole(data); } /** - * Update an environment role - * - * Update an existing environment role. - * @param slug - The slug of the environment role. - * - * @example - * "admin" + * List effective permissions for an organization membership on a resource by external ID * - * @param options - The request body. - * @returns {Promise} - * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources. + * @param options - Pagination and filter options. + * @param options.organizationMembershipId - The ID of the organization membership. + * @example "om_01HXYZ123456789ABCDEFGHIJ" + * @param options.resourceTypeSlug - The slug of the resource type. + * @example "document" + * @param options.externalId - An identifier you provide to reference the resource in your system. + * @example "doc-456" + * @returns {Promise>} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ - async updateEnvironmentRole( - slug: string, - options: UpdateEnvironmentRoleOptions, - ): Promise { - const { data } = await this.workos.patch( - `/authorization/roles/${slug}`, - serializeUpdateEnvironmentRoleOptions(options), + async listEffectivePermissionsByExternalId( + options: ListEffectivePermissionsByExternalIdOptions, + ): Promise> { + const { + organizationMembershipId, + resourceTypeSlug, + externalId, + ...paginationOptions + } = options; + return new AutoPaginatable( + await fetchAndDeserialize( + this.workos, + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}/permissions`, + deserializePermission, + paginationOptions, + ), + (params) => + fetchAndDeserialize( + this.workos, + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}/permissions`, + deserializePermission, + params, + ), + paginationOptions, ); - return deserializeEnvironmentRole(data); } /** - * Set permissions for an environment role - * - * Replace all permissions on an environment role with the provided list. - * @param slug - The slug of the environment role. + * List role assignments * - * @example - * "admin" + * List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles. + * @param options - Pagination and filter options. + * @param options.organizationMembershipId - The ID of the organization membership. + * @example "om_01HXYZ123456789ABCDEFGHIJ" + * @returns {Promise>} + * @throws {AuthorizationException} 403 + * @throws {NotFoundException} 404 + */ + async listRoleAssignments( + options: ListRoleAssignmentsOptions, + ): Promise> { + const { organizationMembershipId } = options; + return new AutoPaginatable( + await fetchAndDeserialize( + this.workos, + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/role_assignments`, + deserializeRoleAssignment, + options ? serializeListRoleAssignmentsOptions(options) : undefined, + ), + (params) => + fetchAndDeserialize( + this.workos, + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/role_assignments`, + deserializeRoleAssignment, + params, + ), + options ? serializeListRoleAssignmentsOptions(options) : undefined, + ); + } + + /** + * Assign a role * - * @param options - Object containing permissions. - * @returns {Promise} - * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * Assign a role to an organization membership on a specific resource. + * @param options - Object containing roleSlug. + * @param options.organizationMembershipId - The ID of the organization membership. + * @example "om_01HXYZ123456789ABCDEFGHIJ" + * @param options.roleSlug - The slug of the role to assign. + * @example "editor" + * @param options.resourceId - The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. + * @example "authz_resource_01HXYZ123456789ABCDEFGH" + * @param options.resourceExternalId - The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. + * @example "project-ext-456" + * @param options.resourceTypeSlug - The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. + * @example "project" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ - async setEnvironmentRolePermissions( - slug: string, - options: SetEnvironmentRolePermissionsOptions, - ): Promise { - const { data } = await this.workos.put( - `/authorization/roles/${slug}/permissions`, - { permissions: options.permissions }, + async assignRole(options: AssignRoleOptions): Promise { + const { organizationMembershipId, ...payload } = options; + const { data } = await this.workos.post< + RoleAssignmentResponse, + AssignRoleResponse + >( + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/role_assignments`, + serializeAssignRole(payload), ); - return deserializeEnvironmentRole(data); + return deserializeRoleAssignment(data); } /** - * Add a permission to an environment role + * Remove a role assignment * - * Add a single permission to an environment role. If the permission is already assigned to the role, this operation has no effect. - * @param slug - The slug of the environment role. + * Remove a role assignment by role slug and resource. + * @param options - Object containing roleSlug. + * @param options.organizationMembershipId - The ID of the organization membership. + * @example "om_01HXYZ123456789ABCDEFGHIJ" + * @param options.roleSlug - The slug of the role to remove. + * @example "editor" + * @param options.resourceId - The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. + * @example "authz_resource_01HXYZ123456789ABCDEFGH" + * @param options.resourceExternalId - The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. + * @example "external_01HXYZ123456789ABCDEFGH" + * @param options.resourceTypeSlug - The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. + * @example "project" + * @returns {Promise} + * @throws {AuthorizationException} 403 + * @throws {NotFoundException} 404 + * @throws {UnprocessableEntityException} 422 + */ + async removeRole(options: RemoveRoleOptions): Promise { + const { organizationMembershipId, ...payload } = options; + await this.workos.deleteWithBody( + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/role_assignments`, + serializeRemoveRole(payload), + ); + } + + /** + * Remove a role assignment by ID * - * @example - * "admin" + * Remove a role assignment using its ID. + * @param options - The request options. + * @param options.organizationMembershipId - The ID of the organization membership. + * @example "om_01HXYZ123456789ABCDEFGHIJ" + * @param options.roleAssignmentId - The ID of the role assignment to remove. + * @example "role_assignment_01HXYZ123456789ABCDEFGH" + * @returns {Promise} + * @throws {AuthorizationException} 403 + * @throws {NotFoundException} 404 + */ + async removeRoleAssignment( + options: RemoveRoleAssignmentOptions, + ): Promise { + const { organizationMembershipId, roleAssignmentId } = options; + await this.workos.delete( + `/authorization/organization_memberships/${encodeURIComponent(organizationMembershipId)}/role_assignments/${encodeURIComponent(roleAssignmentId)}`, + ); + } + + /** + * List custom roles * - * @param options - Object containing slug. - * @returns {Promise} - * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * Get a list of all roles that apply to an organization. This includes both environment roles and custom roles, returned in priority order. + * @param options - The request options. + * @param options.organizationId - The ID of the organization. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 - * @throws {UnprocessableEntityException} 422 */ - async addEnvironmentRolePermission( - slug: string, - options: AddEnvironmentRolePermissionOptions, - ): Promise { - const { data } = await this.workos.post( - `/authorization/roles/${slug}/permissions`, - { slug: options.permissionSlug }, + async listOrganizationRoles( + options: ListOrganizationRolesOptions, + ): Promise { + const { organizationId } = options; + const { data } = await this.workos.get( + `/authorization/organizations/${encodeURIComponent(organizationId)}/roles`, ); - return deserializeEnvironmentRole(data); + return deserializeRoleList(data); } /** * Create a custom role * * Create a new custom role for this organization. - * @param organizationId - The ID of the organization. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * * @param options - Object containing name. + * @param options.organizationId - The ID of the organization. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.slug - A unique identifier for the role within the organization. When provided, must begin with 'org-' and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix. + * @example "org-billing-admin" + * @param options.name - A descriptive name for the role. + * @example "Billing Administrator" + * @param options.description - An optional description of the role's purpose. + * @example "Can manage billing and invoices" + * @param options.resourceTypeSlug - The slug of the resource type the role is scoped to. + * @example "organization" * @returns {Promise} * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {ConflictException} 409 * @throws {UnprocessableEntityException} 422 */ async createOrganizationRole( - organizationId: string, options: CreateOrganizationRoleOptions, ): Promise { - const { data } = await this.workos.post( - `/authorization/organizations/${organizationId}/roles`, - serializeCreateOrganizationRoleOptions(options), + const { organizationId, ...payload } = options; + const { data } = await this.workos.post< + OrganizationRoleResponse, + CreateOrganizationRoleResponse + >( + `/authorization/organizations/${encodeURIComponent(organizationId)}/roles`, + serializeCreateOrganizationRole(payload), ); return deserializeOrganizationRole(data); } - /** - * List custom roles - * - * Get a list of all roles that apply to an organization. This includes both environment roles and custom roles, returned in priority order. - * @param organizationId - The ID of the organization. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @returns {Promise} - * @throws 403 response from the API. - * @throws {NotFoundException} 404 - */ - async listOrganizationRoles(organizationId: string): Promise { - const { data } = await this.workos.get( - `/authorization/organizations/${organizationId}/roles`, - ); - return { - object: 'list', - data: data.data.map(deserializeRole), - }; - } - /** * Get a custom role * * Retrieve a role that applies to an organization by its slug. This can return either an environment role or a custom role. - * @param organizationId - The ID of the organization. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param slug - The slug of the role. - * - * @example - * "org-billing-admin" - * - * @returns {Promise} - * @throws 403 response from the API. + * @param options - The request options. + * @param options.organizationId - The ID of the organization. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.slug - The slug of the role. + * @example "org-billing-admin" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 */ async getOrganizationRole( - organizationId: string, - slug: string, - ): Promise { + options: GetOrganizationRoleOptions, + ): Promise { + const { organizationId, slug } = options; const { data } = await this.workos.get( - `/authorization/organizations/${organizationId}/roles/${slug}`, + `/authorization/organizations/${encodeURIComponent(organizationId)}/roles/${encodeURIComponent(slug)}`, ); - return deserializeRole(data); + return deserializeOrganizationRole(data); } /** * Update a custom role * * Update an existing custom role. Only the fields provided in the request body will be updated. - * @param organizationId - The ID of the organization. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param slug - The slug of the role. - * - * @example - * "org-billing-admin" - * * @param options - The request body. + * @param options.organizationId - The ID of the organization. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.slug - The slug of the role. + * @example "org-billing-admin" + * @param options.name - A descriptive name for the role. + * @example "Finance Administrator" + * @param options.description - An optional description of the role's purpose. + * @example "Can manage all financial operations" * @returns {Promise} * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ async updateOrganizationRole( - organizationId: string, - slug: string, options: UpdateOrganizationRoleOptions, ): Promise { - const { data } = await this.workos.patch( - `/authorization/organizations/${organizationId}/roles/${slug}`, - serializeUpdateOrganizationRoleOptions(options), + const { organizationId, slug, ...payload } = options; + const { data } = await this.workos.patch< + OrganizationRoleResponse, + UpdateOrganizationRoleResponse + >( + `/authorization/organizations/${encodeURIComponent(organizationId)}/roles/${encodeURIComponent(slug)}`, + serializeUpdateOrganizationRole(payload), ); return deserializeOrganizationRole(data); } @@ -343,92 +620,83 @@ export class Authorization { * Delete a custom role * * Delete an existing custom role. - * @param organizationId - The ID of the organization. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param slug - The slug of the role. - * - * @example - * "org-admin" - * + * @param options - The request options. + * @param options.organizationId - The ID of the organization. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.slug - The slug of the role. + * @example "org-admin" * @returns {Promise} * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {ConflictException} 409 */ async deleteOrganizationRole( - organizationId: string, - slug: string, + options: DeleteOrganizationRoleOptions, ): Promise { + const { organizationId, slug } = options; await this.workos.delete( - `/authorization/organizations/${organizationId}/roles/${slug}`, + `/authorization/organizations/${encodeURIComponent(organizationId)}/roles/${encodeURIComponent(slug)}`, ); } /** - * Set permissions for a custom role - * - * Replace all permissions on a custom role with the provided list. - * @param organizationId - The ID of the organization. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param slug - The slug of the role. - * - * @example - * "org-admin" + * Add a permission to a custom role * - * @param options - Object containing permissions. - * @returns {Promise} - * @throws 403 response from the API. + * Add a single permission to a custom role. If the permission is already assigned to the role, this operation has no effect. + * @param options - Object containing slug. + * @param options.organizationId - The ID of the organization. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.slug - The slug of the role. + * @example "org-admin" + * @param options.slug - The slug of the permission to add to the role. + * @example "reports:export" + * @returns {Promise} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ - async setOrganizationRolePermissions( - organizationId: string, - slug: string, - options: SetOrganizationRolePermissionsOptions, + async addOrganizationRolePermission( + options: AddOrganizationRolePermissionOptions, ): Promise { - const { data } = await this.workos.put( - `/authorization/organizations/${organizationId}/roles/${slug}/permissions`, - { permissions: options.permissions }, + const { organizationId, roleSlug, ...payload } = options; + const { data } = await this.workos.post< + OrganizationRoleResponse, + AddRolePermissionResponse + >( + `/authorization/organizations/${encodeURIComponent(organizationId)}/roles/${encodeURIComponent(roleSlug)}/permissions`, + serializeAddRolePermission(payload), ); return deserializeOrganizationRole(data); } /** - * Add a permission to a custom role - * - * Add a single permission to a custom role. If the permission is already assigned to the role, this operation has no effect. - * @param organizationId - The ID of the organization. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param slug - The slug of the role. - * - * @example - * "org-admin" + * Set permissions for a custom role * - * @param options - Object containing slug. - * @returns {Promise} - * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * Replace all permissions on a custom role with the provided list. + * @param options - Object containing permissions. + * @param options.organizationId - The ID of the organization. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.slug - The slug of the role. + * @example "org-admin" + * @param options.permissions - The permission slugs to assign to the role. + * @example ["billing:read","billing:write","invoices:manage","reports:view"] + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ - async addOrganizationRolePermission( - organizationId: string, - slug: string, - options: AddOrganizationRolePermissionOptions, + async setOrganizationRolePermissions( + options: SetOrganizationRolePermissionsOptions, ): Promise { - const { data } = await this.workos.post( - `/authorization/organizations/${organizationId}/roles/${slug}/permissions`, - { slug: options.permissionSlug }, + const { organizationId, slug, ...payload } = options; + const { data } = await this.workos.put< + OrganizationRoleResponse, + SetRolePermissionsResponse + >( + `/authorization/organizations/${encodeURIComponent(organizationId)}/roles/${encodeURIComponent(slug)}/permissions`, + serializeSetRolePermissions(payload), ); return deserializeOrganizationRole(data); } @@ -437,166 +705,258 @@ export class Authorization { * Remove a permission from a custom role * * Remove a single permission from a custom role by its slug. - * @param organizationId - The ID of the organization. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param slug - The slug of the role. - * - * @example - * "org-admin" - * - * @param permissionSlug - The slug of the permission to remove. - * - * @example - * "documents:read" - * - * @returns {Promise} - * @throws 403 response from the API. + * @param options - The request options. + * @param options.organizationId - The ID of the organization. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.slug - The slug of the role. + * @example "org-admin" + * @param options.permissionSlug - The slug of the permission to remove. + * @example "documents:read" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 */ async removeOrganizationRolePermission( - organizationId: string, - slug: string, options: RemoveOrganizationRolePermissionOptions, ): Promise { + const { organizationId, slug, permissionSlug } = options; await this.workos.delete( - `/authorization/organizations/${organizationId}/roles/${slug}/permissions/${options.permissionSlug}`, + `/authorization/organizations/${encodeURIComponent(organizationId)}/roles/${encodeURIComponent(slug)}/permissions/${encodeURIComponent(permissionSlug)}`, ); } /** - * Create a permission + * Get a resource by external ID * - * Create a new permission in your WorkOS environment. The permission can then be assigned to environment roles and custom roles. - * @param options - Object containing slug, name. - * @returns {Promise} - * @throws {BadRequestException} 400 + * Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details. + * @param options - The request options. + * @param options.organizationId - The ID of the organization that owns the resource. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.resourceTypeSlug - The slug of the resource type. + * @example "project" + * @param options.externalId - An identifier you provide to reference the resource in your system. + * @example "proj-456" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 - * @throws {ConflictException} 409 - * @throws {UnprocessableEntityException} 422 */ - async createPermission( - options: CreatePermissionOptions, - ): Promise { - const { data } = await this.workos.post( - '/authorization/permissions', - serializeCreatePermissionOptions(options), + async getResourceByExternalId( + options: GetAuthorizationResourceByExternalIdOptions, + ): Promise { + const { organizationId, resourceTypeSlug, externalId } = options; + const { data } = await this.workos.get( + `/authorization/organizations/${encodeURIComponent(organizationId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}`, ); - return deserializePermission(data); + return deserializeAuthorizationResource(data); } /** - * List permissions + * Update a resource by external ID * - * Get a list of all permissions in your WorkOS environment. - * @param options - Pagination and filter options. - * @returns {Promise>} + * Update an existing authorization resource using its external ID. + * @param options - The request body. + * @param options.organizationId - The ID of the organization that owns the resource. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.resourceTypeSlug - The slug of the resource type. + * @example "project" + * @param options.externalId - An identifier you provide to reference the resource in your system. + * @example "proj-456" + * @param options.name - A display name for the resource. + * @example "Updated Name" + * @param options.description - An optional description of the resource. + * @example "Updated description" + * @param options.parentResourceId - The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * @param options.parentResourceExternalId - The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. + * @example "parent-workspace-01" + * @param options.parentResourceTypeSlug - The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. + * @example "workspace" + * @returns {Promise} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 + * @throws {ConflictException} 409 + * @throws {UnprocessableEntityException} 422 */ - async listPermissions( - options?: ListPermissionsOptions, - ): Promise> { - return new AutoPaginatable( - await fetchAndDeserialize( - this.workos, - '/authorization/permissions', - deserializePermission, - options, - ), - (params) => - fetchAndDeserialize( - this.workos, - '/authorization/permissions', - deserializePermission, - params, - ), - options, + async updateResourceByExternalId( + options: UpdateAuthorizationResourceByExternalIdOptions, + ): Promise { + const { organizationId, resourceTypeSlug, externalId, ...payload } = + options; + const { data } = await this.workos.patch< + AuthorizationResourceResponse, + UpdateAuthorizationResourceResponse + >( + `/authorization/organizations/${encodeURIComponent(organizationId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}`, + serializeUpdateAuthorizationResource(payload), ); + return deserializeAuthorizationResource(data); } /** - * Get a permission - * - * Retrieve a permission by its unique slug. - * @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. - * - * @example - * "documents:read" + * Delete an authorization resource by external ID * - * @returns {Promise} + * Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources. + * @param options - Additional query options. + * @param options.organizationId - The ID of the organization that owns the resource. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.resourceTypeSlug - The slug of the resource type. + * @example "project" + * @param options.externalId - An identifier you provide to reference the resource in your system. + * @example "proj-456" + * @param options.cascadeDelete - If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail. + * @default false + * @example false + * @returns {Promise} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 + * @throws {ConflictException} 409 */ - async getPermission(slug: string): Promise { - const { data } = await this.workos.get( - `/authorization/permissions/${slug}`, + async deleteResourceByExternalId( + options: DeleteAuthorizationResourceByExternalIdOptions, + ): Promise { + const { organizationId, resourceTypeSlug, externalId } = options; + await this.workos.delete( + `/authorization/organizations/${encodeURIComponent(organizationId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}`, + { + query: { + ...(options.cascadeDelete !== undefined && { + cascade_delete: options.cascadeDelete, + }), + }, + }, ); - return deserializePermission(data); } /** - * Update a permission - * - * Update an existing permission. Only the fields provided in the request body will be updated. - * @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. - * - * @example - * "documents:read" + * List memberships for a resource by external ID * - * @param options - The request body. - * @returns {Promise} - * @throws 403 response from the API. + * Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID. + * @param options - Pagination and filter options. + * @param options.organizationId - The ID of the organization that owns the resource. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.resourceTypeSlug - The slug of the resource type this resource belongs to. + * @example "project" + * @param options.externalId - An identifier you provide to reference the resource in your system. + * @example "proj-456" + * @returns {Promise>} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ - async updatePermission( - slug: string, - options: UpdatePermissionOptions, - ): Promise { - const { data } = await this.workos.patch( - `/authorization/permissions/${slug}`, - serializeUpdatePermissionOptions(options), + async listMembershipsForResourceByExternalId( + options: ListMembershipsForResourceByExternalIdOptions, + ): Promise< + AutoPaginatable + > { + const { organizationId, resourceTypeSlug, externalId } = options; + return new AutoPaginatable( + await fetchAndDeserialize< + AuthorizationOrganizationMembershipResponse, + AuthorizationOrganizationMembership + >( + this.workos, + `/authorization/organizations/${encodeURIComponent(organizationId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}/organization_memberships`, + deserializeAuthorizationOrganizationMembership, + options + ? serializeListMembershipsForResourceByExternalIdOptions(options) + : undefined, + ), + (params) => + fetchAndDeserialize< + AuthorizationOrganizationMembershipResponse, + AuthorizationOrganizationMembership + >( + this.workos, + `/authorization/organizations/${encodeURIComponent(organizationId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}/organization_memberships`, + deserializeAuthorizationOrganizationMembership, + params, + ), + options + ? serializeListMembershipsForResourceByExternalIdOptions(options) + : undefined, ); - return deserializePermission(data); } /** - * Delete a permission - * - * Delete an existing permission. System permissions cannot be deleted. - * @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. - * - * @example - * "documents:read" + * List role assignments for a resource by external ID * - * @returns {Promise} - * @throws 403 response from the API. + * List all role assignments granted on a resource, identified by its external ID. Each assignment includes the organization membership it was granted to. + * @param options - Pagination and filter options. + * @param options.organizationId - The ID of the organization that owns the resource. + * @example "org_01EHZNVPK3SFK441A1RGBFSHRT" + * @param options.resourceTypeSlug - The slug of the resource type. + * @example "project" + * @param options.externalId - An identifier you provide to reference the resource in your system. + * @example "proj-456" + * @returns {Promise>} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 */ - async deletePermission(slug: string): Promise { - await this.workos.delete(`/authorization/permissions/${slug}`); + async listResourceRoleAssignments( + options: ListRoleAssignmentsForResourceByExternalIdOptions, + ): Promise> { + const { organizationId, resourceTypeSlug, externalId } = options; + return new AutoPaginatable( + await fetchAndDeserialize( + this.workos, + `/authorization/organizations/${encodeURIComponent(organizationId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}/role_assignments`, + deserializeRoleAssignment, + options + ? serializeListRoleAssignmentsForResourceByExternalIdOptions(options) + : undefined, + ), + (params) => + fetchAndDeserialize( + this.workos, + `/authorization/organizations/${encodeURIComponent(organizationId)}/resources/${encodeURIComponent(resourceTypeSlug)}/${encodeURIComponent(externalId)}/role_assignments`, + deserializeRoleAssignment, + params, + ), + options + ? serializeListRoleAssignmentsForResourceByExternalIdOptions(options) + : undefined, + ); } /** - * Get a resource - * - * Retrieve the details of an authorization resource by its ID. - * @param resourceId - The ID of the authorization resource. - * - * @example - * "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * List resources * - * @returns {Promise} - * @throws 403 response from the API. - * @throws {NotFoundException} 404 + * Get a paginated list of authorization resources. + * @param options - Pagination and filter options. + * @returns {Promise>} + * @throws {AuthorizationException} 403 * @throws {UnprocessableEntityException} 422 */ - async getResource(resourceId: string): Promise { - const { data } = await this.workos.get( - `/authorization/resources/${resourceId}`, + async listResources( + options?: ListAuthorizationResourcesOptions, + ): Promise> { + return new AutoPaginatable( + await fetchAndDeserialize< + AuthorizationResourceResponse, + AuthorizationResource + >( + this.workos, + '/authorization/resources', + deserializeAuthorizationResource, + options + ? serializeListAuthorizationResourcesOptions(options) + : undefined, + ), + (params) => + fetchAndDeserialize< + AuthorizationResourceResponse, + AuthorizationResource + >( + this.workos, + '/authorization/resources', + deserializeAuthorizationResource, + params, + ), + options ? serializeListAuthorizationResourcesOptions(options) : undefined, ); - return deserializeAuthorizationResource(data); } /** @@ -604,19 +964,61 @@ export class Authorization { * * Create a new authorization resource. * @param options - Object containing externalId, name, resourceTypeSlug, organizationId. + * @param options.externalId - An external identifier for the resource. + * @example "my-workspace-01" + * @param options.name - A display name for the resource. + * @example "Acme Workspace" + * @param options.description - An optional description of the resource. + * @example "Primary workspace for the Acme team" + * @param options.resourceTypeSlug - The slug of the resource type. + * @example "workspace" + * @param options.organizationId - The ID of the organization this resource belongs to. + * @example "org_01EHQMYV6MBK39QC5PZXHY59C3" + * @param options.parentResourceId - The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * @param options.parentResourceExternalId - The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. + * @example "parent-workspace-01" + * @param options.parentResourceTypeSlug - The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. + * @example "workspace" * @returns {Promise} * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {ConflictException} 409 * @throws {UnprocessableEntityException} 422 */ async createResource( - options: CreateAuthorizationResourceOptions, + options: CreateResourceOptions, ): Promise { - const { data } = await this.workos.post( + const payload = options; + const { data } = await this.workos.post< + AuthorizationResourceResponse, + CreateAuthorizationResourceResponse + >( '/authorization/resources', - serializeCreateResourceOptions(options), + serializeCreateAuthorizationResource(payload), + ); + return deserializeAuthorizationResource(data); + } + + /** + * Get a resource + * + * Retrieve the details of an authorization resource by its ID. + * @param options - The request options. + * @param options.resourceId - The ID of the authorization resource. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * @returns {Promise} + * @throws {AuthorizationException} 403 + * @throws {NotFoundException} 404 + * @throws {UnprocessableEntityException} 422 + */ + async getResource( + options: GetResourceOptions, + ): Promise { + const { resourceId } = options; + const { data } = await this.workos.get( + `/authorization/resources/${encodeURIComponent(resourceId)}`, ); return deserializeAuthorizationResource(data); } @@ -626,9 +1028,21 @@ export class Authorization { * * Update an existing authorization resource. * @param options - The request body. + * @param options.resourceId - The ID of the authorization resource. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * @param options.name - A display name for the resource. + * @example "Updated Name" + * @param options.description - An optional description of the resource. + * @example "Updated description" + * @param options.parentResourceId - The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * @param options.parentResourceExternalId - The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. + * @example "parent-workspace-01" + * @param options.parentResourceTypeSlug - The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. + * @example "workspace" * @returns {Promise} * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {ConflictException} 409 * @throws {UnprocessableEntityException} 422 @@ -636,9 +1050,13 @@ export class Authorization { async updateResource( options: UpdateAuthorizationResourceOptions, ): Promise { - const { data } = await this.workos.patch( - `/authorization/resources/${options.resourceId}`, - serializeUpdateResourceOptions(options), + const { resourceId, ...payload } = options; + const { data } = await this.workos.patch< + AuthorizationResourceResponse, + UpdateAuthorizationResourceResponse + >( + `/authorization/resources/${encodeURIComponent(resourceId)}`, + serializeUpdateAuthorizationResource(payload), ); return deserializeAuthorizationResource(data); } @@ -647,605 +1065,399 @@ export class Authorization { * Delete an authorization resource * * Delete an authorization resource and all its descendants. + * @param options - Additional query options. + * @param options.resourceId - The ID of the authorization resource. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" * @param options.cascadeDelete - If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail. * @default false - * @param options - Additional query options. + * @example false * @returns {Promise} * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {ConflictException} 409 */ async deleteResource( options: DeleteAuthorizationResourceOptions, ): Promise { - const { resourceId, cascadeDelete } = options; - - const query = - cascadeDelete !== undefined - ? { cascade_delete: cascadeDelete.toString() } - : undefined; - - await this.workos.delete(`/authorization/resources/${resourceId}`, query); + const { resourceId } = options; + await this.workos.delete( + `/authorization/resources/${encodeURIComponent(resourceId)}`, + { + query: { + ...(options.cascadeDelete !== undefined && { + cascade_delete: options.cascadeDelete, + }), + }, + }, + ); } /** - * List resources + * List organization memberships for resource * - * Get a paginated list of authorization resources. + * Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?". * @param options - Pagination and filter options. - * @returns {Promise>} - * @throws 403 response from the API. + * @param options.resourceId - The ID of the authorization resource. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * @returns {Promise>} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 + * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ - async listResources( - options: ListAuthorizationResourcesOptions = {}, - ): Promise> { - const serializedOptions = - serializeListAuthorizationResourcesOptions(options); + async listMembershipsForResource( + options: ListMembershipsForResourceOptions, + ): Promise< + AutoPaginatable + > { + const { resourceId } = options; return new AutoPaginatable( await fetchAndDeserialize< - AuthorizationResourceResponse, - AuthorizationResource + AuthorizationOrganizationMembershipResponse, + AuthorizationOrganizationMembership >( this.workos, - '/authorization/resources', - deserializeAuthorizationResource, - serializedOptions, + `/authorization/resources/${encodeURIComponent(resourceId)}/organization_memberships`, + deserializeAuthorizationOrganizationMembership, + options + ? serializeListMembershipsForResourceOptions(options) + : undefined, ), (params) => fetchAndDeserialize< - AuthorizationResourceResponse, - AuthorizationResource + AuthorizationOrganizationMembershipResponse, + AuthorizationOrganizationMembership >( this.workos, - '/authorization/resources', - deserializeAuthorizationResource, + `/authorization/resources/${encodeURIComponent(resourceId)}/organization_memberships`, + deserializeAuthorizationOrganizationMembership, params, ), - serializedOptions, + options ? serializeListMembershipsForResourceOptions(options) : undefined, ); } /** - * Get a resource by external ID - * - * Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details. - * @param organizationId - The ID of the organization that owns the resource. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param resourceTypeSlug - The slug of the resource type. - * - * @example - * "project" - * - * @param externalId - An identifier you provide to reference the resource in your system. - * - * @example - * "proj-456" + * List role assignments for a resource * - * @returns {Promise} - * @throws 403 response from the API. + * List all role assignments granted on a specific resource instance. Each assignment includes the organization membership it was granted to. + * @param options - Pagination and filter options. + * @param options.resourceId - The ID of the authorization resource. + * @example "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * @returns {Promise>} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 */ - async getResourceByExternalId( - options: GetAuthorizationResourceByExternalIdOptions, - ): Promise { - const { organizationId, resourceTypeSlug, externalId } = options; - const { data } = await this.workos.get( - `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`, + async listRoleAssignmentsForResource( + options: ListRoleAssignmentsForResourceOptions, + ): Promise> { + const { resourceId } = options; + return new AutoPaginatable( + await fetchAndDeserialize( + this.workos, + `/authorization/resources/${encodeURIComponent(resourceId)}/role_assignments`, + deserializeRoleAssignment, + options + ? serializeListRoleAssignmentsForResourceOptions(options) + : undefined, + ), + (params) => + fetchAndDeserialize( + this.workos, + `/authorization/resources/${encodeURIComponent(resourceId)}/role_assignments`, + deserializeRoleAssignment, + params, + ), + options + ? serializeListRoleAssignmentsForResourceOptions(options) + : undefined, ); - return deserializeAuthorizationResource(data); } /** - * Update a resource by external ID - * - * Update an existing authorization resource using its external ID. - * @param organizationId - The ID of the organization that owns the resource. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" + * List environment roles * - * @param resourceTypeSlug - The slug of the resource type. + * List all environment roles in priority order. + * @returns {Promise} + * @throws {AuthorizationException} 403 + */ + async listEnvironmentRoles(): Promise { + const { data } = await this.workos.get( + '/authorization/roles', + ); + return deserializeRoleList(data); + } + + /** + * Create an environment role * - * @example - * "project" - * - * @param externalId - An identifier you provide to reference the resource in your system. - * - * @example - * "proj-456" - * - * @param options - The request body. - * @returns {Promise} + * Create a new environment role. + * @param options - Object containing slug, name. + * @param options.slug - A unique slug for the role. + * @example "editor" + * @param options.name - A descriptive name for the role. + * @example "Editor" + * @param options.description - An optional description of the role. + * @example "Can edit resources" + * @param options.resourceTypeSlug - The slug of the resource type the role is scoped to. + * @example "organization" + * @returns {Promise} * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {ConflictException} 409 * @throws {UnprocessableEntityException} 422 */ - async updateResourceByExternalId( - options: UpdateAuthorizationResourceByExternalIdOptions, - ): Promise { - const { organizationId, resourceTypeSlug, externalId } = options; - const { data } = await this.workos.patch( - `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`, - serializeUpdateResourceByExternalIdOptions(options), - ); - return deserializeAuthorizationResource(data); + async createEnvironmentRole( + options: CreateEnvironmentRoleOptions, + ): Promise { + const payload = options; + const { data } = await this.workos.post< + EnvironmentRoleResponse, + CreateRoleResponse + >('/authorization/roles', serializeCreateRole(payload)); + return deserializeEnvironmentRole(data); } + /** - * Delete an authorization resource by external ID - * - * Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources. - * @param organizationId - The ID of the organization that owns the resource. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param resourceTypeSlug - The slug of the resource type. - * - * @example - * "project" - * - * @param externalId - An identifier you provide to reference the resource in your system. - * - * @example - * "proj-456" + * Get an environment role * - * @param options - Additional query options. - * @returns {Promise} - * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * Get an environment role by its slug. + * @param options - The request options. + * @param options.slug - The slug of the environment role. + * @example "admin" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 - * @throws {ConflictException} 409 */ - async deleteResourceByExternalId( - options: DeleteAuthorizationResourceByExternalIdOptions, - ): Promise { - const { organizationId, resourceTypeSlug, externalId, cascadeDelete } = - options; - - const query = - cascadeDelete !== undefined - ? { cascade_delete: cascadeDelete.toString() } - : undefined; - - await this.workos.delete( - `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`, - query, + async getEnvironmentRole( + options: GetEnvironmentRoleOptions, + ): Promise { + const { slug } = options; + const { data } = await this.workos.get( + `/authorization/roles/${encodeURIComponent(slug)}`, ); + return deserializeEnvironmentRole(data); } /** - * Check authorization + * Update an environment role * - * Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug. - * @param options - Object containing permissionSlug. - * @returns {Promise} - * @throws 403 response from the API. + * Update an existing environment role. + * @param options - The request body. + * @param options.slug - The slug of the environment role. + * @example "admin" + * @param options.name - A descriptive name for the role. + * @example "Super Administrator" + * @param options.description - An optional description of the role. + * @example "Full administrative access to all resources" + * @returns {Promise} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ - async check( - options: AuthorizationCheckOptions, - ): Promise { - const { data } = await this.workos.post( - `/authorization/organization_memberships/${options.organizationMembershipId}/check`, - serializeAuthorizationCheckOptions(options), + async updateEnvironmentRole( + options: UpdateEnvironmentRoleOptions, + ): Promise { + const { slug, ...payload } = options; + const { data } = await this.workos.patch< + EnvironmentRoleResponse, + UpdateRoleResponse + >( + `/authorization/roles/${encodeURIComponent(slug)}`, + serializeUpdateRole(payload), ); - return data; + return deserializeEnvironmentRole(data); } /** - * List role assignments - * - * List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles. - * @param organizationMembershipId - The ID of the organization membership. - * - * @example - * "om_01HXYZ123456789ABCDEFGHIJ" + * Add a permission to an environment role * - * @param options - Pagination and filter options. - * @returns {Promise>} - * @throws 403 response from the API. + * Add a single permission to an environment role. If the permission is already assigned to the role, this operation has no effect. + * @param options - Object containing slug. + * @param options.slug - The slug of the environment role. + * @example "admin" + * @param options.slug - The slug of the permission to add to the role. + * @example "reports:export" + * @returns {Promise} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 + * @throws {UnprocessableEntityException} 422 */ - async listRoleAssignments( - options: ListRoleAssignmentsOptions, - ): Promise> { - const { organizationMembershipId, ...queryOptions } = options; - const endpoint = `/authorization/organization_memberships/${organizationMembershipId}/role_assignments`; - const serializedOptions = serializeListRoleAssignmentsOptions(queryOptions); - return new AutoPaginatable( - await fetchAndDeserialize( - this.workos, - endpoint, - deserializeRoleAssignment, - serializedOptions, - ), - (params) => - fetchAndDeserialize( - this.workos, - endpoint, - deserializeRoleAssignment, - params, - ), - serializedOptions, + async addEnvironmentRolePermission( + options: AddEnvironmentRolePermissionOptions, + ): Promise { + const { roleSlug, ...payload } = options; + const { data } = await this.workos.post< + EnvironmentRoleResponse, + AddRolePermissionResponse + >( + `/authorization/roles/${encodeURIComponent(roleSlug)}/permissions`, + serializeAddRolePermission(payload), ); + return deserializeEnvironmentRole(data); } /** - * List role assignments for a resource - * - * List all role assignments granted on a resource. This returns every role assignment scoped to the resource, regardless of which organization membership received it. - * @param resourceId - The ID of the authorization resource. - * - * @example - * "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * Set permissions for an environment role * - * @param options - Pagination and filter options. - * @returns {Promise>} - * @throws 403 response from the API. + * Replace all permissions on an environment role with the provided list. + * @param options - Object containing permissions. + * @param options.slug - The slug of the environment role. + * @example "admin" + * @param options.permissions - The permission slugs to assign to the role. + * @example ["billing:read","billing:write","invoices:manage","reports:view"] + * @returns {Promise} + * @throws {BadRequestException} 400 + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 + * @throws {UnprocessableEntityException} 422 */ - async listRoleAssignmentsForResource( - options: ListRoleAssignmentsForResourceOptions, - ): Promise> { - const { resourceId, ...queryOptions } = options; - const endpoint = `/authorization/resources/${resourceId}/role_assignments`; - const serializedOptions = - serializeListRoleAssignmentsForResourceOptions(queryOptions); - return new AutoPaginatable( - await fetchAndDeserialize( - this.workos, - endpoint, - deserializeRoleAssignment, - serializedOptions, - ), - (params) => - fetchAndDeserialize( - this.workos, - endpoint, - deserializeRoleAssignment, - params, - ), - serializedOptions, + async setEnvironmentRolePermissions( + options: SetEnvironmentRolePermissionsOptions, + ): Promise { + const { slug, ...payload } = options; + const { data } = await this.workos.put< + EnvironmentRoleResponse, + SetRolePermissionsResponse + >( + `/authorization/roles/${encodeURIComponent(slug)}/permissions`, + serializeSetRolePermissions(payload), ); + return deserializeEnvironmentRole(data); } /** - * List role assignments for a resource by external ID - * - * List all role assignments granted on a resource identified by its external ID, organization, and resource type. This returns every role assignment scoped to the resource, regardless of which organization membership received it. - * @param organizationId - The ID of the organization that owns the resource. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param resourceTypeSlug - The slug of the resource type this resource belongs to. - * - * @example - * "project" - * - * @param externalId - An identifier you provide to reference the resource in your system. - * - * @example - * "proj-456" + * List permissions * + * Get a list of all permissions in your WorkOS environment. * @param options - Pagination and filter options. - * @returns {Promise>} - * @throws 403 response from the API. + * @returns {Promise>} * @throws {NotFoundException} 404 */ - async listResourceRoleAssignments( - options: ListRoleAssignmentsForResourceByExternalIdOptions, - ): Promise> { - const { organizationId, resourceTypeSlug, externalId, ...queryOptions } = - options; - const endpoint = `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}/role_assignments`; - const serializedOptions = - serializeListRoleAssignmentsForResourceOptions(queryOptions); + async listPermissions( + options?: PaginationOptions, + ): Promise> { + const paginationOptions = options; return new AutoPaginatable( - await fetchAndDeserialize( + await fetchAndDeserialize( this.workos, - endpoint, - deserializeRoleAssignment, - serializedOptions, + '/authorization/permissions', + deserializePermission, + paginationOptions, ), (params) => - fetchAndDeserialize( + fetchAndDeserialize( this.workos, - endpoint, - deserializeRoleAssignment, + '/authorization/permissions', + deserializePermission, params, ), - serializedOptions, - ); - } - - /** - * Assign a role - * - * Assign a role to an organization membership on a specific resource. - * @param options - Object containing roleSlug. - * @returns {Promise} - * @throws 403 response from the API. - * @throws {NotFoundException} 404 - * @throws {UnprocessableEntityException} 422 - */ - async assignRole(options: AssignRoleOptions): Promise { - const { data } = await this.workos.post( - `/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments`, - serializeAssignRoleOptions(options), - ); - return deserializeRoleAssignment(data); - } - - /** - * Remove a role assignment - * - * Remove a role assignment by role slug and resource. - * @param options - Object containing roleSlug. - * @returns {Promise} - * @throws 403 response from the API. - * @throws {NotFoundException} 404 - * @throws {UnprocessableEntityException} 422 - */ - async removeRole(options: RemoveRoleOptions): Promise { - await this.workos.deleteWithBody( - `/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments`, - serializeRemoveRoleOptions(options), + paginationOptions, ); } /** - * Remove a role assignment by ID - * - * Remove a role assignment using its ID. - * @param organizationMembershipId - The ID of the organization membership. - * - * @example - * "om_01HXYZ123456789ABCDEFGHIJ" - * - * @param roleAssignmentId - The ID of the role assignment to remove. - * - * @example - * "role_assignment_01HXYZ123456789ABCDEFGH" - * - * @returns {Promise} - * @throws 403 response from the API. - * @throws {NotFoundException} 404 - */ - async removeRoleAssignment( - options: RemoveRoleAssignmentOptions, - ): Promise { - await this.workos.delete( - `/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments/${options.roleAssignmentId}`, - ); - } - - /** - * List resources for organization membership - * - * Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?" - * - * You must provide either `parent_resource_id` or both `parent_resource_external_id` and `parent_resource_type_slug` to identify the parent resource. - * @param organizationMembershipId - The ID of the organization membership. - * - * @example - * "om_01HXYZ123456789ABCDEFGHIJ" - * - * @param options - Pagination and filter options. - * @returns {Promise>} - * @throws {BadRequestException} 400 - * @throws 403 response from the API. - * @throws {NotFoundException} 404 - * @throws {UnprocessableEntityException} 422 - */ - async listResourcesForMembership( - options: ListResourcesForMembershipOptions, - ): Promise> { - const { organizationMembershipId } = options; - const endpoint = `/authorization/organization_memberships/${organizationMembershipId}/resources`; - const serializedOptions = - serializeListResourcesForMembershipOptions(options); - return new AutoPaginatable( - await fetchAndDeserialize< - AuthorizationResourceResponse, - AuthorizationResource - >( - this.workos, - endpoint, - deserializeAuthorizationResource, - serializedOptions, - ), - (params) => - fetchAndDeserialize< - AuthorizationResourceResponse, - AuthorizationResource - >(this.workos, endpoint, deserializeAuthorizationResource, params), - serializedOptions, - ); - } - - /** - * List organization memberships for resource + * Create a permission * - * Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?". - * @param options - Pagination and filter options. - * @returns {Promise>} + * Create a new permission in your WorkOS environment. The permission can then be assigned to environment roles and custom roles. + * @param options - Object containing slug, name. + * @param options.slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. + * @example "documents:read" + * @param options.name - A descriptive name for the Permission. + * @example "View Documents" + * @param options.description - An optional description of the Permission. + * @example "Allows viewing document contents" + * @param options.resourceTypeSlug - The slug of the resource type this permission is scoped to. + * @example "document" + * @returns {Promise} * @throws {BadRequestException} 400 - * @throws 403 response from the API. * @throws {NotFoundException} 404 + * @throws {ConflictException} 409 * @throws {UnprocessableEntityException} 422 */ - async listMembershipsForResource( - options: ListMembershipsForResourceOptions, - ): Promise> { - const { resourceId } = options; - const endpoint = `/authorization/resources/${resourceId}/organization_memberships`; - const serializedOptions = - serializeListMembershipsForResourceOptions(options); - return new AutoPaginatable( - await fetchAndDeserialize< - AuthorizationOrganizationMembershipResponse, - AuthorizationOrganizationMembership - >( - this.workos, - endpoint, - deserializeAuthorizationOrganizationMembership, - serializedOptions, - ), - (params) => - fetchAndDeserialize< - AuthorizationOrganizationMembershipResponse, - AuthorizationOrganizationMembership - >( - this.workos, - endpoint, - deserializeAuthorizationOrganizationMembership, - params, - ), - serializedOptions, + async createPermission( + options: CreatePermissionOptions, + ): Promise { + const payload = options; + const { data } = await this.workos.post< + PermissionResponse, + CreateAuthorizationPermissionResponse + >( + '/authorization/permissions', + serializeCreateAuthorizationPermission(payload), ); + return deserializePermission(data); } /** - * List memberships for a resource by external ID - * - * Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID. - * @param organizationId - The ID of the organization that owns the resource. - * - * @example - * "org_01EHZNVPK3SFK441A1RGBFSHRT" - * - * @param resourceTypeSlug - The slug of the resource type this resource belongs to. - * - * @example - * "project" - * - * @param externalId - An identifier you provide to reference the resource in your system. - * - * @example - * "proj-456" + * Get a permission * - * @param options - Pagination and filter options. - * @returns {Promise>} - * @throws {BadRequestException} 400 - * @throws 403 response from the API. + * Retrieve a permission by its unique slug. + * @param options - The request options. + * @param options.slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. + * @example "documents:read" + * @returns {Promise} * @throws {NotFoundException} 404 - * @throws {UnprocessableEntityException} 422 */ - async listMembershipsForResourceByExternalId( - options: ListMembershipsForResourceByExternalIdOptions, - ): Promise> { - const { organizationId, resourceTypeSlug, externalId } = options; - const endpoint = `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}/organization_memberships`; - const serializedOptions = - serializeListMembershipsForResourceOptions(options); - return new AutoPaginatable( - await fetchAndDeserialize< - AuthorizationOrganizationMembershipResponse, - AuthorizationOrganizationMembership - >( - this.workos, - endpoint, - deserializeAuthorizationOrganizationMembership, - serializedOptions, - ), - (params) => - fetchAndDeserialize< - AuthorizationOrganizationMembershipResponse, - AuthorizationOrganizationMembership - >( - this.workos, - endpoint, - deserializeAuthorizationOrganizationMembership, - params, - ), - serializedOptions, + async getPermission( + options: GetPermissionOptions, + ): Promise { + const { slug } = options; + const { data } = await this.workos.get( + `/authorization/permissions/${encodeURIComponent(slug)}`, ); + return deserializeAuthorizationPermission(data); } /** - * List effective permissions for an organization membership on a resource - * - * Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources. - * @param organizationMembershipId - The ID of the organization membership. - * - * @example - * "om_01HXYZ123456789ABCDEFGHIJ" - * - * @param resourceId - The ID of the authorization resource. - * - * @example - * "authz_resource_01HXYZ123456789ABCDEFGHIJ" + * Update a permission * - * @param options - Pagination and filter options. - * @returns {Promise>} - * @throws 403 response from the API. + * Update an existing permission. Only the fields provided in the request body will be updated. + * @param options - The request body. + * @param options.slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. + * @example "documents:read" + * @param options.name - A descriptive name for the Permission. + * @example "View Documents" + * @param options.description - An optional description of the Permission. + * @example "Allows viewing document contents" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 * @throws {UnprocessableEntityException} 422 */ - async listEffectivePermissions( - options: ListEffectivePermissionsOptions, - ): Promise> { - const { organizationMembershipId, resourceId } = options; - const endpoint = `/authorization/resources/${resourceId}/organization_memberships/${organizationMembershipId}/permissions`; - const serializedOptions = serializeListEffectivePermissionsOptions(options); - return new AutoPaginatable( - await fetchAndDeserialize( - this.workos, - endpoint, - deserializePermission, - serializedOptions, - ), - (params) => - fetchAndDeserialize( - this.workos, - endpoint, - deserializePermission, - params, - ), - serializedOptions, + async updatePermission( + options: UpdatePermissionOptions, + ): Promise { + const { slug, ...payload } = options; + const { data } = await this.workos.patch< + AuthorizationPermissionResponse, + UpdateAuthorizationPermissionResponse + >( + `/authorization/permissions/${encodeURIComponent(slug)}`, + serializeUpdateAuthorizationPermission(payload), ); + return deserializeAuthorizationPermission(data); } /** - * List effective permissions for an organization membership on a resource by external ID + * Delete a permission * - * Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources. - * @param options - Pagination and filter options. - * @returns {Promise>} - * @throws 403 response from the API. + * Delete an existing permission. System permissions cannot be deleted. + * @param options - The request options. + * @param options.slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. + * @example "documents:read" + * @returns {Promise} + * @throws {AuthorizationException} 403 * @throws {NotFoundException} 404 - * @throws {UnprocessableEntityException} 422 */ - async listEffectivePermissionsByExternalId( - options: ListEffectivePermissionsByExternalIdOptions, - ): Promise> { - const { organizationMembershipId, resourceTypeSlug, externalId } = options; - const endpoint = `/authorization/organization_memberships/${organizationMembershipId}/resources/${resourceTypeSlug}/${externalId}/permissions`; - const serializedOptions = serializeListEffectivePermissionsOptions(options); - return new AutoPaginatable( - await fetchAndDeserialize( - this.workos, - endpoint, - deserializePermission, - serializedOptions, - ), - (params) => - fetchAndDeserialize( - this.workos, - endpoint, - deserializePermission, - params, - ), - serializedOptions, + async deletePermission(options: DeletePermissionOptions): Promise { + const { slug } = options; + await this.workos.delete( + `/authorization/permissions/${encodeURIComponent(slug)}`, ); } } diff --git a/src/authorization/fixtures/add-role-permission.json b/src/authorization/fixtures/add-role-permission.json new file mode 100644 index 000000000..8dd80ea68 --- /dev/null +++ b/src/authorization/fixtures/add-role-permission.json @@ -0,0 +1,3 @@ +{ + "slug": "reports:export" +} diff --git a/src/authorization/fixtures/assign-role.json b/src/authorization/fixtures/assign-role.json new file mode 100644 index 000000000..66cab23cc --- /dev/null +++ b/src/authorization/fixtures/assign-role.json @@ -0,0 +1,6 @@ +{ + "role_slug": "editor", + "resource_id": "authz_resource_01HXYZ123456789ABCDEFGH", + "resource_external_id": "project-ext-456", + "resource_type_slug": "project" +} diff --git a/src/authorization/fixtures/authorization-check.json b/src/authorization/fixtures/authorization-check.json new file mode 100644 index 000000000..8a5f5f97c --- /dev/null +++ b/src/authorization/fixtures/authorization-check.json @@ -0,0 +1,3 @@ +{ + "authorized": true +} diff --git a/src/authorization/fixtures/authorization-permission.json b/src/authorization/fixtures/authorization-permission.json new file mode 100644 index 000000000..0424eed6e --- /dev/null +++ b/src/authorization/fixtures/authorization-permission.json @@ -0,0 +1,11 @@ +{ + "object": "permission", + "id": "perm_01HXYZ123456789ABCDEFGHIJ", + "slug": "documents:read", + "name": "View Documents", + "description": "Allows viewing document contents", + "system": false, + "resource_type_slug": "workspace", + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z" +} diff --git a/src/authorization/fixtures/authorization-resource.json b/src/authorization/fixtures/authorization-resource.json index 6857590ea..ee5271ee5 100644 --- a/src/authorization/fixtures/authorization-resource.json +++ b/src/authorization/fixtures/authorization-resource.json @@ -1,12 +1,12 @@ { "object": "authorization_resource", - "id": "authz_resource_01HXYZ123ABC456DEF789ABC", - "external_id": "doc-456", - "name": "Q4 Budget Report", - "description": "Financial report for Q4 2025", - "resource_type_slug": "document", - "organization_id": "org_01HXYZ123ABC456DEF789ABC", - "parent_resource_id": "authz_resource_01HXYZ123ABC456DEF789XYZ", - "created_at": "2024-01-15T09:30:00.000Z", - "updated_at": "2024-01-15T09:30:00.000Z" + "name": "Website Redesign", + "description": "Company website redesign project", + "organization_id": "org_01EHZNVPK3SFK441A1RGBFSHRT", + "parent_resource_id": "authz_resource_01HXYZ123456789ABCDEFGHIJ", + "id": "authz_resource_01HXYZ123456789ABCDEFGH", + "external_id": "proj-456", + "resource_type_slug": "project", + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z" } diff --git a/src/authorization/fixtures/check-authorization.json b/src/authorization/fixtures/check-authorization.json new file mode 100644 index 000000000..ed8ae94e4 --- /dev/null +++ b/src/authorization/fixtures/check-authorization.json @@ -0,0 +1,6 @@ +{ + "permission_slug": "posts:create", + "resource_id": "resource_01HXYZ123456789ABCDEFGHIJ", + "resource_external_id": "my-custom-id", + "resource_type_slug": "document" +} diff --git a/src/authorization/fixtures/create-authorization-permission.json b/src/authorization/fixtures/create-authorization-permission.json new file mode 100644 index 000000000..6c9dc2aed --- /dev/null +++ b/src/authorization/fixtures/create-authorization-permission.json @@ -0,0 +1,6 @@ +{ + "slug": "documents:read", + "name": "View Documents", + "description": "Allows viewing document contents", + "resource_type_slug": "document" +} diff --git a/src/authorization/fixtures/create-authorization-resource.json b/src/authorization/fixtures/create-authorization-resource.json new file mode 100644 index 000000000..04b09a070 --- /dev/null +++ b/src/authorization/fixtures/create-authorization-resource.json @@ -0,0 +1,10 @@ +{ + "external_id": "my-workspace-01", + "name": "Acme Workspace", + "description": "Primary workspace for the Acme team", + "resource_type_slug": "workspace", + "organization_id": "org_01EHQMYV6MBK39QC5PZXHY59C3", + "parent_resource_id": "authz_resource_01HXYZ123456789ABCDEFGHIJ", + "parent_resource_external_id": "parent-workspace-01", + "parent_resource_type_slug": "workspace" +} diff --git a/src/authorization/fixtures/create-organization-role.json b/src/authorization/fixtures/create-organization-role.json new file mode 100644 index 000000000..794a619b5 --- /dev/null +++ b/src/authorization/fixtures/create-organization-role.json @@ -0,0 +1,6 @@ +{ + "slug": "org-billing-admin", + "name": "Billing Administrator", + "description": "Can manage billing and invoices", + "resource_type_slug": "organization" +} diff --git a/src/authorization/fixtures/create-role.json b/src/authorization/fixtures/create-role.json new file mode 100644 index 000000000..a455dd224 --- /dev/null +++ b/src/authorization/fixtures/create-role.json @@ -0,0 +1,6 @@ +{ + "slug": "editor", + "name": "Editor", + "description": "Can edit resources", + "resource_type_slug": "organization" +} diff --git a/src/authorization/fixtures/list-authorization-permission.json b/src/authorization/fixtures/list-authorization-permission.json new file mode 100644 index 000000000..348f9d773 --- /dev/null +++ b/src/authorization/fixtures/list-authorization-permission.json @@ -0,0 +1,19 @@ +{ + "data": [ + { + "object": "permission", + "id": "perm_01HXYZ123456789ABCDEFGHIJ", + "slug": "documents:read", + "name": "View Documents", + "description": "Allows viewing document contents", + "system": false, + "resource_type_slug": "workspace", + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z" + } + ], + "list_metadata": { + "before": null, + "after": null + } +} diff --git a/src/authorization/fixtures/list-authorization-resource.json b/src/authorization/fixtures/list-authorization-resource.json new file mode 100644 index 000000000..1c184d8a0 --- /dev/null +++ b/src/authorization/fixtures/list-authorization-resource.json @@ -0,0 +1,20 @@ +{ + "data": [ + { + "object": "authorization_resource", + "name": "Website Redesign", + "description": "Company website redesign project", + "organization_id": "org_01EHZNVPK3SFK441A1RGBFSHRT", + "parent_resource_id": "authz_resource_01HXYZ123456789ABCDEFGHIJ", + "id": "authz_resource_01HXYZ123456789ABCDEFGH", + "external_id": "proj-456", + "resource_type_slug": "project", + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z" + } + ], + "list_metadata": { + "before": null, + "after": null + } +} diff --git a/src/authorization/fixtures/list-user-organization-membership-base-list-data.json b/src/authorization/fixtures/list-user-organization-membership-base-list-data.json new file mode 100644 index 000000000..ba24d6d2b --- /dev/null +++ b/src/authorization/fixtures/list-user-organization-membership-base-list-data.json @@ -0,0 +1,42 @@ +{ + "data": [ + { + "object": "organization_membership", + "id": "om_01HXYZ123456789ABCDEFGHIJ", + "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", + "organization_id": "org_01EHZNVPK3SFK441A1RGBFSHRT", + "status": "active", + "directory_managed": false, + "organization_name": "Acme Corp", + "custom_attributes": { + "department": "Engineering", + "title": "Developer Experience Engineer", + "location": "Brooklyn" + }, + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z", + "user": { + "object": "user", + "id": "user_01E4ZCR3C56J083X43JQXF3JK5", + "first_name": "Marcelina", + "last_name": "Davis", + "name": "Marcelina Davis", + "profile_picture_url": "https://workoscdn.com/images/v1/123abc", + "email": "marcelina.davis@example.com", + "email_verified": true, + "external_id": "f1ffa2b2-c20b-4d39-be5c-212726e11222", + "metadata": { + "timezone": "America/New_York" + }, + "last_sign_in_at": "2025-06-25T19:07:33.155Z", + "locale": "en-US", + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z" + } + } + ], + "list_metadata": { + "before": null, + "after": null + } +} diff --git a/src/authorization/fixtures/list-user-role-assignment.json b/src/authorization/fixtures/list-user-role-assignment.json new file mode 100644 index 000000000..e909d9ac9 --- /dev/null +++ b/src/authorization/fixtures/list-user-role-assignment.json @@ -0,0 +1,23 @@ +{ + "data": [ + { + "object": "role_assignment", + "id": "role_assignment_01HXYZ123456789ABCDEFGH", + "organization_membership_id": "om_01HXYZ123456789ABCDEFGHIJ", + "role": { + "slug": "admin" + }, + "resource": { + "id": "authz_resource_01HXYZ123456789ABCDEFGH", + "external_id": "proj-456", + "resource_type_slug": "project" + }, + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z" + } + ], + "list_metadata": { + "before": null, + "after": null + } +} diff --git a/src/authorization/fixtures/permission.json b/src/authorization/fixtures/permission.json index 5600434f6..e4ac8b822 100644 --- a/src/authorization/fixtures/permission.json +++ b/src/authorization/fixtures/permission.json @@ -1,11 +1,11 @@ { "object": "permission", - "id": "perm_01HXYZ123ABC456DEF789GHI", - "slug": "users:read", - "name": "Read Users", - "description": "Allows reading user data", - "resource_type_slug": "organization", + "id": "perm_01HXYZ123456789ABCDEFGHIJ", + "slug": "documents:read", + "name": "View Documents", + "description": "Allows viewing document contents", "system": false, - "created_at": "2024-01-15T08:00:00.000Z", - "updated_at": "2024-01-15T08:00:00.000Z" + "resource_type_slug": "document", + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z" } diff --git a/src/authorization/fixtures/remove-role.json b/src/authorization/fixtures/remove-role.json new file mode 100644 index 000000000..f69fda376 --- /dev/null +++ b/src/authorization/fixtures/remove-role.json @@ -0,0 +1,6 @@ +{ + "role_slug": "editor", + "resource_id": "authz_resource_01HXYZ123456789ABCDEFGH", + "resource_external_id": "external_01HXYZ123456789ABCDEFGH", + "resource_type_slug": "project" +} diff --git a/src/authorization/fixtures/set-role-permissions.json b/src/authorization/fixtures/set-role-permissions.json new file mode 100644 index 000000000..52910b369 --- /dev/null +++ b/src/authorization/fixtures/set-role-permissions.json @@ -0,0 +1,8 @@ +{ + "permissions": [ + "billing:read", + "billing:write", + "invoices:manage", + "reports:view" + ] +} diff --git a/src/authorization/fixtures/slim-role.json b/src/authorization/fixtures/slim-role.json new file mode 100644 index 000000000..21f8f0419 --- /dev/null +++ b/src/authorization/fixtures/slim-role.json @@ -0,0 +1,3 @@ +{ + "slug": "admin" +} diff --git a/src/authorization/fixtures/update-authorization-permission.json b/src/authorization/fixtures/update-authorization-permission.json new file mode 100644 index 000000000..5aed776b7 --- /dev/null +++ b/src/authorization/fixtures/update-authorization-permission.json @@ -0,0 +1,4 @@ +{ + "name": "View Documents", + "description": "Allows viewing document contents" +} diff --git a/src/authorization/fixtures/update-authorization-resource.json b/src/authorization/fixtures/update-authorization-resource.json new file mode 100644 index 000000000..176a80256 --- /dev/null +++ b/src/authorization/fixtures/update-authorization-resource.json @@ -0,0 +1,7 @@ +{ + "name": "Updated Name", + "description": "Updated description", + "parent_resource_id": "authz_resource_01HXYZ123456789ABCDEFGHIJ", + "parent_resource_external_id": "parent-workspace-01", + "parent_resource_type_slug": "workspace" +} diff --git a/src/authorization/fixtures/update-organization-role.json b/src/authorization/fixtures/update-organization-role.json new file mode 100644 index 000000000..416ea3d1d --- /dev/null +++ b/src/authorization/fixtures/update-organization-role.json @@ -0,0 +1,4 @@ +{ + "name": "Finance Administrator", + "description": "Can manage all financial operations" +} diff --git a/src/authorization/fixtures/update-role.json b/src/authorization/fixtures/update-role.json new file mode 100644 index 000000000..339fb5b59 --- /dev/null +++ b/src/authorization/fixtures/update-role.json @@ -0,0 +1,4 @@ +{ + "name": "Super Administrator", + "description": "Full administrative access to all resources" +} diff --git a/src/authorization/fixtures/user-role-assignment-resource.json b/src/authorization/fixtures/user-role-assignment-resource.json new file mode 100644 index 000000000..53f9d5081 --- /dev/null +++ b/src/authorization/fixtures/user-role-assignment-resource.json @@ -0,0 +1,5 @@ +{ + "id": "authz_resource_01HXYZ123456789ABCDEFGH", + "external_id": "proj-456", + "resource_type_slug": "project" +} diff --git a/src/authorization/fixtures/user-role-assignment.json b/src/authorization/fixtures/user-role-assignment.json new file mode 100644 index 000000000..48ca72378 --- /dev/null +++ b/src/authorization/fixtures/user-role-assignment.json @@ -0,0 +1,15 @@ +{ + "object": "role_assignment", + "id": "role_assignment_01HXYZ123456789ABCDEFGH", + "organization_membership_id": "om_01HXYZ123456789ABCDEFGHIJ", + "role": { + "slug": "admin" + }, + "resource": { + "id": "authz_resource_01HXYZ123456789ABCDEFGH", + "external_id": "proj-456", + "resource_type_slug": "project" + }, + "created_at": "2026-01-15T12:00:00.000Z", + "updated_at": "2026-01-15T12:00:00.000Z" +} diff --git a/src/authorization/interfaces/add-environment-role-permission-options.interface.ts b/src/authorization/interfaces/add-environment-role-permission-options.interface.ts index aa4627c39..2b7e262fd 100644 --- a/src/authorization/interfaces/add-environment-role-permission-options.interface.ts +++ b/src/authorization/interfaces/add-environment-role-permission-options.interface.ts @@ -1,3 +1,8 @@ +// This file is auto-generated by oagen. Do not edit. + export interface AddEnvironmentRolePermissionOptions { - permissionSlug: string; + /** The slug of the environment role. */ + roleSlug: string; + /** The slug of the permission to add to the role. */ + slug: string; } diff --git a/src/authorization/interfaces/add-organization-role-permission-options.interface.ts b/src/authorization/interfaces/add-organization-role-permission-options.interface.ts index 1fc26296c..2636104b0 100644 --- a/src/authorization/interfaces/add-organization-role-permission-options.interface.ts +++ b/src/authorization/interfaces/add-organization-role-permission-options.interface.ts @@ -1,3 +1,10 @@ +// This file is auto-generated by oagen. Do not edit. + export interface AddOrganizationRolePermissionOptions { - permissionSlug: string; + /** The ID of the organization. */ + organizationId: string; + /** The slug of the role. */ + roleSlug: string; + /** The slug of the permission to add to the role. */ + slug: string; } diff --git a/src/authorization/interfaces/add-role-permission.interface.ts b/src/authorization/interfaces/add-role-permission.interface.ts new file mode 100644 index 000000000..e8fa6aa3d --- /dev/null +++ b/src/authorization/interfaces/add-role-permission.interface.ts @@ -0,0 +1,10 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface AddRolePermission { + /** The slug of the permission to add to the role. */ + slug: string; +} + +export interface AddRolePermissionResponse { + slug: string; +} diff --git a/src/authorization/interfaces/assign-role-options.interface.ts b/src/authorization/interfaces/assign-role-options.interface.ts index 29d5b2211..488307ce9 100644 --- a/src/authorization/interfaces/assign-role-options.interface.ts +++ b/src/authorization/interfaces/assign-role-options.interface.ts @@ -1,26 +1,14 @@ -import { - AuthorizationResourceIdentifierById, - AuthorizationResourceIdentifierByExternalId, -} from './authorization-resource-identifier.interface'; +// This file is auto-generated by oagen. Do not edit. -export interface BaseAssignRoleOptions { +export interface AssignRoleOptions { + /** The ID of the organization membership. */ organizationMembershipId: string; + /** The slug of the role to assign. */ roleSlug: string; -} - -export interface AssignRoleOptionsWithResourceId - extends BaseAssignRoleOptions, AuthorizationResourceIdentifierById {} - -export interface AssignRoleOptionsWithResourceExternalId - extends BaseAssignRoleOptions, AuthorizationResourceIdentifierByExternalId {} - -export type AssignRoleOptions = - | AssignRoleOptionsWithResourceId - | AssignRoleOptionsWithResourceExternalId; - -export interface SerializedAssignRoleOptions { - role_slug: string; - resource_id?: string; - resource_external_id?: string; - resource_type_slug?: string; + /** The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. */ + resourceId?: string; + /** The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. */ + resourceExternalId?: string; + /** The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. */ + resourceTypeSlug?: string; } diff --git a/src/authorization/interfaces/assign-role.interface.ts b/src/authorization/interfaces/assign-role.interface.ts new file mode 100644 index 000000000..b762ab029 --- /dev/null +++ b/src/authorization/interfaces/assign-role.interface.ts @@ -0,0 +1,19 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface AssignRole { + /** The slug of the role to assign. */ + roleSlug: string; + /** The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. */ + resourceId?: string; + /** The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. */ + resourceExternalId?: string; + /** The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. */ + resourceTypeSlug?: string; +} + +export interface AssignRoleResponse { + role_slug: string; + resource_id?: string; + resource_external_id?: string; + resource_type_slug?: string; +} diff --git a/src/authorization/interfaces/authorization-assignment.interface.ts b/src/authorization/interfaces/authorization-assignment.interface.ts new file mode 100644 index 000000000..459e1043f --- /dev/null +++ b/src/authorization/interfaces/authorization-assignment.interface.ts @@ -0,0 +1,9 @@ +// This file is auto-generated by oagen. Do not edit. + +export const AuthorizationAssignment = { + Direct: 'direct', + Indirect: 'indirect', +} as const; + +export type AuthorizationAssignment = + (typeof AuthorizationAssignment)[keyof typeof AuthorizationAssignment]; diff --git a/src/authorization/interfaces/authorization-check.interface.ts b/src/authorization/interfaces/authorization-check.interface.ts new file mode 100644 index 000000000..ac7159d74 --- /dev/null +++ b/src/authorization/interfaces/authorization-check.interface.ts @@ -0,0 +1,10 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface AuthorizationCheck { + /** Whether the organization membership has the specified permission on the resource. */ + authorized: boolean; +} + +export interface AuthorizationCheckResponse { + authorized: boolean; +} diff --git a/src/authorization/interfaces/authorization-permission.interface.ts b/src/authorization/interfaces/authorization-permission.interface.ts new file mode 100644 index 000000000..641d95eb3 --- /dev/null +++ b/src/authorization/interfaces/authorization-permission.interface.ts @@ -0,0 +1,34 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface AuthorizationPermission { + /** Distinguishes the Permission object. */ + object: 'permission'; + /** Unique identifier of the Permission. */ + id: string; + /** A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. */ + slug: string; + /** A descriptive name for the Permission. */ + name: string; + /** An optional description of the Permission. */ + description: string | null; + /** Whether the permission is a system permission. System permissions are managed by WorkOS and cannot be deleted. */ + system: boolean; + /** The slug of the resource type associated with the permission. */ + resourceTypeSlug: string; + /** An ISO 8601 timestamp. */ + createdAt: Date; + /** An ISO 8601 timestamp. */ + updatedAt: Date; +} + +export interface AuthorizationPermissionResponse { + object: 'permission'; + id: string; + slug: string; + name: string; + description: string | null; + system: boolean; + resource_type_slug: string; + created_at: string; + updated_at: string; +} diff --git a/src/authorization/interfaces/authorization-resource.interface.ts b/src/authorization/interfaces/authorization-resource.interface.ts index fd8ef0497..00ceb3423 100644 --- a/src/authorization/interfaces/authorization-resource.interface.ts +++ b/src/authorization/interfaces/authorization-resource.interface.ts @@ -1,79 +1,37 @@ +// This file is auto-generated by oagen. Do not edit. + export interface AuthorizationResource { /** Distinguishes the Resource object. */ object: 'authorization_resource'; - /** The unique ID of the Resource. */ - id: string; - /** An identifier you provide to reference the resource in your system. */ - externalId: string; /** A human-readable name for the Resource. */ name: string; /** An optional description of the Resource. */ description: string | null; - /** The slug of the resource type this resource belongs to. */ - resourceTypeSlug: string; /** The ID of the organization that owns the resource. */ organizationId: string; /** The ID of the parent resource, if this resource is nested. */ parentResourceId: string | null; + /** The unique ID of the Resource. */ + id: string; + /** An identifier you provide to reference the resource in your system. */ + externalId: string; + /** The slug of the resource type this resource belongs to. */ + resourceTypeSlug: string; /** An ISO 8601 timestamp. */ - createdAt: string; + createdAt: Date; /** An ISO 8601 timestamp. */ - updatedAt: string; + updatedAt: Date; } export interface AuthorizationResourceResponse { object: 'authorization_resource'; - id: string; - external_id: string; name: string; description: string | null; - resource_type_slug: string; organization_id: string; parent_resource_id: string | null; - created_at: string; - updated_at: string; -} - -interface BaseCreateAuthorizationResourceOptions { - externalId: string; - name: string; - description?: string | null; - resourceTypeSlug: string; - organizationId: string; -} - -export interface CreateOptionsWithParentResourceId extends BaseCreateAuthorizationResourceOptions { - parentResourceId: string; -} - -export interface CreateOptionsWithParentExternalId extends BaseCreateAuthorizationResourceOptions { - parentResourceExternalId: string; - parentResourceTypeSlug: string; -} - -export type CreateAuthorizationResourceOptions = - | BaseCreateAuthorizationResourceOptions - | CreateOptionsWithParentResourceId - | CreateOptionsWithParentExternalId; - -export interface SerializedCreateAuthorizationResourceOptions { + id: string; external_id: string; - name: string; - description?: string | null; resource_type_slug: string; - organization_id: string; - parent_resource_id?: string | null; - parent_resource_external_id?: string | null; - parent_resource_type_slug?: string | null; -} - -export interface UpdateAuthorizationResourceOptions { - resourceId: string; - name?: string; - description?: string | null; -} - -export interface SerializedUpdateAuthorizationResourceOptions { - name?: string; - description?: string | null; + created_at: string; + updated_at: string; } diff --git a/src/authorization/interfaces/check-authorization.interface.ts b/src/authorization/interfaces/check-authorization.interface.ts new file mode 100644 index 000000000..4c4228d1b --- /dev/null +++ b/src/authorization/interfaces/check-authorization.interface.ts @@ -0,0 +1,19 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface CheckAuthorization { + /** The slug of the permission to check. */ + permissionSlug: string; + /** The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. */ + resourceId?: string; + /** The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. */ + resourceExternalId?: string; + /** The slug of the resource type. Required with `resource_external_id`. Mutually exclusive with `resource_id`. */ + resourceTypeSlug?: string; +} + +export interface CheckAuthorizationResponse { + permission_slug: string; + resource_id?: string; + resource_external_id?: string; + resource_type_slug?: string; +} diff --git a/src/authorization/interfaces/check-options.interface.ts b/src/authorization/interfaces/check-options.interface.ts new file mode 100644 index 000000000..f7233feed --- /dev/null +++ b/src/authorization/interfaces/check-options.interface.ts @@ -0,0 +1,14 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface CheckOptions { + /** The ID of the organization membership to check. */ + organizationMembershipId: string; + /** The slug of the permission to check. */ + permissionSlug: string; + /** The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. */ + resourceId?: string; + /** The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. */ + resourceExternalId?: string; + /** The slug of the resource type. Required with `resource_external_id`. Mutually exclusive with `resource_id`. */ + resourceTypeSlug?: string; +} diff --git a/src/authorization/interfaces/create-authorization-permission.interface.ts b/src/authorization/interfaces/create-authorization-permission.interface.ts new file mode 100644 index 000000000..ddcfb825e --- /dev/null +++ b/src/authorization/interfaces/create-authorization-permission.interface.ts @@ -0,0 +1,19 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface CreateAuthorizationPermission { + /** A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. */ + slug: string; + /** A descriptive name for the Permission. */ + name: string; + /** An optional description of the Permission. */ + description?: string | null; + /** The slug of the resource type this permission is scoped to. */ + resourceTypeSlug?: string; +} + +export interface CreateAuthorizationPermissionResponse { + slug: string; + name: string; + description?: string | null; + resource_type_slug?: string; +} diff --git a/src/authorization/interfaces/create-authorization-resource.interface.ts b/src/authorization/interfaces/create-authorization-resource.interface.ts new file mode 100644 index 000000000..f4df90d35 --- /dev/null +++ b/src/authorization/interfaces/create-authorization-resource.interface.ts @@ -0,0 +1,31 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface CreateAuthorizationResource { + /** An external identifier for the resource. */ + externalId: string; + /** A display name for the resource. */ + name: string; + /** An optional description of the resource. */ + description?: string | null; + /** The slug of the resource type. */ + resourceTypeSlug: string; + /** The ID of the organization this resource belongs to. */ + organizationId: string; + /** The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. */ + parentResourceId?: string | null; + /** The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. */ + parentResourceExternalId?: string; + /** The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. */ + parentResourceTypeSlug?: string; +} + +export interface CreateAuthorizationResourceResponse { + external_id: string; + name: string; + description?: string | null; + resource_type_slug: string; + organization_id: string; + parent_resource_id?: string | null; + parent_resource_external_id?: string; + parent_resource_type_slug?: string; +} diff --git a/src/authorization/interfaces/create-organization-role-options.interface.ts b/src/authorization/interfaces/create-organization-role-options.interface.ts index fa4781fa0..24b39f6e1 100644 --- a/src/authorization/interfaces/create-organization-role-options.interface.ts +++ b/src/authorization/interfaces/create-organization-role-options.interface.ts @@ -1,13 +1,14 @@ +// This file is auto-generated by oagen. Do not edit. + export interface CreateOrganizationRoleOptions { + /** The ID of the organization. */ + organizationId: string; + /** A unique identifier for the role within the organization. When provided, must begin with 'org-' and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix. */ slug?: string; + /** A descriptive name for the role. */ name: string; - description?: string; + /** An optional description of the role's purpose. */ + description?: string | null; + /** The slug of the resource type the role is scoped to. */ resourceTypeSlug?: string; } - -export interface SerializedCreateOrganizationRoleOptions { - slug?: string; - name: string; - description?: string; - resource_type_slug?: string; -} diff --git a/src/authorization/interfaces/create-organization-role.interface.ts b/src/authorization/interfaces/create-organization-role.interface.ts new file mode 100644 index 000000000..dade37e4f --- /dev/null +++ b/src/authorization/interfaces/create-organization-role.interface.ts @@ -0,0 +1,19 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface CreateOrganizationRole { + /** A unique identifier for the role within the organization. When provided, must begin with 'org-' and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix. */ + slug?: string; + /** A descriptive name for the role. */ + name: string; + /** An optional description of the role's purpose. */ + description?: string | null; + /** The slug of the resource type the role is scoped to. */ + resourceTypeSlug?: string; +} + +export interface CreateOrganizationRoleResponse { + slug?: string; + name: string; + description?: string | null; + resource_type_slug?: string; +} diff --git a/src/authorization/interfaces/create-resource-options.interface.ts b/src/authorization/interfaces/create-resource-options.interface.ts new file mode 100644 index 000000000..72d69e23c --- /dev/null +++ b/src/authorization/interfaces/create-resource-options.interface.ts @@ -0,0 +1,20 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface CreateResourceOptions { + /** An external identifier for the resource. */ + externalId: string; + /** A display name for the resource. */ + name: string; + /** An optional description of the resource. */ + description?: string | null; + /** The slug of the resource type. */ + resourceTypeSlug: string; + /** The ID of the organization this resource belongs to. */ + organizationId: string; + /** The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. */ + parentResourceId?: string | null; + /** The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. */ + parentResourceExternalId?: string; + /** The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. */ + parentResourceTypeSlug?: string; +} diff --git a/src/authorization/interfaces/create-role.interface.ts b/src/authorization/interfaces/create-role.interface.ts new file mode 100644 index 000000000..050ad9116 --- /dev/null +++ b/src/authorization/interfaces/create-role.interface.ts @@ -0,0 +1,19 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface CreateRole { + /** A unique slug for the role. */ + slug: string; + /** A descriptive name for the role. */ + name: string; + /** An optional description of the role. */ + description?: string | null; + /** The slug of the resource type the role is scoped to. */ + resourceTypeSlug?: string; +} + +export interface CreateRoleResponse { + slug: string; + name: string; + description?: string | null; + resource_type_slug?: string; +} diff --git a/src/authorization/interfaces/delete-organization-role-options.interface.ts b/src/authorization/interfaces/delete-organization-role-options.interface.ts new file mode 100644 index 000000000..fba760b1a --- /dev/null +++ b/src/authorization/interfaces/delete-organization-role-options.interface.ts @@ -0,0 +1,8 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface DeleteOrganizationRoleOptions { + /** The ID of the organization. */ + organizationId: string; + /** The slug of the role. */ + slug: string; +} diff --git a/src/authorization/interfaces/delete-permission-options.interface.ts b/src/authorization/interfaces/delete-permission-options.interface.ts new file mode 100644 index 000000000..f5244b27b --- /dev/null +++ b/src/authorization/interfaces/delete-permission-options.interface.ts @@ -0,0 +1,6 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface DeletePermissionOptions { + /** A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. */ + slug: string; +} diff --git a/src/authorization/interfaces/get-environment-role-options.interface.ts b/src/authorization/interfaces/get-environment-role-options.interface.ts new file mode 100644 index 000000000..50add181b --- /dev/null +++ b/src/authorization/interfaces/get-environment-role-options.interface.ts @@ -0,0 +1,6 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface GetEnvironmentRoleOptions { + /** The slug of the environment role. */ + slug: string; +} diff --git a/src/authorization/interfaces/get-organization-role-options.interface.ts b/src/authorization/interfaces/get-organization-role-options.interface.ts new file mode 100644 index 000000000..e9727919c --- /dev/null +++ b/src/authorization/interfaces/get-organization-role-options.interface.ts @@ -0,0 +1,8 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface GetOrganizationRoleOptions { + /** The ID of the organization. */ + organizationId: string; + /** The slug of the role. */ + slug: string; +} diff --git a/src/authorization/interfaces/get-permission-options.interface.ts b/src/authorization/interfaces/get-permission-options.interface.ts new file mode 100644 index 000000000..6e609ba42 --- /dev/null +++ b/src/authorization/interfaces/get-permission-options.interface.ts @@ -0,0 +1,6 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface GetPermissionOptions { + /** A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. */ + slug: string; +} diff --git a/src/authorization/interfaces/get-resource-options.interface.ts b/src/authorization/interfaces/get-resource-options.interface.ts new file mode 100644 index 000000000..e534a6f5b --- /dev/null +++ b/src/authorization/interfaces/get-resource-options.interface.ts @@ -0,0 +1,6 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface GetResourceOptions { + /** The ID of the authorization resource. */ + resourceId: string; +} diff --git a/src/authorization/interfaces/index.ts b/src/authorization/interfaces/index.ts index 82de0d275..7a3eda2a0 100644 --- a/src/authorization/interfaces/index.ts +++ b/src/authorization/interfaces/index.ts @@ -1,34 +1,67 @@ -export * from './environment-role.interface'; -export * from './create-environment-role-options.interface'; -export * from './update-environment-role-options.interface'; -export * from './set-environment-role-permissions-options.interface'; +// This file is auto-generated by oagen. Do not edit. + export * from './add-environment-role-permission-options.interface'; -export * from './organization-role.interface'; -export * from './create-organization-role-options.interface'; -export * from './update-organization-role-options.interface'; -export * from './set-organization-role-permissions-options.interface'; export * from './add-organization-role-permission-options.interface'; -export * from './remove-organization-role-permission-options.interface'; -export * from './permission.interface'; -export * from './create-permission-options.interface'; -export * from './update-permission-options.interface'; -export * from './list-permissions-options.interface'; +export * from './add-role-permission.interface'; +export * from './assign-role-options.interface'; +export * from './assign-role.interface'; +export * from './authorization-assignment.interface'; +export * from './authorization-check.interface'; +export * from './authorization-permission.interface'; +export * from './authorization-resource-check.interface'; +export * from './authorization-resource-identifier.interface'; export * from './authorization-resource.interface'; -export * from './list-authorization-resources-options.interface'; -export * from './get-authorization-resource-by-external-id-options.interface'; -export * from './update-authorization-resource-by-external-id-options.interface'; +export * from './check-authorization.interface'; +export * from './check-options.interface'; +export * from './create-authorization-permission.interface'; +export * from './create-authorization-resource.interface'; +export * from './create-environment-role-options.interface'; +export * from './create-organization-role-options.interface'; +export * from './create-organization-role.interface'; +export * from './create-permission-options.interface'; +export * from './create-resource-options.interface'; +export * from './create-role.interface'; export * from './delete-authorization-resource-by-external-id-options.interface'; export * from './delete-authorization-resource-options.interface'; -export * from './authorization-resource-check.interface'; -export * from './list-resources-for-membership-options.interface'; -export * from './list-memberships-for-resource-options.interface'; +export * from './delete-organization-role-options.interface'; +export * from './delete-permission-options.interface'; +export * from './environment-role.interface'; +export * from './get-authorization-resource-by-external-id-options.interface'; +export * from './get-environment-role-options.interface'; +export * from './get-organization-role-options.interface'; +export * from './get-permission-options.interface'; +export * from './get-resource-options.interface'; +export * from './list-authorization-resources-options.interface'; +export * from './list-effective-permissions-by-external-id-options.interface'; +export * from './list-effective-permissions-options.interface'; export * from './list-memberships-for-resource-by-external-id-options.interface'; -export * from './role-assignment.interface'; -export * from './list-role-assignments-options.interface'; -export * from './list-role-assignments-for-resource-options.interface'; +export * from './list-memberships-for-resource-options.interface'; +export * from './list-organization-roles-options.interface'; +export * from './list-permissions-options.interface'; +export * from './list-resources-for-membership-options.interface'; export * from './list-role-assignments-for-resource-by-external-id-options.interface'; -export * from './assign-role-options.interface'; -export * from './remove-role-options.interface'; +export * from './list-role-assignments-for-resource-options.interface'; +export * from './list-role-assignments-options.interface'; +export * from './organization-role.interface'; +export * from './pagination-order.interface'; +export * from './permission.interface'; +export * from './remove-organization-role-permission-options.interface'; export * from './remove-role-assignment-options.interface'; -export * from './list-effective-permissions-options.interface'; -export * from './list-effective-permissions-by-external-id-options.interface'; +export * from './remove-role-options.interface'; +export * from './remove-role.interface'; +export * from './role-assignment.interface'; +export * from './role-type.interface'; +export * from './set-environment-role-permissions-options.interface'; +export * from './set-organization-role-permissions-options.interface'; +export * from './set-role-permissions.interface'; +export * from './slim-role.interface'; +export * from './update-authorization-permission.interface'; +export * from './update-authorization-resource-by-external-id-options.interface'; +export * from './update-authorization-resource.interface'; +export * from './update-environment-role-options.interface'; +export * from './update-organization-role-options.interface'; +export * from './update-organization-role.interface'; +export * from './update-permission-options.interface'; +export * from './update-role.interface'; +export * from './user-role-assignment-resource.interface'; +export * from './user-role-assignment.interface'; diff --git a/src/authorization/interfaces/list-authorization-resources-options.interface.ts b/src/authorization/interfaces/list-authorization-resources-options.interface.ts index 74809e851..4d5296585 100644 --- a/src/authorization/interfaces/list-authorization-resources-options.interface.ts +++ b/src/authorization/interfaces/list-authorization-resources-options.interface.ts @@ -3,6 +3,7 @@ import { PaginationOptions } from '../../common/interfaces/pagination-options.in export interface ListAuthorizationResourcesOptions extends PaginationOptions { organizationId?: string; resourceTypeSlug?: string; + resourceExternalId?: string; parentResourceId?: string; parentResourceTypeSlug?: string; parentExternalId?: string; @@ -11,6 +12,7 @@ export interface ListAuthorizationResourcesOptions extends PaginationOptions { export interface SerializedListAuthorizationResourcesOptions extends PaginationOptions { organization_id?: string; resource_type_slug?: string; + resource_external_id?: string; parent_resource_id?: string; parent_resource_type_slug?: string; parent_external_id?: string; diff --git a/src/authorization/interfaces/list-organization-roles-options.interface.ts b/src/authorization/interfaces/list-organization-roles-options.interface.ts new file mode 100644 index 000000000..d453cabab --- /dev/null +++ b/src/authorization/interfaces/list-organization-roles-options.interface.ts @@ -0,0 +1,6 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface ListOrganizationRolesOptions { + /** The ID of the organization. */ + organizationId: string; +} diff --git a/src/authorization/interfaces/list-resources-for-membership-options.interface.ts b/src/authorization/interfaces/list-resources-for-membership-options.interface.ts index 886641ddd..2158e0bd6 100644 --- a/src/authorization/interfaces/list-resources-for-membership-options.interface.ts +++ b/src/authorization/interfaces/list-resources-for-membership-options.interface.ts @@ -1,26 +1,16 @@ -import { PaginationOptions } from '../../common/interfaces/pagination-options.interface'; +// This file is auto-generated by oagen. Do not edit. -interface BaseListResourcesForMembershipOptions extends PaginationOptions { +import type { PaginationOptions } from '../../common/interfaces/pagination-options.interface'; + +export interface ListResourcesForMembershipOptions extends PaginationOptions { + /** The ID of the organization membership. */ organizationMembershipId: string; + /** The permission slug to filter by. Only child resources where the organization membership has this permission are returned. */ permissionSlug: string; -} - -export interface ListResourcesForMembershipOptionsWithParentId extends BaseListResourcesForMembershipOptions { - parentResourceId: string; -} - -export interface ListResourcesForMembershipOptionsWithParentExternalId extends BaseListResourcesForMembershipOptions { - parentResourceTypeSlug: string; - parentResourceExternalId: string; -} - -export type ListResourcesForMembershipOptions = - | ListResourcesForMembershipOptionsWithParentId - | ListResourcesForMembershipOptionsWithParentExternalId; - -export interface SerializedListResourcesForMembershipOptions extends PaginationOptions { - permission_slug: string; - parent_resource_id?: string; - parent_resource_type_slug?: string; - parent_resource_external_id?: string; + /** The WorkOS ID of the parent resource. Provide this or both `parent_resource_external_id` and `parent_resource_type_slug`, but not both. Mutually exclusive with `parent_resource_type_slug` and `parent_resource_external_id`. */ + parentResourceId?: string; + /** The slug of the parent resource type. Must be provided together with `parent_resource_external_id`. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. */ + parentResourceTypeSlug?: string; + /** The application-specific external identifier of the parent resource. Must be provided together with `parent_resource_type_slug`. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. */ + parentResourceExternalId?: string; } diff --git a/src/authorization/interfaces/pagination-order.interface.ts b/src/authorization/interfaces/pagination-order.interface.ts new file mode 100644 index 000000000..5107338d6 --- /dev/null +++ b/src/authorization/interfaces/pagination-order.interface.ts @@ -0,0 +1,10 @@ +// This file is auto-generated by oagen. Do not edit. + +export const PaginationOrder = { + Normal: 'normal', + Desc: 'desc', + Asc: 'asc', +} as const; + +export type PaginationOrder = + (typeof PaginationOrder)[keyof typeof PaginationOrder]; diff --git a/src/authorization/interfaces/permission.interface.ts b/src/authorization/interfaces/permission.interface.ts index 8c6774a78..49d33d685 100644 --- a/src/authorization/interfaces/permission.interface.ts +++ b/src/authorization/interfaces/permission.interface.ts @@ -1,13 +1,24 @@ +// This file is auto-generated by oagen. Do not edit. + export interface Permission { + /** Distinguishes the Permission object. */ object: 'permission'; + /** Unique identifier of the Permission. */ id: string; + /** A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. */ slug: string; + /** A descriptive name for the Permission. */ name: string; + /** An optional description of the Permission. */ description: string | null; - resourceTypeSlug: string; + /** Whether the permission is a system permission. System permissions are managed by WorkOS and cannot be deleted. */ system: boolean; - createdAt: string; - updatedAt: string; + /** The slug of the resource type associated with the permission. */ + resourceTypeSlug: string; + /** An ISO 8601 timestamp. */ + createdAt: Date; + /** An ISO 8601 timestamp. */ + updatedAt: Date; } export interface PermissionResponse { @@ -16,8 +27,8 @@ export interface PermissionResponse { slug: string; name: string; description: string | null; - resource_type_slug: string; system: boolean; + resource_type_slug: string; created_at: string; updated_at: string; } diff --git a/src/authorization/interfaces/remove-organization-role-permission-options.interface.ts b/src/authorization/interfaces/remove-organization-role-permission-options.interface.ts index 80068249f..3e63ef6c8 100644 --- a/src/authorization/interfaces/remove-organization-role-permission-options.interface.ts +++ b/src/authorization/interfaces/remove-organization-role-permission-options.interface.ts @@ -1,3 +1,10 @@ +// This file is auto-generated by oagen. Do not edit. + export interface RemoveOrganizationRolePermissionOptions { + /** The ID of the organization. */ + organizationId: string; + /** The slug of the role. */ + slug: string; + /** The slug of the permission to remove. */ permissionSlug: string; } diff --git a/src/authorization/interfaces/remove-role-options.interface.ts b/src/authorization/interfaces/remove-role-options.interface.ts index d260c5457..9723fd103 100644 --- a/src/authorization/interfaces/remove-role-options.interface.ts +++ b/src/authorization/interfaces/remove-role-options.interface.ts @@ -1,26 +1,14 @@ -import { - AuthorizationResourceIdentifierById, - AuthorizationResourceIdentifierByExternalId, -} from './authorization-resource-identifier.interface'; +// This file is auto-generated by oagen. Do not edit. -export interface BaseRemoveRoleOptions { +export interface RemoveRoleOptions { + /** The ID of the organization membership. */ organizationMembershipId: string; + /** The slug of the role to remove. */ roleSlug: string; -} - -export interface RemoveRoleOptionsWithResourceId - extends BaseRemoveRoleOptions, AuthorizationResourceIdentifierById {} - -export interface RemoveRoleOptionsWithResourceExternalId - extends BaseRemoveRoleOptions, AuthorizationResourceIdentifierByExternalId {} - -export type RemoveRoleOptions = - | RemoveRoleOptionsWithResourceId - | RemoveRoleOptionsWithResourceExternalId; - -export interface SerializedRemoveRoleOptions { - role_slug: string; - resource_id?: string; - resource_external_id?: string; - resource_type_slug?: string; + /** The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. */ + resourceId?: string; + /** The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. */ + resourceExternalId?: string; + /** The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. */ + resourceTypeSlug?: string; } diff --git a/src/authorization/interfaces/remove-role.interface.ts b/src/authorization/interfaces/remove-role.interface.ts new file mode 100644 index 000000000..6a12c4dca --- /dev/null +++ b/src/authorization/interfaces/remove-role.interface.ts @@ -0,0 +1,19 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface RemoveRole { + /** The slug of the role to remove. */ + roleSlug: string; + /** The ID of the resource. Mutually exclusive with `resource_external_id` and `resource_type_slug`. */ + resourceId?: string; + /** The external ID of the resource. Required with `resource_type_slug`. Mutually exclusive with `resource_id`. */ + resourceExternalId?: string; + /** The resource type slug. Required with `resource_external_id`. Mutually exclusive with `resource_id`. */ + resourceTypeSlug?: string; +} + +export interface RemoveRoleResponse { + role_slug: string; + resource_id?: string; + resource_external_id?: string; + resource_type_slug?: string; +} diff --git a/src/authorization/interfaces/role-type.interface.ts b/src/authorization/interfaces/role-type.interface.ts new file mode 100644 index 000000000..f08c8376d --- /dev/null +++ b/src/authorization/interfaces/role-type.interface.ts @@ -0,0 +1,8 @@ +// This file is auto-generated by oagen. Do not edit. + +export const RoleType = { + EnvironmentRole: 'EnvironmentRole', + OrganizationRole: 'OrganizationRole', +} as const; + +export type RoleType = (typeof RoleType)[keyof typeof RoleType]; diff --git a/src/authorization/interfaces/set-environment-role-permissions-options.interface.ts b/src/authorization/interfaces/set-environment-role-permissions-options.interface.ts index f9f33d1dc..dbb827b01 100644 --- a/src/authorization/interfaces/set-environment-role-permissions-options.interface.ts +++ b/src/authorization/interfaces/set-environment-role-permissions-options.interface.ts @@ -1,3 +1,8 @@ +// This file is auto-generated by oagen. Do not edit. + export interface SetEnvironmentRolePermissionsOptions { + /** The slug of the environment role. */ + slug: string; + /** The permission slugs to assign to the role. */ permissions: string[]; } diff --git a/src/authorization/interfaces/set-organization-role-permissions-options.interface.ts b/src/authorization/interfaces/set-organization-role-permissions-options.interface.ts index 09c563c2a..ad91aace3 100644 --- a/src/authorization/interfaces/set-organization-role-permissions-options.interface.ts +++ b/src/authorization/interfaces/set-organization-role-permissions-options.interface.ts @@ -1,3 +1,10 @@ +// This file is auto-generated by oagen. Do not edit. + export interface SetOrganizationRolePermissionsOptions { + /** The ID of the organization. */ + organizationId: string; + /** The slug of the role. */ + slug: string; + /** The permission slugs to assign to the role. */ permissions: string[]; } diff --git a/src/authorization/interfaces/set-role-permissions.interface.ts b/src/authorization/interfaces/set-role-permissions.interface.ts new file mode 100644 index 000000000..04446b1fa --- /dev/null +++ b/src/authorization/interfaces/set-role-permissions.interface.ts @@ -0,0 +1,10 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface SetRolePermissions { + /** The permission slugs to assign to the role. */ + permissions: string[]; +} + +export interface SetRolePermissionsResponse { + permissions: string[]; +} diff --git a/src/authorization/interfaces/slim-role.interface.ts b/src/authorization/interfaces/slim-role.interface.ts new file mode 100644 index 000000000..72dc7ceb3 --- /dev/null +++ b/src/authorization/interfaces/slim-role.interface.ts @@ -0,0 +1,11 @@ +// This file is auto-generated by oagen. Do not edit. + +/** The primary role assigned to the user. */ +export interface SlimRole { + /** The slug of the assigned role. */ + slug: string; +} + +export interface SlimRoleResponse { + slug: string; +} diff --git a/src/authorization/interfaces/update-authorization-permission.interface.ts b/src/authorization/interfaces/update-authorization-permission.interface.ts new file mode 100644 index 000000000..9815a0288 --- /dev/null +++ b/src/authorization/interfaces/update-authorization-permission.interface.ts @@ -0,0 +1,10 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + UpdateOrganizationRole, + UpdateOrganizationRoleResponse, +} from './update-organization-role.interface'; + +export type UpdateAuthorizationPermission = UpdateOrganizationRole; +export type UpdateAuthorizationPermissionResponse = + UpdateOrganizationRoleResponse; diff --git a/src/authorization/interfaces/update-authorization-resource-by-external-id-options.interface.ts b/src/authorization/interfaces/update-authorization-resource-by-external-id-options.interface.ts index b3320475a..83e963aa9 100644 --- a/src/authorization/interfaces/update-authorization-resource-by-external-id-options.interface.ts +++ b/src/authorization/interfaces/update-authorization-resource-by-external-id-options.interface.ts @@ -4,4 +4,5 @@ export interface UpdateAuthorizationResourceByExternalIdOptions { externalId: string; name?: string; description?: string | null; + parentResourceId?: string; } diff --git a/src/authorization/interfaces/update-authorization-resource-options.interface.ts b/src/authorization/interfaces/update-authorization-resource-options.interface.ts new file mode 100644 index 000000000..665776c5d --- /dev/null +++ b/src/authorization/interfaces/update-authorization-resource-options.interface.ts @@ -0,0 +1,11 @@ +export interface UpdateAuthorizationResourceOptions { + resourceId: string; + name?: string; + description?: string | null; + parentResourceId?: string; +} + +export interface SerializedUpdateAuthorizationResourceOptions { + name?: string; + description?: string | null; +} diff --git a/src/authorization/interfaces/update-authorization-resource.interface.ts b/src/authorization/interfaces/update-authorization-resource.interface.ts new file mode 100644 index 000000000..fa9c68667 --- /dev/null +++ b/src/authorization/interfaces/update-authorization-resource.interface.ts @@ -0,0 +1,22 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface UpdateAuthorizationResource { + /** A display name for the resource. */ + name?: string; + /** An optional description of the resource. */ + description?: string | null; + /** The ID of the parent resource. Mutually exclusive with `parent_resource_external_id` and `parent_resource_type_slug`. */ + parentResourceId?: string; + /** The external ID of the parent resource. Required with `parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`. */ + parentResourceExternalId?: string; + /** The resource type slug of the parent resource. Required with `parent_resource_external_id`. Mutually exclusive with `parent_resource_id`. */ + parentResourceTypeSlug?: string; +} + +export interface UpdateAuthorizationResourceResponse { + name?: string; + description?: string | null; + parent_resource_id?: string; + parent_resource_external_id?: string; + parent_resource_type_slug?: string; +} diff --git a/src/authorization/interfaces/update-environment-role-options.interface.ts b/src/authorization/interfaces/update-environment-role-options.interface.ts index 471bd0967..9d6057670 100644 --- a/src/authorization/interfaces/update-environment-role-options.interface.ts +++ b/src/authorization/interfaces/update-environment-role-options.interface.ts @@ -1,9 +1,10 @@ -export interface UpdateEnvironmentRoleOptions { - name?: string; - description?: string | null; -} +// This file is auto-generated by oagen. Do not edit. -export interface SerializedUpdateEnvironmentRoleOptions { +export interface UpdateEnvironmentRoleOptions { + /** The slug of the environment role. */ + slug: string; + /** A descriptive name for the role. */ name?: string; + /** An optional description of the role. */ description?: string | null; } diff --git a/src/authorization/interfaces/update-organization-role-options.interface.ts b/src/authorization/interfaces/update-organization-role-options.interface.ts index a2fd4a314..9f0ed4b29 100644 --- a/src/authorization/interfaces/update-organization-role-options.interface.ts +++ b/src/authorization/interfaces/update-organization-role-options.interface.ts @@ -1,9 +1,12 @@ -export interface UpdateOrganizationRoleOptions { - name?: string; - description?: string | null; -} +// This file is auto-generated by oagen. Do not edit. -export interface SerializedUpdateOrganizationRoleOptions { +export interface UpdateOrganizationRoleOptions { + /** The ID of the organization. */ + organizationId: string; + /** The slug of the role. */ + slug: string; + /** A descriptive name for the role. */ name?: string; + /** An optional description of the role's purpose. */ description?: string | null; } diff --git a/src/authorization/interfaces/update-organization-role.interface.ts b/src/authorization/interfaces/update-organization-role.interface.ts new file mode 100644 index 000000000..2630368ae --- /dev/null +++ b/src/authorization/interfaces/update-organization-role.interface.ts @@ -0,0 +1,13 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface UpdateOrganizationRole { + /** A descriptive name for the role. */ + name?: string; + /** An optional description of the role's purpose. */ + description?: string | null; +} + +export interface UpdateOrganizationRoleResponse { + name?: string; + description?: string | null; +} diff --git a/src/authorization/interfaces/update-permission-options.interface.ts b/src/authorization/interfaces/update-permission-options.interface.ts index 600645607..7cd76ca17 100644 --- a/src/authorization/interfaces/update-permission-options.interface.ts +++ b/src/authorization/interfaces/update-permission-options.interface.ts @@ -1,9 +1,10 @@ -export interface UpdatePermissionOptions { - name?: string; - description?: string | null; -} +// This file is auto-generated by oagen. Do not edit. -export interface SerializedUpdatePermissionOptions { +export interface UpdatePermissionOptions { + /** A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks. */ + slug: string; + /** A descriptive name for the Permission. */ name?: string; + /** An optional description of the Permission. */ description?: string | null; } diff --git a/src/authorization/interfaces/update-role.interface.ts b/src/authorization/interfaces/update-role.interface.ts new file mode 100644 index 000000000..2da6a4c6d --- /dev/null +++ b/src/authorization/interfaces/update-role.interface.ts @@ -0,0 +1,13 @@ +// This file is auto-generated by oagen. Do not edit. + +export interface UpdateRole { + /** A descriptive name for the role. */ + name?: string; + /** An optional description of the role. */ + description?: string | null; +} + +export interface UpdateRoleResponse { + name?: string; + description?: string | null; +} diff --git a/src/authorization/interfaces/user-role-assignment-resource.interface.ts b/src/authorization/interfaces/user-role-assignment-resource.interface.ts new file mode 100644 index 000000000..100ceb8e2 --- /dev/null +++ b/src/authorization/interfaces/user-role-assignment-resource.interface.ts @@ -0,0 +1,17 @@ +// This file is auto-generated by oagen. Do not edit. + +/** The resource the role is assigned on. */ +export interface UserRoleAssignmentResource { + /** The unique ID of the Resource. */ + id: string; + /** An identifier you provide to reference the resource in your system. */ + externalId: string; + /** The slug of the resource type this resource belongs to. */ + resourceTypeSlug: string; +} + +export interface UserRoleAssignmentResourceResponse { + id: string; + external_id: string; + resource_type_slug: string; +} diff --git a/src/authorization/interfaces/user-role-assignment.interface.ts b/src/authorization/interfaces/user-role-assignment.interface.ts new file mode 100644 index 000000000..0664fb296 --- /dev/null +++ b/src/authorization/interfaces/user-role-assignment.interface.ts @@ -0,0 +1,34 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { SlimRole, SlimRoleResponse } from './slim-role.interface'; +import type { + UserRoleAssignmentResource, + UserRoleAssignmentResourceResponse, +} from './user-role-assignment-resource.interface'; + +export interface UserRoleAssignment { + /** Distinguishes the role assignment object. */ + object: 'role_assignment'; + /** Unique identifier of the role assignment. */ + id: string; + /** The ID of the organization membership the role is assigned to. */ + organizationMembershipId: string; + /** The role included in the assignment. */ + role: SlimRole; + /** The resource the role is assigned on. */ + resource: UserRoleAssignmentResource; + /** An ISO 8601 timestamp. */ + createdAt: Date; + /** An ISO 8601 timestamp. */ + updatedAt: Date; +} + +export interface UserRoleAssignmentResponse { + object: 'role_assignment'; + id: string; + organization_membership_id: string; + role: SlimRoleResponse; + resource: UserRoleAssignmentResourceResponse; + created_at: string; + updated_at: string; +} diff --git a/src/authorization/serializers.spec.ts b/src/authorization/serializers.spec.ts new file mode 100644 index 000000000..b3c8e63b1 --- /dev/null +++ b/src/authorization/serializers.spec.ts @@ -0,0 +1,25 @@ +// This file is auto-generated by oagen. Do not edit. + +import { deserializeAuthorizationResource } from './serializers/authorization-resource.serializer'; +import { deserializePermission } from './serializers/permission.serializer'; +import type { AuthorizationResourceResponse } from './interfaces/authorization-resource.interface'; +import type { PermissionResponse } from './interfaces/permission.interface'; +import authorizationResourceFixture from './fixtures/authorization-resource.json'; +import permissionFixture from './fixtures/permission.json'; + +describe('AuthorizationResourceSerializer', () => { + it('deserializes correctly', () => { + const fixture = + authorizationResourceFixture as AuthorizationResourceResponse; + const deserialized = deserializeAuthorizationResource(fixture); + expect(deserialized).toBeDefined(); + }); +}); + +describe('PermissionSerializer', () => { + it('deserializes correctly', () => { + const fixture = permissionFixture as PermissionResponse; + const deserialized = deserializePermission(fixture); + expect(deserialized).toBeDefined(); + }); +}); diff --git a/src/authorization/serializers/add-role-permission.serializer.ts b/src/authorization/serializers/add-role-permission.serializer.ts new file mode 100644 index 000000000..8d342ed70 --- /dev/null +++ b/src/authorization/serializers/add-role-permission.serializer.ts @@ -0,0 +1,12 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + AddRolePermission, + AddRolePermissionResponse, +} from '../interfaces/add-role-permission.interface'; + +export const serializeAddRolePermission = ( + model: AddRolePermission, +): AddRolePermissionResponse => ({ + slug: model.slug, +}); diff --git a/src/authorization/serializers/assign-role-options.serializer.ts b/src/authorization/serializers/assign-role-options.serializer.ts deleted file mode 100644 index 115c9758e..000000000 --- a/src/authorization/serializers/assign-role-options.serializer.ts +++ /dev/null @@ -1,15 +0,0 @@ -import { - AssignRoleOptions, - SerializedAssignRoleOptions, -} from '../interfaces/assign-role-options.interface'; - -export const serializeAssignRoleOptions = ( - options: AssignRoleOptions, -): SerializedAssignRoleOptions => ({ - role_slug: options.roleSlug, - ...('resourceId' in options && { resource_id: options.resourceId }), - ...('resourceExternalId' in options && { - resource_external_id: options.resourceExternalId, - resource_type_slug: options.resourceTypeSlug, - }), -}); diff --git a/src/authorization/serializers/assign-role.serializer.ts b/src/authorization/serializers/assign-role.serializer.ts new file mode 100644 index 000000000..9d5014037 --- /dev/null +++ b/src/authorization/serializers/assign-role.serializer.ts @@ -0,0 +1,13 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + AssignRole, + AssignRoleResponse, +} from '../interfaces/assign-role.interface'; + +export const serializeAssignRole = (model: AssignRole): AssignRoleResponse => ({ + role_slug: model.roleSlug, + resource_id: model.resourceId, + resource_external_id: model.resourceExternalId, + resource_type_slug: model.resourceTypeSlug, +}); diff --git a/src/authorization/serializers/authorization-check-options.serializer.ts b/src/authorization/serializers/authorization-check-options.serializer.ts deleted file mode 100644 index aff4f28b9..000000000 --- a/src/authorization/serializers/authorization-check-options.serializer.ts +++ /dev/null @@ -1,15 +0,0 @@ -import { - AuthorizationCheckOptions, - SerializedAuthorizationCheckOptions, -} from '../interfaces'; - -export const serializeAuthorizationCheckOptions = ( - options: AuthorizationCheckOptions, -): SerializedAuthorizationCheckOptions => ({ - permission_slug: options.permissionSlug, - ...('resourceId' in options && { resource_id: options.resourceId }), - ...('resourceExternalId' in options && { - resource_external_id: options.resourceExternalId, - resource_type_slug: options.resourceTypeSlug, - }), -}); diff --git a/src/authorization/serializers/authorization-check.serializer.ts b/src/authorization/serializers/authorization-check.serializer.ts new file mode 100644 index 000000000..f07b58316 --- /dev/null +++ b/src/authorization/serializers/authorization-check.serializer.ts @@ -0,0 +1,12 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + AuthorizationCheck, + AuthorizationCheckResponse, +} from '../interfaces/authorization-check.interface'; + +export const deserializeAuthorizationCheck = ( + response: AuthorizationCheckResponse, +): AuthorizationCheck => ({ + authorized: response.authorized, +}); diff --git a/src/authorization/serializers/authorization-permission.serializer.ts b/src/authorization/serializers/authorization-permission.serializer.ts new file mode 100644 index 000000000..772d911fa --- /dev/null +++ b/src/authorization/serializers/authorization-permission.serializer.ts @@ -0,0 +1,20 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + AuthorizationPermission, + AuthorizationPermissionResponse, +} from '../interfaces/authorization-permission.interface'; + +export const deserializeAuthorizationPermission = ( + response: AuthorizationPermissionResponse, +): AuthorizationPermission => ({ + object: response.object, + id: response.id, + slug: response.slug, + name: response.name, + description: response.description ?? null, + system: response.system, + resourceTypeSlug: response.resource_type_slug, + createdAt: new Date(response.created_at), + updatedAt: new Date(response.updated_at), +}); diff --git a/src/authorization/serializers/authorization-resource.serializer.ts b/src/authorization/serializers/authorization-resource.serializer.ts index 68b10a508..23cbbe4eb 100644 --- a/src/authorization/serializers/authorization-resource.serializer.ts +++ b/src/authorization/serializers/authorization-resource.serializer.ts @@ -1,19 +1,21 @@ -import { +// This file is auto-generated by oagen. Do not edit. + +import type { AuthorizationResource, AuthorizationResourceResponse, } from '../interfaces/authorization-resource.interface'; export const deserializeAuthorizationResource = ( - resource: AuthorizationResourceResponse, + response: AuthorizationResourceResponse, ): AuthorizationResource => ({ - object: resource.object, - id: resource.id, - externalId: resource.external_id, - name: resource.name, - description: resource.description, - resourceTypeSlug: resource.resource_type_slug, - organizationId: resource.organization_id, - parentResourceId: resource.parent_resource_id, - createdAt: resource.created_at, - updatedAt: resource.updated_at, + object: response.object, + name: response.name, + description: response.description ?? null, + organizationId: response.organization_id, + parentResourceId: response.parent_resource_id ?? null, + id: response.id, + externalId: response.external_id, + resourceTypeSlug: response.resource_type_slug, + createdAt: new Date(response.created_at), + updatedAt: new Date(response.updated_at), }); diff --git a/src/authorization/serializers/check-authorization.serializer.ts b/src/authorization/serializers/check-authorization.serializer.ts new file mode 100644 index 000000000..34e2acde9 --- /dev/null +++ b/src/authorization/serializers/check-authorization.serializer.ts @@ -0,0 +1,15 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + CheckAuthorization, + CheckAuthorizationResponse, +} from '../interfaces/check-authorization.interface'; + +export const serializeCheckAuthorization = ( + model: CheckAuthorization, +): CheckAuthorizationResponse => ({ + permission_slug: model.permissionSlug, + resource_id: model.resourceId, + resource_external_id: model.resourceExternalId, + resource_type_slug: model.resourceTypeSlug, +}); diff --git a/src/authorization/serializers/create-authorization-permission.serializer.ts b/src/authorization/serializers/create-authorization-permission.serializer.ts new file mode 100644 index 000000000..d049af2cc --- /dev/null +++ b/src/authorization/serializers/create-authorization-permission.serializer.ts @@ -0,0 +1,15 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + CreateAuthorizationPermission, + CreateAuthorizationPermissionResponse, +} from '../interfaces/create-authorization-permission.interface'; + +export const serializeCreateAuthorizationPermission = ( + model: CreateAuthorizationPermission, +): CreateAuthorizationPermissionResponse => ({ + slug: model.slug, + name: model.name, + description: model.description ?? null, + resource_type_slug: model.resourceTypeSlug, +}); diff --git a/src/authorization/serializers/create-authorization-resource-options.serializer.ts b/src/authorization/serializers/create-authorization-resource-options.serializer.ts deleted file mode 100644 index c667f2c4f..000000000 --- a/src/authorization/serializers/create-authorization-resource-options.serializer.ts +++ /dev/null @@ -1,23 +0,0 @@ -import { - CreateAuthorizationResourceOptions, - SerializedCreateAuthorizationResourceOptions, -} from '../interfaces/authorization-resource.interface'; - -export const serializeCreateResourceOptions = ( - options: CreateAuthorizationResourceOptions, -): SerializedCreateAuthorizationResourceOptions => ({ - organization_id: options.organizationId, - resource_type_slug: options.resourceTypeSlug, - external_id: options.externalId, - name: options.name, - ...(options.description !== undefined && { - description: options.description, - }), - ...('parentResourceId' in options && { - parent_resource_id: options.parentResourceId, - }), - ...('parentResourceExternalId' in options && { - parent_resource_external_id: options.parentResourceExternalId, - parent_resource_type_slug: options.parentResourceTypeSlug, - }), -}); diff --git a/src/authorization/serializers/create-authorization-resource.serializer.ts b/src/authorization/serializers/create-authorization-resource.serializer.ts new file mode 100644 index 000000000..c7b5129fb --- /dev/null +++ b/src/authorization/serializers/create-authorization-resource.serializer.ts @@ -0,0 +1,19 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + CreateAuthorizationResource, + CreateAuthorizationResourceResponse, +} from '../interfaces/create-authorization-resource.interface'; + +export const serializeCreateAuthorizationResource = ( + model: CreateAuthorizationResource, +): CreateAuthorizationResourceResponse => ({ + external_id: model.externalId, + name: model.name, + description: model.description ?? null, + resource_type_slug: model.resourceTypeSlug, + organization_id: model.organizationId, + parent_resource_id: model.parentResourceId ?? null, + parent_resource_external_id: model.parentResourceExternalId, + parent_resource_type_slug: model.parentResourceTypeSlug, +}); diff --git a/src/authorization/serializers/create-environment-role-options.serializer.ts b/src/authorization/serializers/create-environment-role-options.serializer.ts deleted file mode 100644 index 9ed17b439..000000000 --- a/src/authorization/serializers/create-environment-role-options.serializer.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { - CreateEnvironmentRoleOptions, - SerializedCreateEnvironmentRoleOptions, -} from '../interfaces/create-environment-role-options.interface'; - -export const serializeCreateEnvironmentRoleOptions = ( - options: CreateEnvironmentRoleOptions, -): SerializedCreateEnvironmentRoleOptions => ({ - slug: options.slug, - name: options.name, - description: options.description, - resource_type_slug: options.resourceTypeSlug, -}); diff --git a/src/authorization/serializers/create-organization-role-options.serializer.ts b/src/authorization/serializers/create-organization-role-options.serializer.ts deleted file mode 100644 index f2895296c..000000000 --- a/src/authorization/serializers/create-organization-role-options.serializer.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { - CreateOrganizationRoleOptions, - SerializedCreateOrganizationRoleOptions, -} from '../interfaces/create-organization-role-options.interface'; - -export const serializeCreateOrganizationRoleOptions = ( - options: CreateOrganizationRoleOptions, -): SerializedCreateOrganizationRoleOptions => ({ - slug: options.slug, - name: options.name, - description: options.description, - resource_type_slug: options.resourceTypeSlug, -}); diff --git a/src/authorization/serializers/create-organization-role.serializer.ts b/src/authorization/serializers/create-organization-role.serializer.ts new file mode 100644 index 000000000..bc2df8574 --- /dev/null +++ b/src/authorization/serializers/create-organization-role.serializer.ts @@ -0,0 +1,15 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + CreateOrganizationRole, + CreateOrganizationRoleResponse, +} from '../interfaces/create-organization-role.interface'; + +export const serializeCreateOrganizationRole = ( + model: CreateOrganizationRole, +): CreateOrganizationRoleResponse => ({ + slug: model.slug, + name: model.name, + description: model.description ?? null, + resource_type_slug: model.resourceTypeSlug, +}); diff --git a/src/authorization/serializers/create-permission-options.serializer.ts b/src/authorization/serializers/create-permission-options.serializer.ts deleted file mode 100644 index b7fd56f93..000000000 --- a/src/authorization/serializers/create-permission-options.serializer.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { - CreatePermissionOptions, - SerializedCreatePermissionOptions, -} from '../interfaces/create-permission-options.interface'; - -export const serializeCreatePermissionOptions = ( - options: CreatePermissionOptions, -): SerializedCreatePermissionOptions => ({ - slug: options.slug, - name: options.name, - description: options.description, - resource_type_slug: options.resourceTypeSlug, -}); diff --git a/src/authorization/serializers/create-role.serializer.ts b/src/authorization/serializers/create-role.serializer.ts new file mode 100644 index 000000000..1e541234e --- /dev/null +++ b/src/authorization/serializers/create-role.serializer.ts @@ -0,0 +1,13 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + CreateRole, + CreateRoleResponse, +} from '../interfaces/create-role.interface'; + +export const serializeCreateRole = (model: CreateRole): CreateRoleResponse => ({ + slug: model.slug, + name: model.name, + description: model.description ?? null, + resource_type_slug: model.resourceTypeSlug, +}); diff --git a/src/authorization/serializers/index.ts b/src/authorization/serializers/index.ts index 68571380e..8080185b0 100644 --- a/src/authorization/serializers/index.ts +++ b/src/authorization/serializers/index.ts @@ -1,23 +1,22 @@ -export * from './environment-role.serializer'; -export * from './create-environment-role-options.serializer'; -export * from './update-environment-role-options.serializer'; -export * from './organization-role.serializer'; -export * from './create-organization-role-options.serializer'; -export * from './update-organization-role-options.serializer'; -export * from './permission.serializer'; -export * from './create-permission-options.serializer'; -export * from './update-permission-options.serializer'; +// This file is auto-generated by oagen. Do not edit. + +export * from './add-role-permission.serializer'; +export * from './assign-role.serializer'; +export * from './authorization-check.serializer'; +export * from './authorization-permission.serializer'; export * from './authorization-resource.serializer'; -export * from './create-authorization-resource-options.serializer'; -export * from './update-authorization-resource-options.serializer'; -export * from './update-authorization-resource-by-external-id-options.serializer'; -export * from './list-authorization-resources-options.serializer'; -export * from './authorization-check-options.serializer'; -export * from './list-resources-for-membership-options.serializer'; -export * from './list-memberships-for-resource-options.serializer'; -export * from './role-assignment.serializer'; -export * from './list-role-assignments-options.serializer'; -export * from './list-role-assignments-for-resource-options.serializer'; -export * from './assign-role-options.serializer'; -export * from './remove-role-options.serializer'; -export * from './list-effective-permissions-options.serializer'; +export * from './check-authorization.serializer'; +export * from './create-authorization-permission.serializer'; +export * from './create-authorization-resource.serializer'; +export * from './create-organization-role.serializer'; +export * from './create-role.serializer'; +export * from './permission.serializer'; +export * from './remove-role.serializer'; +export * from './set-role-permissions.serializer'; +export * from './slim-role.serializer'; +export * from './update-authorization-permission.serializer'; +export * from './update-authorization-resource.serializer'; +export * from './update-organization-role.serializer'; +export * from './update-role.serializer'; +export * from './user-role-assignment.serializer'; +export * from './user-role-assignment-resource.serializer'; diff --git a/src/authorization/serializers/list-authorization-resources-options.serializer.ts b/src/authorization/serializers/list-authorization-resources-options.serializer.ts deleted file mode 100644 index d0836acc1..000000000 --- a/src/authorization/serializers/list-authorization-resources-options.serializer.ts +++ /dev/null @@ -1,26 +0,0 @@ -import { serializePaginationOptions } from '../../common/serializers'; -import { - ListAuthorizationResourcesOptions, - SerializedListAuthorizationResourcesOptions, -} from '../interfaces/list-authorization-resources-options.interface'; - -export const serializeListAuthorizationResourcesOptions = ( - options: ListAuthorizationResourcesOptions, -): SerializedListAuthorizationResourcesOptions => ({ - ...(options.organizationId && { - organization_id: options.organizationId, - }), - ...(options.resourceTypeSlug && { - resource_type_slug: options.resourceTypeSlug, - }), - ...(options.parentResourceId && { - parent_resource_id: options.parentResourceId, - }), - ...(options.parentResourceTypeSlug && { - parent_resource_type_slug: options.parentResourceTypeSlug, - }), - ...(options.parentExternalId && { - parent_external_id: options.parentExternalId, - }), - ...serializePaginationOptions(options), -}); diff --git a/src/authorization/serializers/list-effective-permissions-options.serializer.ts b/src/authorization/serializers/list-effective-permissions-options.serializer.ts deleted file mode 100644 index 15c2ae2e0..000000000 --- a/src/authorization/serializers/list-effective-permissions-options.serializer.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { serializePaginationOptions } from '../../common/serializers'; -import { ListEffectivePermissionsOptions } from '../interfaces/list-effective-permissions-options.interface'; -import { ListEffectivePermissionsByExternalIdOptions } from '../interfaces/list-effective-permissions-by-external-id-options.interface'; - -type ListEffectivePermissionsQueryOptions = - | ListEffectivePermissionsOptions - | ListEffectivePermissionsByExternalIdOptions; - -export const serializeListEffectivePermissionsOptions = ( - options: ListEffectivePermissionsQueryOptions, -): Record => ({ - ...serializePaginationOptions(options), -}); diff --git a/src/authorization/serializers/list-memberships-for-resource-options.serializer.ts b/src/authorization/serializers/list-memberships-for-resource-options.serializer.ts deleted file mode 100644 index 870bdc8fc..000000000 --- a/src/authorization/serializers/list-memberships-for-resource-options.serializer.ts +++ /dev/null @@ -1,15 +0,0 @@ -import { serializePaginationOptions } from '../../common/serializers'; -import { ListMembershipsForResourceByExternalIdOptions } from '../interfaces/list-memberships-for-resource-by-external-id-options.interface'; -import { ListMembershipsForResourceOptions } from '../interfaces/list-memberships-for-resource-options.interface'; - -type ListMembershipsQueryOptions = - | ListMembershipsForResourceOptions - | ListMembershipsForResourceByExternalIdOptions; - -export const serializeListMembershipsForResourceOptions = ( - options: ListMembershipsQueryOptions, -): Record => ({ - permission_slug: options.permissionSlug, - ...(options.assignment && { assignment: options.assignment }), - ...serializePaginationOptions(options), -}); diff --git a/src/authorization/serializers/list-resources-for-membership-options.serializer.ts b/src/authorization/serializers/list-resources-for-membership-options.serializer.ts deleted file mode 100644 index 268959c99..000000000 --- a/src/authorization/serializers/list-resources-for-membership-options.serializer.ts +++ /dev/null @@ -1,19 +0,0 @@ -import { serializePaginationOptions } from '../../common/serializers'; -import { - ListResourcesForMembershipOptions, - SerializedListResourcesForMembershipOptions, -} from '../interfaces/list-resources-for-membership-options.interface'; - -export const serializeListResourcesForMembershipOptions = ( - options: ListResourcesForMembershipOptions, -): SerializedListResourcesForMembershipOptions => ({ - permission_slug: options.permissionSlug, - ...serializePaginationOptions(options), - ...('parentResourceId' in options && { - parent_resource_id: options.parentResourceId, - }), - ...('parentResourceExternalId' in options && { - parent_resource_type_slug: options.parentResourceTypeSlug, - parent_resource_external_id: options.parentResourceExternalId, - }), -}); diff --git a/src/authorization/serializers/list-role-assignments-for-resource-options.serializer.ts b/src/authorization/serializers/list-role-assignments-for-resource-options.serializer.ts deleted file mode 100644 index ab9a9d005..000000000 --- a/src/authorization/serializers/list-role-assignments-for-resource-options.serializer.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { PaginationOptions } from '../../common/interfaces/pagination-options.interface'; -import { serializePaginationOptions } from '../../common/serializers'; -import { SerializedListRoleAssignmentsForResourceOptions } from '../interfaces/list-role-assignments-for-resource-options.interface'; - -interface ListRoleAssignmentsForResourceQueryOptions extends PaginationOptions { - roleSlug?: string; -} - -export const serializeListRoleAssignmentsForResourceOptions = ( - options: ListRoleAssignmentsForResourceQueryOptions, -): SerializedListRoleAssignmentsForResourceOptions => ({ - ...(options.roleSlug && { role_slug: options.roleSlug }), - ...serializePaginationOptions(options), -}); diff --git a/src/authorization/serializers/list-role-assignments-options.serializer.ts b/src/authorization/serializers/list-role-assignments-options.serializer.ts deleted file mode 100644 index 658517929..000000000 --- a/src/authorization/serializers/list-role-assignments-options.serializer.ts +++ /dev/null @@ -1,18 +0,0 @@ -import { serializePaginationOptions } from '../../common/serializers'; -import { - ListRoleAssignmentsOptions, - SerializedListRoleAssignmentsOptions, -} from '../interfaces/list-role-assignments-options.interface'; - -export const serializeListRoleAssignmentsOptions = ( - options: Omit, -): SerializedListRoleAssignmentsOptions => ({ - ...(options.resourceId && { resource_id: options.resourceId }), - ...(options.resourceExternalId && { - resource_external_id: options.resourceExternalId, - }), - ...(options.resourceTypeSlug && { - resource_type_slug: options.resourceTypeSlug, - }), - ...serializePaginationOptions(options), -}); diff --git a/src/authorization/serializers/permission.serializer.ts b/src/authorization/serializers/permission.serializer.ts index 12a360169..dac3fc3c3 100644 --- a/src/authorization/serializers/permission.serializer.ts +++ b/src/authorization/serializers/permission.serializer.ts @@ -1,18 +1,20 @@ -import { +// This file is auto-generated by oagen. Do not edit. + +import type { Permission, PermissionResponse, } from '../interfaces/permission.interface'; export const deserializePermission = ( - permission: PermissionResponse, + response: PermissionResponse, ): Permission => ({ - object: permission.object, - id: permission.id, - slug: permission.slug, - name: permission.name, - description: permission.description, - resourceTypeSlug: permission.resource_type_slug, - system: permission.system, - createdAt: permission.created_at, - updatedAt: permission.updated_at, + object: response.object, + id: response.id, + slug: response.slug, + name: response.name, + description: response.description ?? null, + system: response.system, + resourceTypeSlug: response.resource_type_slug, + createdAt: new Date(response.created_at), + updatedAt: new Date(response.updated_at), }); diff --git a/src/authorization/serializers/remove-role-options.serializer.ts b/src/authorization/serializers/remove-role-options.serializer.ts deleted file mode 100644 index 0efc08edc..000000000 --- a/src/authorization/serializers/remove-role-options.serializer.ts +++ /dev/null @@ -1,15 +0,0 @@ -import { - RemoveRoleOptions, - SerializedRemoveRoleOptions, -} from '../interfaces/remove-role-options.interface'; - -export const serializeRemoveRoleOptions = ( - options: RemoveRoleOptions, -): SerializedRemoveRoleOptions => ({ - role_slug: options.roleSlug, - ...('resourceId' in options && { resource_id: options.resourceId }), - ...('resourceExternalId' in options && { - resource_external_id: options.resourceExternalId, - resource_type_slug: options.resourceTypeSlug, - }), -}); diff --git a/src/authorization/serializers/remove-role.serializer.ts b/src/authorization/serializers/remove-role.serializer.ts new file mode 100644 index 000000000..cedfc2a96 --- /dev/null +++ b/src/authorization/serializers/remove-role.serializer.ts @@ -0,0 +1,13 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + RemoveRole, + RemoveRoleResponse, +} from '../interfaces/remove-role.interface'; + +export const serializeRemoveRole = (model: RemoveRole): RemoveRoleResponse => ({ + role_slug: model.roleSlug, + resource_id: model.resourceId, + resource_external_id: model.resourceExternalId, + resource_type_slug: model.resourceTypeSlug, +}); diff --git a/src/authorization/serializers/set-role-permissions.serializer.ts b/src/authorization/serializers/set-role-permissions.serializer.ts new file mode 100644 index 000000000..c21d03b53 --- /dev/null +++ b/src/authorization/serializers/set-role-permissions.serializer.ts @@ -0,0 +1,12 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + SetRolePermissions, + SetRolePermissionsResponse, +} from '../interfaces/set-role-permissions.interface'; + +export const serializeSetRolePermissions = ( + model: SetRolePermissions, +): SetRolePermissionsResponse => ({ + permissions: model.permissions, +}); diff --git a/src/authorization/serializers/slim-role.serializer.ts b/src/authorization/serializers/slim-role.serializer.ts new file mode 100644 index 000000000..6281acac9 --- /dev/null +++ b/src/authorization/serializers/slim-role.serializer.ts @@ -0,0 +1,14 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + SlimRole, + SlimRoleResponse, +} from '../interfaces/slim-role.interface'; + +export const deserializeSlimRole = (response: SlimRoleResponse): SlimRole => ({ + slug: response.slug, +}); + +export const serializeSlimRole = (model: SlimRole): SlimRoleResponse => ({ + slug: model.slug, +}); diff --git a/src/authorization/serializers/update-authorization-permission.serializer.ts b/src/authorization/serializers/update-authorization-permission.serializer.ts new file mode 100644 index 000000000..a9ccca78d --- /dev/null +++ b/src/authorization/serializers/update-authorization-permission.serializer.ts @@ -0,0 +1,3 @@ +// This file is auto-generated by oagen. Do not edit. + +export { serializeUpdateOrganizationRole as serializeUpdateAuthorizationPermission } from './update-organization-role.serializer'; diff --git a/src/authorization/serializers/update-authorization-resource-by-external-id-options.serializer.ts b/src/authorization/serializers/update-authorization-resource-by-external-id-options.serializer.ts deleted file mode 100644 index 906d79057..000000000 --- a/src/authorization/serializers/update-authorization-resource-by-external-id-options.serializer.ts +++ /dev/null @@ -1,11 +0,0 @@ -import { UpdateAuthorizationResourceByExternalIdOptions } from '../interfaces/update-authorization-resource-by-external-id-options.interface'; -import { SerializedUpdateAuthorizationResourceOptions } from '../interfaces/authorization-resource.interface'; - -export const serializeUpdateResourceByExternalIdOptions = ( - options: UpdateAuthorizationResourceByExternalIdOptions, -): SerializedUpdateAuthorizationResourceOptions => ({ - ...(options.name !== undefined && { name: options.name }), - ...(options.description !== undefined && { - description: options.description, - }), -}); diff --git a/src/authorization/serializers/update-authorization-resource-options.serializer.ts b/src/authorization/serializers/update-authorization-resource-options.serializer.ts deleted file mode 100644 index cbd3e95ea..000000000 --- a/src/authorization/serializers/update-authorization-resource-options.serializer.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { - UpdateAuthorizationResourceOptions, - SerializedUpdateAuthorizationResourceOptions, -} from '../interfaces/authorization-resource.interface'; - -export const serializeUpdateResourceOptions = ( - options: UpdateAuthorizationResourceOptions, -): SerializedUpdateAuthorizationResourceOptions => ({ - ...(options.name !== undefined && { name: options.name }), - ...(options.description !== undefined && { - description: options.description, - }), -}); diff --git a/src/authorization/serializers/update-authorization-resource.serializer.ts b/src/authorization/serializers/update-authorization-resource.serializer.ts new file mode 100644 index 000000000..ada5c0378 --- /dev/null +++ b/src/authorization/serializers/update-authorization-resource.serializer.ts @@ -0,0 +1,16 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + UpdateAuthorizationResource, + UpdateAuthorizationResourceResponse, +} from '../interfaces/update-authorization-resource.interface'; + +export const serializeUpdateAuthorizationResource = ( + model: UpdateAuthorizationResource, +): UpdateAuthorizationResourceResponse => ({ + name: model.name, + description: model.description ?? null, + parent_resource_id: model.parentResourceId, + parent_resource_external_id: model.parentResourceExternalId, + parent_resource_type_slug: model.parentResourceTypeSlug, +}); diff --git a/src/authorization/serializers/update-environment-role-options.serializer.ts b/src/authorization/serializers/update-environment-role-options.serializer.ts deleted file mode 100644 index 537c95928..000000000 --- a/src/authorization/serializers/update-environment-role-options.serializer.ts +++ /dev/null @@ -1,11 +0,0 @@ -import { - UpdateEnvironmentRoleOptions, - SerializedUpdateEnvironmentRoleOptions, -} from '../interfaces/update-environment-role-options.interface'; - -export const serializeUpdateEnvironmentRoleOptions = ( - options: UpdateEnvironmentRoleOptions, -): SerializedUpdateEnvironmentRoleOptions => ({ - name: options.name, - description: options.description, -}); diff --git a/src/authorization/serializers/update-organization-role-options.serializer.ts b/src/authorization/serializers/update-organization-role-options.serializer.ts deleted file mode 100644 index 7bfc5571d..000000000 --- a/src/authorization/serializers/update-organization-role-options.serializer.ts +++ /dev/null @@ -1,11 +0,0 @@ -import { - UpdateOrganizationRoleOptions, - SerializedUpdateOrganizationRoleOptions, -} from '../interfaces/update-organization-role-options.interface'; - -export const serializeUpdateOrganizationRoleOptions = ( - options: UpdateOrganizationRoleOptions, -): SerializedUpdateOrganizationRoleOptions => ({ - name: options.name, - description: options.description, -}); diff --git a/src/authorization/serializers/update-organization-role.serializer.ts b/src/authorization/serializers/update-organization-role.serializer.ts new file mode 100644 index 000000000..5819b4944 --- /dev/null +++ b/src/authorization/serializers/update-organization-role.serializer.ts @@ -0,0 +1,13 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + UpdateOrganizationRole, + UpdateOrganizationRoleResponse, +} from '../interfaces/update-organization-role.interface'; + +export const serializeUpdateOrganizationRole = ( + model: UpdateOrganizationRole, +): UpdateOrganizationRoleResponse => ({ + name: model.name, + description: model.description ?? null, +}); diff --git a/src/authorization/serializers/update-permission-options.serializer.ts b/src/authorization/serializers/update-permission-options.serializer.ts deleted file mode 100644 index 4ac4e67d0..000000000 --- a/src/authorization/serializers/update-permission-options.serializer.ts +++ /dev/null @@ -1,11 +0,0 @@ -import { - UpdatePermissionOptions, - SerializedUpdatePermissionOptions, -} from '../interfaces/update-permission-options.interface'; - -export const serializeUpdatePermissionOptions = ( - options: UpdatePermissionOptions, -): SerializedUpdatePermissionOptions => ({ - name: options.name, - description: options.description, -}); diff --git a/src/authorization/serializers/update-role.serializer.ts b/src/authorization/serializers/update-role.serializer.ts new file mode 100644 index 000000000..3fe43f4c7 --- /dev/null +++ b/src/authorization/serializers/update-role.serializer.ts @@ -0,0 +1,11 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + UpdateRole, + UpdateRoleResponse, +} from '../interfaces/update-role.interface'; + +export const serializeUpdateRole = (model: UpdateRole): UpdateRoleResponse => ({ + name: model.name, + description: model.description ?? null, +}); diff --git a/src/authorization/serializers/user-role-assignment-resource.serializer.ts b/src/authorization/serializers/user-role-assignment-resource.serializer.ts new file mode 100644 index 000000000..974ba42b0 --- /dev/null +++ b/src/authorization/serializers/user-role-assignment-resource.serializer.ts @@ -0,0 +1,14 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + UserRoleAssignmentResource, + UserRoleAssignmentResourceResponse, +} from '../interfaces/user-role-assignment-resource.interface'; + +export const deserializeUserRoleAssignmentResource = ( + response: UserRoleAssignmentResourceResponse, +): UserRoleAssignmentResource => ({ + id: response.id, + externalId: response.external_id, + resourceTypeSlug: response.resource_type_slug, +}); diff --git a/src/authorization/serializers/user-role-assignment.serializer.ts b/src/authorization/serializers/user-role-assignment.serializer.ts new file mode 100644 index 000000000..209c3fff2 --- /dev/null +++ b/src/authorization/serializers/user-role-assignment.serializer.ts @@ -0,0 +1,20 @@ +// This file is auto-generated by oagen. Do not edit. + +import type { + UserRoleAssignment, + UserRoleAssignmentResponse, +} from '../interfaces/user-role-assignment.interface'; +import { deserializeSlimRole } from './slim-role.serializer'; +import { deserializeUserRoleAssignmentResource } from './user-role-assignment-resource.serializer'; + +export const deserializeUserRoleAssignment = ( + response: UserRoleAssignmentResponse, +): UserRoleAssignment => ({ + object: response.object, + id: response.id, + organizationMembershipId: response.organization_membership_id, + role: deserializeSlimRole(response.role), + resource: deserializeUserRoleAssignmentResource(response.resource), + createdAt: new Date(response.created_at), + updatedAt: new Date(response.updated_at), +}); diff --git a/src/common/fixtures/environment-role.json b/src/common/fixtures/environment-role.json new file mode 100644 index 000000000..5fc4eee07 --- /dev/null +++ b/src/common/fixtures/environment-role.json @@ -0,0 +1,12 @@ +{ + "object": "role", + "id": "role_01HXYZ123ABC456DEF789GHI", + "name": "Admin", + "slug": "admin", + "description": "Full administrative access", + "permissions": ["users:read", "users:write", "settings:manage"], + "resource_type_slug": "organization", + "type": "EnvironmentRole", + "created_at": "2024-01-15T09:30:00.000Z", + "updated_at": "2024-01-15T09:30:00.000Z" +} diff --git a/src/common/fixtures/organization-role.json b/src/common/fixtures/organization-role.json new file mode 100644 index 000000000..59eda737a --- /dev/null +++ b/src/common/fixtures/organization-role.json @@ -0,0 +1,12 @@ +{ + "object": "role", + "id": "role_01HXYZ123ABC456DEF789ORG", + "name": "Org Admin", + "slug": "org-admin", + "description": "Organization administrator", + "permissions": ["org:manage", "members:invite"], + "resource_type_slug": "organization", + "type": "OrganizationRole", + "created_at": "2024-01-15T09:30:00.000Z", + "updated_at": "2024-01-15T09:30:00.000Z" +} diff --git a/src/common/fixtures/role-assignment.json b/src/common/fixtures/role-assignment.json new file mode 100644 index 000000000..ea957988e --- /dev/null +++ b/src/common/fixtures/role-assignment.json @@ -0,0 +1,15 @@ +{ + "object": "role_assignment", + "id": "role_assignment_01HXYZ123ABC456DEF789ABC", + "organization_membership_id": "om_01HXYZ123ABC456DEF789ABC", + "role": { + "slug": "editor" + }, + "resource": { + "id": "resource_01HXYZ123ABC456DEF789XYZ", + "external_id": "doc-123", + "resource_type_slug": "document" + }, + "created_at": "2024-01-15T09:30:00.000Z", + "updated_at": "2024-01-15T09:30:00.000Z" +} diff --git a/src/roles/fixtures/role-list.json b/src/roles/fixtures/role-list.json new file mode 100644 index 000000000..0d7225e5f --- /dev/null +++ b/src/roles/fixtures/role-list.json @@ -0,0 +1,41 @@ +{ + "object": "list", + "data": [ + { + "object": "role", + "id": "role_01HXYZ123ABC456DEF789ENV", + "name": "Admin", + "slug": "admin", + "description": "Environment-level admin role", + "permissions": ["users:read", "users:write"], + "resource_type_slug": "organization", + "type": "EnvironmentRole", + "created_at": "2024-01-15T08:00:00.000Z", + "updated_at": "2024-01-15T08:00:00.000Z" + }, + { + "object": "role", + "id": "role_01HXYZ123ABC456DEF789ORG", + "name": "Org Admin", + "slug": "org-admin", + "description": "Organization administrator", + "permissions": ["org:manage", "members:invite"], + "resource_type_slug": "organization", + "type": "OrganizationRole", + "created_at": "2024-01-15T09:30:00.000Z", + "updated_at": "2024-01-15T09:30:00.000Z" + }, + { + "object": "role", + "id": "role_01HXYZ123ABC456DEF789MEM", + "name": "Org Member", + "slug": "org-member", + "description": null, + "permissions": ["projects:read"], + "resource_type_slug": "organization", + "type": "OrganizationRole", + "created_at": "2024-01-15T10:00:00.000Z", + "updated_at": "2024-01-15T10:00:00.000Z" + } + ] +} diff --git a/src/roles/interfaces/index.ts b/src/roles/interfaces/index.ts index d7d953df4..fefb971a5 100644 --- a/src/roles/interfaces/index.ts +++ b/src/roles/interfaces/index.ts @@ -1 +1,2 @@ export * from './role.interface'; +export * from './role-list.interface'; diff --git a/src/roles/interfaces/role-list.interface.ts b/src/roles/interfaces/role-list.interface.ts new file mode 100644 index 000000000..8bb4db28e --- /dev/null +++ b/src/roles/interfaces/role-list.interface.ts @@ -0,0 +1,8 @@ +import { OrganizationRoleResponse } from './role.interface'; + +export type { RoleList } from './role.interface'; + +export interface RoleListResponse { + object: 'list'; + data: OrganizationRoleResponse[]; +} diff --git a/src/roles/serializers/role-list.serializer.ts b/src/roles/serializers/role-list.serializer.ts new file mode 100644 index 000000000..84d9536c6 --- /dev/null +++ b/src/roles/serializers/role-list.serializer.ts @@ -0,0 +1,8 @@ +import { RoleListResponse } from '../interfaces/role-list.interface'; +import { RoleList } from '../interfaces/role.interface'; +import { deserializeRole } from './role.serializer'; + +export const deserializeRoleList = (list: RoleListResponse): RoleList => ({ + object: list.object, + data: list.data.map(deserializeRole), +});