Class: WorkOS::Authorization

Inherits:

Object

Object
WorkOS::Authorization

show all

Defined in:: lib/workos/authorization.rb

Instance Method Summary collapse

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

Add a permission to an environment role.
#assign_role(organization_membership_id:, role_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::RoleAssignment

Assign a role.
#check(organization_membership_id:, permission_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::AuthorizationCheck

Check authorization.
#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

Create an environment role.
#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

Create a custom role.
#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Permission

Create a permission.
#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

Create an authorization resource.
#create_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

Add a permission to a custom role.
#delete_organization_membership_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ void

Remove a role assignment by ID.
#delete_organization_resource(organization_id:, resource_type_slug:, external_id:, cascade_delete: nil, request_options: {}) ⇒ void

Delete an authorization resource by external ID.
#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ void

Delete a custom role.
#delete_permission(slug:, request_options: {}) ⇒ void

Delete a permission.
#delete_resource(resource_id:, cascade_delete: nil, request_options: {}) ⇒ void

Delete an authorization resource.
#delete_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ WorkOS::Role

Remove a permission from a custom role.
#get_environment_role(slug:, request_options: {}) ⇒ WorkOS::Role

Get an environment role.
#get_organization_resource(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

Get a resource by external ID.
#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ WorkOS::Role

Get a custom role.
#get_permission(slug:, request_options: {}) ⇒ WorkOS::AuthorizationPermission

Get a permission.
#get_resource(resource_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

Get a resource.
#initialize(client) ⇒ Authorization constructor

A new instance of Authorization.
#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

List effective permissions for an organization membership on a resource by external ID.
#list_environment_roles(request_options: {}) ⇒ WorkOS::RoleList

List environment roles.
#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: nil, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

List organization memberships for resource.
#list_organization_membership_resources(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

List resources for organization membership.
#list_organization_membership_role_assignments(organization_membership_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::RoleAssignment>

List role assignments.
#list_organization_roles(organization_id:, request_options: {}) ⇒ WorkOS::RoleList

List custom roles.
#list_permissions(before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

List permissions.
#list_resource_organization_memberships(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: nil, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

List memberships for a resource by external ID.
#list_resource_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

List effective permissions for an organization membership on a resource.
#list_resources(before: nil, after: nil, limit: nil, order: "desc", organization_id: nil, resource_type_slug: nil, search: nil, parent: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

List resources.
#remove_role(organization_membership_id:, role_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ void

Remove a role assignment.
#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

Set permissions for an environment role.
#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

Update an environment role.
#update_organization_resource(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

Update a resource by external ID.
#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

Update a custom role.
#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::AuthorizationPermission

Update a permission.
#update_resource(resource_id:, name: nil, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

Update a resource.
#update_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

Set permissions for a custom role.

Constructor Details

#initialize(client) ⇒ `Authorization`

Returns a new instance of Authorization.



9
10
11

# File 'lib/workos/authorization.rb', line 9

def initialize(client)
  @client = client
end

Instance Method Details

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ `WorkOS::Role`

Add a permission to an environment role

Parameters:

slug (String) —

The slug of the environment role.
body_slug (String) —

The slug of the permission to add to the role.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1104

def add_environment_role_permission(
  slug:,
  body_slug:,
  request_options: {}
)
  body = {
    "slug" => body_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#assign_role(organization_membership_id:, role_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::RoleAssignment`

Assign a role

Parameters:

organization_membership_id (String) —

The ID of the organization membership.
role_slug (String) —

The slug of the role to assign.
resource_id (String, nil) (defaults to: nil) —

The ID of the resource. Mutually exclusive with ‘resource_external_id` and `resource_type_slug`.
resource_external_id (String, nil) (defaults to: nil) —

The external ID of the resource. Required with ‘resource_type_slug`. Mutually exclusive with `resource_id`.
resource_type_slug (String, nil) (defaults to: nil) —

The resource type slug. Required with ‘resource_external_id`. Mutually exclusive with `resource_id`.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::RoleAssignment)

# File 'lib/workos/authorization.rb', line 275

def assign_role(
  organization_membership_id:,
  role_slug:,
  resource_target:,
  resource_id: nil,
  resource_external_id: nil,
  resource_type_slug: nil,
  request_options: {}
)
  params = {}.compact
  case resource_target[:type]
  when "by_id"
    params["resource_id"] = resource_target[:resource_id]
  when "by_external_id"
    params["resource_external_id"] = resource_target[:resource_external_id]
    params["resource_type_slug"] = resource_target[:resource_type_slug]
  end
  body = {
    "role_slug" => role_slug,
    "resource_id" => resource_id,
    "resource_external_id" => resource_external_id,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    params: params,
    body: body,
    request_options: request_options
  )
  result = WorkOS::RoleAssignment.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#check(organization_membership_id:, permission_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::AuthorizationCheck`

Check authorization

Parameters:

organization_membership_id (String) —

The ID of the organization membership to check.
permission_slug (String) —

The slug of the permission to check.
resource_id (String, nil) (defaults to: nil) —

The ID of the resource. Mutually exclusive with ‘resource_external_id` and `resource_type_slug`.
resource_external_id (String, nil) (defaults to: nil) —

The external ID of the resource. Required with ‘resource_type_slug`. Mutually exclusive with `resource_id`.
resource_type_slug (String, nil) (defaults to: nil) —

The slug of the resource type. Required with ‘resource_external_id`. Mutually exclusive with `resource_id`.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationCheck)

# File 'lib/workos/authorization.rb', line 21

def check(
  organization_membership_id:,
  permission_slug:,
  resource_target:,
  resource_id: nil,
  resource_external_id: nil,
  resource_type_slug: nil,
  request_options: {}
)
  params = {}.compact
  case resource_target[:type]
  when "by_id"
    params["resource_id"] = resource_target[:resource_id]
  when "by_external_id"
    params["resource_external_id"] = resource_target[:resource_external_id]
    params["resource_type_slug"] = resource_target[:resource_type_slug]
  end
  body = {
    "permission_slug" => permission_slug,
    "resource_id" => resource_id,
    "resource_external_id" => resource_external_id,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/check",
    auth: true,
    params: params,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationCheck.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Role`

Create an environment role

Parameters:

slug (String) —

A unique slug for the role.
name (String) —

A descriptive name for the role.
description (String, nil) (defaults to: nil) —

An optional description of the role.
resource_type_slug (String, nil) (defaults to: nil) —

The slug of the resource type the role is scoped to.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1027

def create_environment_role(
  slug:,
  name:,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/roles",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Role`

Create a custom role

Parameters:

organization_id (String) —

The ID of the organization.
slug (String, nil) (defaults to: nil) —

A unique identifier for the role within the organization. When provided, must begin with ‘org-’ and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix.
name (String) —

A descriptive name for the role.
description (String, nil) (defaults to: nil) —

An optional description of the role’s purpose.
resource_type_slug (String, nil) (defaults to: nil) —

The slug of the resource type the role is scoped to.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 399

def create_organization_role(
  organization_id:,
  name:,
  slug: nil,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Permission`

Create a permission

Parameters:

slug (String) —

A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
name (String) —

A descriptive name for the Permission.
description (String, nil) (defaults to: nil) —

An optional description of the Permission.
resource_type_slug (String, nil) (defaults to: nil) —

The slug of the resource type this permission is scoped to.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Permission)

# File 'lib/workos/authorization.rb', line 1200

def create_permission(
  slug:,
  name:,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Permission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Create an authorization resource

Parameters:

external_id (String) —

An external identifier for the resource.
name (String) —

A display name for the resource.
description (String, nil) (defaults to: nil) —

An optional description of the resource.
resource_type_slug (String) —

The slug of the resource type.
organization_id (String) —

The ID of the organization this resource belongs to.
parent_resource_id (String, nil) (defaults to: nil) —

The ID of the parent resource. Mutually exclusive with ‘parent_resource_external_id` and `parent_resource_type_slug`.
parent_resource_external_id (String, nil) (defaults to: nil) —

The external ID of the parent resource. Required with ‘parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`.
parent_resource_type_slug (String, nil) (defaults to: nil) —

The resource type slug of the parent resource. Required with ‘parent_resource_external_id`. Mutually exclusive with `parent_resource_id`.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 814

def create_resource(
  external_id:,
  name:,
  resource_type_slug:,
  organization_id:,
  description: nil,
  parent_resource_id: nil,
  parent_resource_external_id: nil,
  parent_resource_type_slug: nil,
  parent_resource: nil,
  request_options: {}
)
  params = {}.compact
  if parent_resource
    case parent_resource[:type]
    when "by_id"
      params["parent_resource_id"] = parent_resource[:parent_resource_id]
    when "by_external_id"
      params["parent_resource_external_id"] = parent_resource[:parent_resource_external_id]
      params["parent_resource_type_slug"] = parent_resource[:parent_resource_type_slug]
    end
  end
  body = {
    "external_id" => external_id,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug,
    "organization_id" => organization_id,
    "parent_resource_id" => parent_resource_id,
    "parent_resource_external_id" => parent_resource_external_id,
    "parent_resource_type_slug" => parent_resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/resources",
    auth: true,
    params: params,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ `WorkOS::Role`

Add a permission to a custom role

Parameters:

organization_id (String) —

The ID of the organization.
slug (String) —

The slug of the role.
body_slug (String) —

The slug of the permission to add to the role.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 501

def create_role_permission(
  organization_id:,
  slug:,
  body_slug:,
  request_options: {}
)
  body = {
    "slug" => body_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#delete_organization_membership_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ `void`

This method returns an undefined value.

Remove a role assignment by ID

Parameters:

organization_membership_id (String) —

The ID of the organization membership.
role_assignment_id (String) —

The ID of the role assignment to remove.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 358

def delete_organization_membership_role_assignment(
  organization_membership_id:,
  role_assignment_id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments/#{WorkOS::Util.encode_path(role_assignment_id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_organization_resource(organization_id:, resource_type_slug:, external_id:, cascade_delete: nil, request_options: {}) ⇒ `void`

This method returns an undefined value.

Delete an authorization resource by external ID

Parameters:

organization_id (String) —

The ID of the organization that owns the resource.
resource_type_slug (String) —

The slug of the resource type.
external_id (String) —

An identifier you provide to reference the resource in your system.
cascade_delete (Boolean, nil) (defaults to: nil) —

If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 655

def delete_organization_resource(
  organization_id:,
  resource_type_slug:,
  external_id:,
  cascade_delete: nil,
  request_options: {}
)
  params = {
    "cascade_delete" => cascade_delete
  }.compact
  @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    params: params,
    request_options: request_options
  )
  nil
end

#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ `void`

This method returns an undefined value.

Delete a custom role

Parameters:

organization_id (String) —

The ID of the organization.
slug (String) —

The slug of the role.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 481

def delete_organization_role(
  organization_id:,
  slug:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_permission(slug:, request_options: {}) ⇒ `void`

This method returns an undefined value.

Delete a permission

Parameters:

slug (String) —

A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 1276

def delete_permission(
  slug:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_resource(resource_id:, cascade_delete: nil, request_options: {}) ⇒ `void`

This method returns an undefined value.

Delete an authorization resource

Parameters:

resource_id (String) —

The ID of the authorization resource.
cascade_delete (Boolean, nil) (defaults to: nil) —

If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 932

def delete_resource(
  resource_id:,
  cascade_delete: nil,
  request_options: {}
)
  params = {
    "cascade_delete" => cascade_delete
  }.compact
  @client.request(
    method: :delete,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    params: params,
    request_options: request_options
  )
  nil
end

#delete_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ `WorkOS::Role`

Remove a permission from a custom role

Parameters:

organization_id (String) —

The ID of the organization.
slug (String) —

The slug of the role.
permission_slug (String) —

The slug of the permission to remove.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 555

def delete_role_permission(
  organization_id:,
  slug:,
  permission_slug:,
  request_options: {}
)
  response = @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions/#{WorkOS::Util.encode_path(permission_slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_environment_role(slug:, request_options: {}) ⇒ `WorkOS::Role`

Get an environment role

Parameters:

slug (String) —

The slug of the environment role.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1056

def get_environment_role(
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_organization_resource(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Get a resource by external ID

Parameters:

organization_id (String) —

The ID of the organization that owns the resource.
resource_type_slug (String) —

The slug of the resource type.
external_id (String) —

An identifier you provide to reference the resource in your system.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 578

def get_organization_resource(
  organization_id:,
  resource_type_slug:,
  external_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ `WorkOS::Role`

Get a custom role

Parameters:

organization_id (String) —

The ID of the organization.
slug (String) —

The slug of the role.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 430

def get_organization_role(
  organization_id:,
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_permission(slug:, request_options: {}) ⇒ `WorkOS::AuthorizationPermission`

Get a permission

Parameters:

slug (String) —

A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationPermission)

# File 'lib/workos/authorization.rb', line 1229

def get_permission(
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationPermission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_resource(resource_id:, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Get a resource

Parameters:

resource_id (String) —

The ID of the authorization resource.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 863

def get_resource(
  resource_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

List effective permissions for an organization membership on a resource by external ID

Parameters:

organization_membership_id (String) —

The ID of the organization membership.
resource_type_slug (String) —

The slug of the resource type.
external_id (String) —

An identifier you provide to reference the resource in your system.
before (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.
after (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.
limit (Integer, nil) (defaults to: nil) —

Upper limit on the number of objects to return, between ‘1` and `100`.
order (WorkOS::Types::AuthorizationOrder, nil) (defaults to: "desc") —

Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 177

def list_effective_permissions_by_external_id(
  organization_membership_id:,
  resource_type_slug:,
  external_id:,
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_effective_permissions_by_external_id(
      organization_membership_id: organization_membership_id,
      resource_type_slug: resource_type_slug,
      external_id: external_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {organization_membership_id: organization_membership_id, resource_type_slug: resource_type_slug, external_id: external_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_environment_roles(request_options: {}) ⇒ `WorkOS::RoleList`

List environment roles

Parameters:

request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::RoleList)

# File 'lib/workos/authorization.rb', line 1008

def list_environment_roles(request_options: {})
  response = @client.request(
    method: :get,
    path: "/authorization/roles",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::RoleList.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: nil, order: "desc", assignment: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>`

List organization memberships for resource

Parameters:

resource_id (String) —

The ID of the authorization resource.
before (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.
after (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.
limit (Integer, nil) (defaults to: nil) —

Upper limit on the number of objects to return, between ‘1` and `100`.
order (WorkOS::Types::AuthorizationOrder, nil) (defaults to: "desc") —

Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
permission_slug (String) —

The permission slug to filter by. Only users with this permission on the resource are returned.
assignment (WorkOS::Types::AuthorizationAssignment, nil) (defaults to: nil) —

Filter by assignment type. Use ‘direct` for direct assignments only, or `indirect` to include inherited assignments.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>)

# File 'lib/workos/authorization.rb', line 960

def list_memberships_for_resource(
  resource_id:,
  permission_slug:,
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  assignment: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug,
    "assignment" => assignment
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}/organization_memberships",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_memberships_for_resource(
      resource_id: resource_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      assignment: assignment,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserOrganizationMembershipBaseListData,
    filters: {resource_id: resource_id, before: before, limit: limit, order: order, permission_slug: permission_slug, assignment: assignment},
    fetch_next: fetch_next
  )
end

#list_organization_membership_resources(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>`

List resources for organization membership

Parameters:

organization_membership_id (String) —

The ID of the organization membership.
before (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.
after (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.
limit (Integer, nil) (defaults to: nil) —

Upper limit on the number of objects to return, between ‘1` and `100`.
order (WorkOS::Types::AuthorizationOrder, nil) (defaults to: "desc") —

Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
permission_slug (String) —

The permission slug to filter by. Only child resources where the organization membership has this permission are returned.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>)

# File 'lib/workos/authorization.rb', line 66

def list_organization_membership_resources(
  organization_membership_id:,
  permission_slug:,
  parent_resource:,
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug
  }.compact
  case parent_resource[:type]
  when "by_id"
    params["parent_resource_id"] = parent_resource[:parent_resource_id]
  when "by_external_id"
    params["parent_resource_type_slug"] = parent_resource[:parent_resource_type_slug]
    params["parent_resource_external_id"] = parent_resource[:parent_resource_external_id]
  end
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_organization_membership_resources(
      organization_membership_id: organization_membership_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      parent_resource: parent_resource,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationResource,
    filters: {organization_membership_id: organization_membership_id, before: before, limit: limit, order: order, permission_slug: permission_slug, parent_resource: parent_resource},
    fetch_next: fetch_next
  )
end

#list_organization_membership_role_assignments(organization_membership_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::RoleAssignment>`

List role assignments

Parameters:

organization_membership_id (String) —

The ID of the organization membership.
before (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.
after (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.
limit (Integer, nil) (defaults to: nil) —

Upper limit on the number of objects to return, between ‘1` and `100`.
order (WorkOS::Types::AuthorizationOrder, nil) (defaults to: "desc") —

Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::RoleAssignment>)

# File 'lib/workos/authorization.rb', line 228

def list_organization_membership_role_assignments(
  organization_membership_id:,
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_organization_membership_role_assignments(
      organization_membership_id: organization_membership_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::RoleAssignment,
    filters: {organization_membership_id: organization_membership_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_organization_roles(organization_id:, request_options: {}) ⇒ `WorkOS::RoleList`

List custom roles

Parameters:

organization_id (String) —

The ID of the organization.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::RoleList)

# File 'lib/workos/authorization.rb', line 376

def list_organization_roles(
  organization_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::RoleList.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_permissions(before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

List permissions

Parameters:

before (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.
after (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.
limit (Integer, nil) (defaults to: nil) —

Upper limit on the number of objects to return, between ‘1` and `100`.
order (WorkOS::Types::PermissionsOrder, nil) (defaults to: "desc") —

Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 1156

def list_permissions(
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_permissions(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_resource_organization_memberships(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: nil, order: "desc", assignment: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>`

List memberships for a resource by external ID

Parameters:

organization_id (String) —

The ID of the organization that owns the resource.
resource_type_slug (String) —

The slug of the resource type this resource belongs to.
external_id (String) —

An identifier you provide to reference the resource in your system.
before (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.
after (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.
limit (Integer, nil) (defaults to: nil) —

Upper limit on the number of objects to return, between ‘1` and `100`.
order (WorkOS::Types::AuthorizationOrder, nil) (defaults to: "desc") —

Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
permission_slug (String) —

The permission slug to filter by. Only users with this permission on the resource are returned.
assignment (WorkOS::Types::AuthorizationAssignment, nil) (defaults to: nil) —

Filter by assignment type. Use “direct” for direct assignments only, or “indirect” to include inherited assignments.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>)

# File 'lib/workos/authorization.rb', line 687

def list_resource_organization_memberships(
  organization_id:,
  resource_type_slug:,
  external_id:,
  permission_slug:,
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  assignment: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug,
    "assignment" => assignment
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}/organization_memberships",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_resource_organization_memberships(
      organization_id: organization_id,
      resource_type_slug: resource_type_slug,
      external_id: external_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      assignment: assignment,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserOrganizationMembershipBaseListData,
    filters: {organization_id: organization_id, resource_type_slug: resource_type_slug, external_id: external_id, before: before, limit: limit, order: order, permission_slug: permission_slug, assignment: assignment},
    fetch_next: fetch_next
  )
end

#list_resource_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

List effective permissions for an organization membership on a resource

Parameters:

organization_membership_id (String) —

The ID of the organization membership.
resource_id (String) —

The ID of the authorization resource.
before (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.
after (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.
limit (Integer, nil) (defaults to: nil) —

Upper limit on the number of objects to return, between ‘1` and `100`.
order (WorkOS::Types::AuthorizationOrder, nil) (defaults to: "desc") —

Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 126

def list_resource_permissions(
  organization_membership_id:,
  resource_id:,
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources/#{WorkOS::Util.encode_path(resource_id)}/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_resource_permissions(
      organization_membership_id: organization_membership_id,
      resource_id: resource_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {organization_membership_id: organization_membership_id, resource_id: resource_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_resources(before: nil, after: nil, limit: nil, order: "desc", organization_id: nil, resource_type_slug: nil, search: nil, parent: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>`

List resources

Parameters:

before (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `before=“obj_123”` to fetch a new batch of objects before `“obj_123”`.
after (String, nil) (defaults to: nil) —

An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with ‘“obj_123”`, your subsequent call can include `after=“obj_123”` to fetch a new batch of objects after `“obj_123”`.
limit (Integer, nil) (defaults to: nil) —

Upper limit on the number of objects to return, between ‘1` and `100`.
order (WorkOS::Types::AuthorizationOrder, nil) (defaults to: "desc") —

Order the results by the creation time. Supported values are ‘“asc”` (ascending), `“desc”` (descending), and `“normal”` (descending with reversed cursor semantics where `before` fetches older records and `after` fetches newer records). Defaults to descending.
organization_id (String, nil) (defaults to: nil) —

Filter resources by organization ID.
resource_type_slug (String, nil) (defaults to: nil) —

Filter resources by resource type slug.
search (String, nil) (defaults to: nil) —

Search resources by name.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>)

# File 'lib/workos/authorization.rb', line 746

def list_resources(
  before: nil,
  after: nil,
  limit: nil,
  order: "desc",
  organization_id: nil,
  resource_type_slug: nil,
  search: nil,
  parent: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization_id" => organization_id,
    "resource_type_slug" => resource_type_slug,
    "search" => search
  }.compact
  if parent
    case parent[:type]
    when "by_id"
      params["parent_resource_id"] = parent[:parent_resource_id]
    when "by_external_id"
      params["parent_resource_type_slug"] = parent[:parent_resource_type_slug]
      params["parent_external_id"] = parent[:parent_external_id]
    end
  end
  response = @client.request(
    method: :get,
    path: "/authorization/resources",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_resources(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization_id: organization_id,
      resource_type_slug: resource_type_slug,
      search: search,
      parent: parent,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationResource,
    filters: {before: before, limit: limit, order: order, organization_id: organization_id, resource_type_slug: resource_type_slug, search: search, parent: parent},
    fetch_next: fetch_next
  )
end

#remove_role(organization_membership_id:, role_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ `void`

This method returns an undefined value.

Remove a role assignment

Parameters:

organization_membership_id (String) —

The ID of the organization membership.
role_slug (String) —

The slug of the role to remove.
resource_id (String, nil) (defaults to: nil) —

The ID of the resource. Mutually exclusive with ‘resource_external_id` and `resource_type_slug`.
resource_external_id (String, nil) (defaults to: nil) —

The external ID of the resource. Required with ‘resource_type_slug`. Mutually exclusive with `resource_id`.
resource_type_slug (String, nil) (defaults to: nil) —

The resource type slug. Required with ‘resource_external_id`. Mutually exclusive with `resource_id`.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 319

def remove_role(
  organization_membership_id:,
  role_slug:,
  resource_target:,
  resource_id: nil,
  resource_external_id: nil,
  resource_type_slug: nil,
  request_options: {}
)
  params = {}.compact
  case resource_target[:type]
  when "by_id"
    params["resource_id"] = resource_target[:resource_id]
  when "by_external_id"
    params["resource_external_id"] = resource_target[:resource_external_id]
    params["resource_type_slug"] = resource_target[:resource_type_slug]
  end
  body = {
    "role_slug" => role_slug,
    "resource_id" => resource_id,
    "resource_external_id" => resource_external_id,
    "resource_type_slug" => resource_type_slug
  }.compact
  @client.request(
    method: :delete,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    params: params,
    body: body,
    request_options: request_options
  )
  nil
end

#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ `WorkOS::Role`

Set permissions for an environment role

Parameters:

slug (String) —

The slug of the environment role.
permissions (Array<String>) —

The permission slugs to assign to the role.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1129

def set_environment_role_permissions(
  slug:,
  permissions:,
  request_options: {}
)
  body = {
    "permissions" => permissions
  }.compact
  response = @client.request(
    method: :put,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::Role`

Update an environment role

Parameters:

slug (String) —

The slug of the environment role.
name (String, nil) (defaults to: nil) —

A descriptive name for the role.
description (String, nil) (defaults to: nil) —

An optional description of the role.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1077

def update_environment_role(
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_organization_resource(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Update a resource by external ID

Parameters:

organization_id (String) —

The ID of the organization that owns the resource.
resource_type_slug (String) —

The slug of the resource type.
external_id (String) —

An identifier you provide to reference the resource in your system.
name (String, nil) (defaults to: nil) —

A display name for the resource.
description (String, nil) (defaults to: nil) —

An optional description of the resource.
parent_resource_id (String, nil) (defaults to: nil) —

The ID of the parent resource. Mutually exclusive with ‘parent_resource_external_id` and `parent_resource_type_slug`.
parent_resource_external_id (String, nil) (defaults to: nil) —

The external ID of the parent resource. Required with ‘parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`.
parent_resource_type_slug (String, nil) (defaults to: nil) —

The resource type slug of the parent resource. Required with ‘parent_resource_external_id`. Mutually exclusive with `parent_resource_id`.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 606

def update_organization_resource(
  organization_id:,
  resource_type_slug:,
  external_id:,
  name: nil,
  description: nil,
  parent_resource_id: nil,
  parent_resource_external_id: nil,
  parent_resource_type_slug: nil,
  parent_resource: nil,
  request_options: {}
)
  params = {}.compact
  if parent_resource
    case parent_resource[:type]
    when "by_id"
      params["parent_resource_id"] = parent_resource[:parent_resource_id]
    when "by_external_id"
      params["parent_resource_external_id"] = parent_resource[:parent_resource_external_id]
      params["parent_resource_type_slug"] = parent_resource[:parent_resource_type_slug]
    end
  end
  body = {
    "name" => name,
    "description" => description,
    "parent_resource_id" => parent_resource_id,
    "parent_resource_external_id" => parent_resource_external_id,
    "parent_resource_type_slug" => parent_resource_type_slug
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    params: params,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::Role`

Update a custom role

Parameters:

organization_id (String) —

The ID of the organization.
slug (String) —

The slug of the role.
name (String, nil) (defaults to: nil) —

A descriptive name for the role.
description (String, nil) (defaults to: nil) —

An optional description of the role’s purpose.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 453

def update_organization_role(
  organization_id:,
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::AuthorizationPermission`

Update a permission

Parameters:

slug (String) —

A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
name (String, nil) (defaults to: nil) —

A descriptive name for the Permission.
description (String, nil) (defaults to: nil) —

An optional description of the Permission.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationPermission)

# File 'lib/workos/authorization.rb', line 1250

def update_permission(
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationPermission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_resource(resource_id:, name: nil, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Update a resource

Parameters:

resource_id (String) —

The ID of the authorization resource.
name (String, nil) (defaults to: nil) —

A display name for the resource.
description (String, nil) (defaults to: nil) —

An optional description of the resource.
parent_resource_id (String, nil) (defaults to: nil) —

The ID of the parent resource. Mutually exclusive with ‘parent_resource_external_id` and `parent_resource_type_slug`.
parent_resource_external_id (String, nil) (defaults to: nil) —

The external ID of the parent resource. Required with ‘parent_resource_type_slug`. Mutually exclusive with `parent_resource_id`.
parent_resource_type_slug (String, nil) (defaults to: nil) —

The resource type slug of the parent resource. Required with ‘parent_resource_external_id`. Mutually exclusive with `parent_resource_id`.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 887

def update_resource(
  resource_id:,
  name: nil,
  description: nil,
  parent_resource_id: nil,
  parent_resource_external_id: nil,
  parent_resource_type_slug: nil,
  parent_resource: nil,
  request_options: {}
)
  params = {}.compact
  if parent_resource
    case parent_resource[:type]
    when "by_id"
      params["parent_resource_id"] = parent_resource[:parent_resource_id]
    when "by_external_id"
      params["parent_resource_external_id"] = parent_resource[:parent_resource_external_id]
      params["parent_resource_type_slug"] = parent_resource[:parent_resource_type_slug]
    end
  end
  body = {
    "name" => name,
    "description" => description,
    "parent_resource_id" => parent_resource_id,
    "parent_resource_external_id" => parent_resource_external_id,
    "parent_resource_type_slug" => parent_resource_type_slug
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    params: params,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ `WorkOS::Role`

Set permissions for a custom role

Parameters:

organization_id (String) —

The ID of the organization.
slug (String) —

The slug of the role.
permissions (Array<String>) —

The permission slugs to assign to the role.
request_options (Hash) (defaults to: {}) —

(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 528

def update_role_permissions(
  organization_id:,
  slug:,
  permissions:,
  request_options: {}
)
  body = {
    "permissions" => permissions
  }.compact
  response = @client.request(
    method: :put,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

Class: WorkOS::Authorization

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Authorization

Instance Method Details

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

#assign_role(organization_membership_id:, role_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::RoleAssignment

#check(organization_membership_id:, permission_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::AuthorizationCheck

#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Permission

#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

#create_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

#delete_organization_membership_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ void

#delete_organization_resource(organization_id:, resource_type_slug:, external_id:, cascade_delete: nil, request_options: {}) ⇒ void

#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ void

#delete_permission(slug:, request_options: {}) ⇒ void

#delete_resource(resource_id:, cascade_delete: nil, request_options: {}) ⇒ void

#delete_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ WorkOS::Role

#get_environment_role(slug:, request_options: {}) ⇒ WorkOS::Role

#get_organization_resource(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ WorkOS::Role

#get_permission(slug:, request_options: {}) ⇒ WorkOS::AuthorizationPermission

#get_resource(resource_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

#list_environment_roles(request_options: {}) ⇒ WorkOS::RoleList

#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: nil, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

#list_organization_membership_resources(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

#list_organization_membership_role_assignments(organization_membership_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::RoleAssignment>

#list_organization_roles(organization_id:, request_options: {}) ⇒ WorkOS::RoleList

#list_permissions(before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

#list_resource_organization_memberships(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: nil, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

#list_resource_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

#list_resources(before: nil, after: nil, limit: nil, order: "desc", organization_id: nil, resource_type_slug: nil, search: nil, parent: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

#remove_role(organization_membership_id:, role_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ void

#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

#update_organization_resource(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::AuthorizationPermission

#update_resource(resource_id:, name: nil, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

#update_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

#initialize(client) ⇒ `Authorization`

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ `WorkOS::Role`

#assign_role(organization_membership_id:, role_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::RoleAssignment`

#check(organization_membership_id:, permission_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::AuthorizationCheck`

#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Role`

#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Role`

#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Permission`

#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#create_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ `WorkOS::Role`

#delete_organization_membership_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ `void`

#delete_organization_resource(organization_id:, resource_type_slug:, external_id:, cascade_delete: nil, request_options: {}) ⇒ `void`

#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ `void`

#delete_permission(slug:, request_options: {}) ⇒ `void`

#delete_resource(resource_id:, cascade_delete: nil, request_options: {}) ⇒ `void`

#delete_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ `WorkOS::Role`

#get_environment_role(slug:, request_options: {}) ⇒ `WorkOS::Role`

#get_organization_resource(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ `WorkOS::Role`

#get_permission(slug:, request_options: {}) ⇒ `WorkOS::AuthorizationPermission`

#get_resource(resource_id:, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

#list_environment_roles(request_options: {}) ⇒ `WorkOS::RoleList`

#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: nil, order: "desc", assignment: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>`

#list_organization_membership_resources(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>`

#list_organization_membership_role_assignments(organization_membership_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::RoleAssignment>`

#list_organization_roles(organization_id:, request_options: {}) ⇒ `WorkOS::RoleList`

#list_permissions(before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

#list_resource_organization_memberships(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: nil, order: "desc", assignment: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>`

#list_resource_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: nil, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

#list_resources(before: nil, after: nil, limit: nil, order: "desc", organization_id: nil, resource_type_slug: nil, search: nil, parent: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>`

#remove_role(organization_membership_id:, role_slug:, resource_target:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ `void`

#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ `WorkOS::Role`

#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::Role`

#update_organization_resource(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::Role`

#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::AuthorizationPermission`

#update_resource(resource_id:, name: nil, description: nil, parent_resource_id: nil, parent_resource_external_id: nil, parent_resource_type_slug: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#update_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ `WorkOS::Role`