Class: WorkOS::Authorization

Inherits:

Object

Object
WorkOS::Authorization

show all

Defined in:: lib/workos/authorization.rb

Defined Under Namespace

Classes: ParentByExternalId, ParentById, ParentResourceByExternalId, ParentResourceById, ResourceTargetByExternalId, ResourceTargetById

Instance Attribute Summary collapse

#parent_external_id ⇒ String readonly
#parent_resource_external_id ⇒ String readonly
#parent_resource_id ⇒ String readonly
#parent_resource_type_slug ⇒ String readonly
#resource_external_id ⇒ String readonly
#resource_id ⇒ String readonly
#resource_type_slug ⇒ String readonly

Instance Method Summary collapse

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role
Add a permission to an environment role.
#add_organization_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role
Add a permission to a custom role.
#assign_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ WorkOS::UserRoleAssignment
Assign a role.
#check(organization_membership_id:, permission_slug:, resource_target:, request_options: {}) ⇒ WorkOS::AuthorizationCheck
Check authorization.
#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role
Create an environment role.
#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role
Create a custom role.
#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Permission
Create a permission.
#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource
Create an authorization resource.
#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ void
Delete a custom role.
#delete_permission(slug:, request_options: {}) ⇒ void
Delete a permission.
#delete_resource(resource_id:, cascade_delete: false, request_options: {}) ⇒ void
Delete an authorization resource.
#delete_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, cascade_delete: false, request_options: {}) ⇒ void
Delete an authorization resource by external ID.
#get_environment_role(slug:, request_options: {}) ⇒ WorkOS::Role
Get an environment role.
#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ WorkOS::Role
Get a custom role.
#get_permission(slug:, request_options: {}) ⇒ WorkOS::AuthorizationPermission
Get a permission.
#get_resource(resource_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource
Get a resource.
#get_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource
Get a resource by external ID.
#initialize(client) ⇒ Authorization constructor
A new instance of Authorization.
#list_effective_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>
List effective permissions for an organization membership on a resource.
#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>
List effective permissions for an organization membership on a resource by external ID.
#list_environment_roles(request_options: {}) ⇒ WorkOS::RoleList
List environment roles.
#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>
List organization memberships for resource.
#list_memberships_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>
List memberships for a resource by external ID.
#list_organization_roles(organization_id:, request_options: {}) ⇒ WorkOS::RoleList
List custom roles.
#list_permissions(before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>
List permissions.
#list_resources(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, resource_type_slug: nil, resource_external_id: nil, parent: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>
List resources.
#list_resources_for_membership(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>
List resources for organization membership.
#list_role_assignments(organization_membership_id:, before: nil, after: nil, limit: 10, order: "desc", resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>
List role assignments.
#list_role_assignments_for_resource(resource_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>
List role assignments for a resource.
#list_role_assignments_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>
List role assignments for a resource by external ID.
#remove_organization_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ WorkOS::Role
Remove a permission from a custom role.
#remove_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ void
Remove a role assignment.
#remove_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ void
Remove a role assignment by ID.
#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ WorkOS::Role
Set permissions for an environment role.
#set_organization_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ WorkOS::Role
Set permissions for a custom role.
#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role
Update an environment role.
#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role
Update a custom role.
#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::AuthorizationPermission
Update a permission.
#update_resource(resource_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource
Update a resource.
#update_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource
Update a resource by external ID.

Constructor Details

#initialize(client) ⇒ `Authorization`

Returns a new instance of Authorization.



51
52
53

# File 'lib/workos/authorization.rb', line 51

def initialize(client)
  @client = client
end

Instance Attribute Details

#parent_external_id ⇒ `String` (readonly)

Returns:

(String)

49	# File 'lib/workos/authorization.rb', line 49 ParentByExternalId = Data.define(:parent_resource_type_slug, :parent_external_id)

#parent_resource_external_id ⇒ `String` (readonly)

Returns:

(String)

35	# File 'lib/workos/authorization.rb', line 35 ParentResourceByExternalId = Data.define(:parent_resource_type_slug, :parent_resource_external_id)

#parent_resource_id ⇒ `String` (readonly)

Returns:

(String)

27	# File 'lib/workos/authorization.rb', line 27 ParentResourceById = Data.define(:parent_resource_id)

#parent_resource_type_slug ⇒ `String` (readonly)

Returns:

(String)

35	# File 'lib/workos/authorization.rb', line 35 ParentResourceByExternalId = Data.define(:parent_resource_type_slug, :parent_resource_external_id)

#resource_external_id ⇒ `String` (readonly)

Returns:

(String)

21	# File 'lib/workos/authorization.rb', line 21 ResourceTargetByExternalId = Data.define(:resource_external_id, :resource_type_slug)

#resource_id ⇒ `String` (readonly)

Returns:

(String)

13	# File 'lib/workos/authorization.rb', line 13 ResourceTargetById = Data.define(:resource_id)

#resource_type_slug ⇒ `String` (readonly)

Returns:

(String)

21	# File 'lib/workos/authorization.rb', line 21 ResourceTargetByExternalId = Data.define(:resource_external_id, :resource_type_slug)

Instance Method Details

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ `WorkOS::Role`

Add a permission to an environment role

Parameters:

slug (String) —
The slug of the environment role.
body_slug (String) —
The slug of the permission to add to the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1226

def add_environment_role_permission(
  slug:,
  body_slug:,
  request_options: {}
)
  body = {
    "slug" => body_slug
  }
  response = @client.request(
    method: :post,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#add_organization_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ `WorkOS::Role`

Add a permission to a custom role

Parameters:

organization_id (String) —
The ID of the organization.
slug (String) —
The slug of the role.
body_slug (String) —
The slug of the permission to add to the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 536

def add_organization_role_permission(
  organization_id:,
  slug:,
  body_slug:,
  request_options: {}
)
  body = {
    "slug" => body_slug
  }
  response = @client.request(
    method: :post,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#assign_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ `WorkOS::UserRoleAssignment`

Assign a role

Parameters:

organization_membership_id (String) —
The ID of the organization membership.
role_slug (String) —
The slug of the role to assign.
resource_target (WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId) —
Identifies the resource target.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::UserRoleAssignment)

# File 'lib/workos/authorization.rb', line 322

def assign_role(
  organization_membership_id:,
  role_slug:,
  resource_target:,
  request_options: {}
)
  body = {
    "role_slug" => role_slug
  }
  case resource_target
  when WorkOS::Authorization::ResourceTargetById
    body["resource_id"] = resource_target.resource_id
  when WorkOS::Authorization::ResourceTargetByExternalId
    body["resource_external_id"] = resource_target.resource_external_id
    body["resource_type_slug"] = resource_target.resource_type_slug
  else
    raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}"
  end
  response = @client.request(
    method: :post,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserRoleAssignment.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#check(organization_membership_id:, permission_slug:, resource_target:, request_options: {}) ⇒ `WorkOS::AuthorizationCheck`

Check authorization

Parameters:

organization_membership_id (String) —
The ID of the organization membership to check.
permission_slug (String) —
The slug of the permission to check.
resource_target (WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId) —
Identifies the resource target.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationCheck)

# File 'lib/workos/authorization.rb', line 61

def check(
  organization_membership_id:,
  permission_slug:,
  resource_target:,
  request_options: {}
)
  body = {
    "permission_slug" => permission_slug
  }
  case resource_target
  when WorkOS::Authorization::ResourceTargetById
    body["resource_id"] = resource_target.resource_id
  when WorkOS::Authorization::ResourceTargetByExternalId
    body["resource_external_id"] = resource_target.resource_external_id
    body["resource_type_slug"] = resource_target.resource_type_slug
  else
    raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}"
  end
  response = @client.request(
    method: :post,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/check",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationCheck.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Role`

Create an environment role

Parameters:

slug (String) —
A unique slug for the role.
name (String) —
A descriptive name for the role.
description (String, nil) (defaults to: nil) —
An optional description of the role.
resource_type_slug (String, nil) (defaults to: nil) —
The slug of the resource type the role is scoped to.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1149

def create_environment_role(
  slug:,
  name:,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/roles",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Role`

Create a custom role

Parameters:

organization_id (String) —
The ID of the organization.
slug (String, nil) (defaults to: nil) —
A unique identifier for the role within the organization. When provided, must begin with 'org-' and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix.
name (String) —
A descriptive name for the role.
description (String, nil) (defaults to: nil) —
An optional description of the role's purpose.
resource_type_slug (String, nil) (defaults to: nil) —
The slug of the resource type the role is scoped to.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 434

def create_organization_role(
  organization_id:,
  name:,
  slug: nil,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Permission`

Create a permission

Parameters:

slug (String) —
A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
name (String) —
A descriptive name for the Permission.
description (String, nil) (defaults to: nil) —
An optional description of the Permission.
resource_type_slug (String, nil) (defaults to: nil) —
The slug of the resource type this permission is scoped to.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Permission)

# File 'lib/workos/authorization.rb', line 1322

def create_permission(
  slug:,
  name:,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Permission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Create an authorization resource

Parameters:

external_id (String) —
An external identifier for the resource.
name (String) —
A display name for the resource.
description (String, nil) (defaults to: nil) —
An optional description of the resource.
resource_type_slug (String) —
The slug of the resource type.
organization_id (String) —
The ID of the organization this resource belongs to.
parent_resource (WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil) (defaults to: nil) —
Identifies the parent resource.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 899

def create_resource(
  external_id:,
  name:,
  resource_type_slug:,
  organization_id:,
  description: nil,
  parent_resource: nil,
  request_options: {}
)
  body = {
    "external_id" => external_id,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug,
    "organization_id" => organization_id
  }.compact
  if parent_resource
    case parent_resource
    when WorkOS::Authorization::ParentResourceById
      body["parent_resource_id"] = parent_resource.parent_resource_id
    when WorkOS::Authorization::ParentResourceByExternalId
      body["parent_resource_external_id"] = parent_resource.parent_resource_external_id
      body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug
    else
      raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}"
    end
  end
  response = @client.request(
    method: :post,
    path: "/authorization/resources",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ `void`

This method returns an undefined value.

Delete a custom role

Parameters:

organization_id (String) —
The ID of the organization.
slug (String) —
The slug of the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 516

def delete_organization_role(
  organization_id:,
  slug:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_permission(slug:, request_options: {}) ⇒ `void`

This method returns an undefined value.

Delete a permission

Parameters:

slug (String) —
A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 1398

def delete_permission(
  slug:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_resource(resource_id:, cascade_delete: false, request_options: {}) ⇒ `void`

This method returns an undefined value.

Delete an authorization resource

Parameters:

resource_id (String) —
The ID of the authorization resource.
cascade_delete (Boolean, nil) (defaults to: false) —
If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 1003

def delete_resource(
  resource_id:,
  cascade_delete: false,
  request_options: {}
)
  params = {
    "cascade_delete" => cascade_delete
  }.compact
  @client.request(
    method: :delete,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    params: params,
    request_options: request_options
  )
  nil
end

#delete_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, cascade_delete: false, request_options: {}) ⇒ `void`

This method returns an undefined value.

Delete an authorization resource by external ID

Parameters:

organization_id (String) —
The ID of the organization that owns the resource.
resource_type_slug (String) —
The slug of the resource type.
external_id (String) —
An identifier you provide to reference the resource in your system.
cascade_delete (Boolean, nil) (defaults to: false) —
If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 682

def delete_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  cascade_delete: false,
  request_options: {}
)
  params = {
    "cascade_delete" => cascade_delete
  }.compact
  @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    params: params,
    request_options: request_options
  )
  nil
end

#get_environment_role(slug:, request_options: {}) ⇒ `WorkOS::Role`

Get an environment role

Parameters:

slug (String) —
The slug of the environment role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1178

def get_environment_role(
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ `WorkOS::Role`

Get a custom role

Parameters:

organization_id (String) —
The ID of the organization.
slug (String) —
The slug of the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 465

def get_organization_role(
  organization_id:,
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_permission(slug:, request_options: {}) ⇒ `WorkOS::AuthorizationPermission`

Get a permission

Parameters:

slug (String) —
A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationPermission)

# File 'lib/workos/authorization.rb', line 1351

def get_permission(
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationPermission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_resource(resource_id:, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Get a resource

Parameters:

resource_id (String) —
The ID of the authorization resource.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 942

def get_resource(
  resource_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Get a resource by external ID

Parameters:

organization_id (String) —
The ID of the organization that owns the resource.
resource_type_slug (String) —
The slug of the resource type.
external_id (String) —
An identifier you provide to reference the resource in your system.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 613

def get_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_effective_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

List effective permissions for an organization membership on a resource

Parameters:

organization_membership_id (String) —
The ID of the organization membership.
resource_id (String) —
The ID of the authorization resource.
before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 163

def list_effective_permissions(
  organization_membership_id:,
  resource_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources/#{WorkOS::Util.encode_path(resource_id)}/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_effective_permissions(
      organization_membership_id: organization_membership_id,
      resource_id: resource_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {organization_membership_id: organization_membership_id, resource_id: resource_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

List effective permissions for an organization membership on a resource by external ID

Parameters:

organization_membership_id (String) —
The ID of the organization membership.
resource_type_slug (String) —
The slug of the resource type.
external_id (String) —
An identifier you provide to reference the resource in your system.
before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 214

def list_effective_permissions_by_external_id(
  organization_membership_id:,
  resource_type_slug:,
  external_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_effective_permissions_by_external_id(
      organization_membership_id: organization_membership_id,
      resource_type_slug: resource_type_slug,
      external_id: external_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {organization_membership_id: organization_membership_id, resource_type_slug: resource_type_slug, external_id: external_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_environment_roles(request_options: {}) ⇒ `WorkOS::RoleList`

List environment roles

Parameters:

request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::RoleList)

# File 'lib/workos/authorization.rb', line 1130

def list_environment_roles(request_options: {})
  response = @client.request(
    method: :get,
    path: "/authorization/roles",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::RoleList.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>`

List organization memberships for resource

Parameters:

resource_id (String) —
The ID of the authorization resource.
before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
permission_slug (String) —
The permission slug to filter by. Only users with this permission on the resource are returned.
assignment (WorkOS::Types::AuthorizationAssignment, nil) (defaults to: nil) —
Filter by assignment type. Use direct for direct assignments only, or indirect to include inherited assignments.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>)

# File 'lib/workos/authorization.rb', line 1031

def list_memberships_for_resource(
  resource_id:,
  permission_slug:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  assignment: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug,
    "assignment" => assignment
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}/organization_memberships",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_memberships_for_resource(
      resource_id: resource_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      assignment: assignment,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserOrganizationMembershipBaseListData,
    filters: {resource_id: resource_id, before: before, limit: limit, order: order, permission_slug: permission_slug, assignment: assignment},
    fetch_next: fetch_next
  )
end

#list_memberships_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>`

List memberships for a resource by external ID

Parameters:

organization_id (String) —
The ID of the organization that owns the resource.
resource_type_slug (String) —
The slug of the resource type this resource belongs to.
external_id (String) —
An identifier you provide to reference the resource in your system.
before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
permission_slug (String) —
The permission slug to filter by. Only users with this permission on the resource are returned.
assignment (WorkOS::Types::AuthorizationAssignment, nil) (defaults to: nil) —
Filter by assignment type. Use "direct" for direct assignments only, or "indirect" to include inherited assignments.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>)

# File 'lib/workos/authorization.rb', line 714

def list_memberships_for_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  permission_slug:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  assignment: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug,
    "assignment" => assignment
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}/organization_memberships",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_memberships_for_resource_by_external_id(
      organization_id: organization_id,
      resource_type_slug: resource_type_slug,
      external_id: external_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      assignment: assignment,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserOrganizationMembershipBaseListData,
    filters: {organization_id: organization_id, resource_type_slug: resource_type_slug, external_id: external_id, before: before, limit: limit, order: order, permission_slug: permission_slug, assignment: assignment},
    fetch_next: fetch_next
  )
end

#list_organization_roles(organization_id:, request_options: {}) ⇒ `WorkOS::RoleList`

List custom roles

Parameters:

organization_id (String) —
The ID of the organization.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::RoleList)

# File 'lib/workos/authorization.rb', line 411

def list_organization_roles(
  organization_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::RoleList.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_permissions(before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

List permissions

Parameters:

before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 1278

def list_permissions(
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_permissions(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_resources(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, resource_type_slug: nil, resource_external_id: nil, parent: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>`

List resources

Parameters:

before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
organization_id (String, nil) (defaults to: nil) —
Filter resources by organization ID.
resource_type_slug (String, nil) (defaults to: nil) —
Filter resources by resource type slug.
resource_external_id (String, nil) (defaults to: nil) —
Filter resources by external ID.
parent (WorkOS::Authorization::ParentById, WorkOS::Authorization::ParentByExternalId, nil) (defaults to: nil) —
Identifies the parent.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>)

# File 'lib/workos/authorization.rb', line 831

def list_resources(
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  organization_id: nil,
  resource_type_slug: nil,
  resource_external_id: nil,
  parent: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization_id" => organization_id,
    "resource_type_slug" => resource_type_slug,
    "resource_external_id" => resource_external_id
  }.compact
  if parent
    case parent
    when WorkOS::Authorization::ParentById
      params["parent_resource_id"] = parent.parent_resource_id
    when WorkOS::Authorization::ParentByExternalId
      params["parent_resource_type_slug"] = parent.parent_resource_type_slug
      params["parent_external_id"] = parent.parent_external_id
    else
      raise ArgumentError, "expected parent to be one of: WorkOS::Authorization::ParentById, WorkOS::Authorization::ParentByExternalId, got #{parent.class}"
    end
  end
  response = @client.request(
    method: :get,
    path: "/authorization/resources",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_resources(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization_id: organization_id,
      resource_type_slug: resource_type_slug,
      resource_external_id: resource_external_id,
      parent: parent,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationResource,
    filters: {before: before, limit: limit, order: order, organization_id: organization_id, resource_type_slug: resource_type_slug, resource_external_id: resource_external_id, parent: parent},
    fetch_next: fetch_next
  )
end

#list_resources_for_membership(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>`

List resources for organization membership

Parameters:

organization_membership_id (String) —
The ID of the organization membership.
before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
permission_slug (String) —
The permission slug to filter by. Only child resources where the organization membership has this permission are returned.
parent_resource (WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId) —
Identifies the parent resource.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>)

# File 'lib/workos/authorization.rb', line 101

def list_resources_for_membership(
  organization_membership_id:,
  permission_slug:,
  parent_resource:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug
  }.compact
  case parent_resource
  when WorkOS::Authorization::ParentResourceById
    params["parent_resource_id"] = parent_resource.parent_resource_id
  when WorkOS::Authorization::ParentResourceByExternalId
    params["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug
    params["parent_resource_external_id"] = parent_resource.parent_resource_external_id
  else
    raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}"
  end
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_resources_for_membership(
      organization_membership_id: organization_membership_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      parent_resource: parent_resource,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationResource,
    filters: {organization_membership_id: organization_membership_id, before: before, limit: limit, order: order, permission_slug: permission_slug, parent_resource: parent_resource},
    fetch_next: fetch_next
  )
end

#list_role_assignments(organization_membership_id:, before: nil, after: nil, limit: 10, order: "desc", resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>`

List role assignments

Parameters:

organization_membership_id (String) —
The ID of the organization membership.
before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
resource_id (String, nil) (defaults to: nil) —
Filter assignments by the ID of the resource.
resource_external_id (String, nil) (defaults to: nil) —
Filter assignments by the external ID of the resource.
resource_type_slug (String, nil) (defaults to: nil) —
Filter assignments by the slug of the resource type.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>)

# File 'lib/workos/authorization.rb', line 268

def list_role_assignments(
  organization_membership_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  resource_id: nil,
  resource_external_id: nil,
  resource_type_slug: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "resource_id" => resource_id,
    "resource_external_id" => resource_external_id,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_role_assignments(
      organization_membership_id: organization_membership_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      resource_id: resource_id,
      resource_external_id: resource_external_id,
      resource_type_slug: resource_type_slug,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserRoleAssignment,
    filters: {organization_membership_id: organization_membership_id, before: before, limit: limit, order: order, resource_id: resource_id, resource_external_id: resource_external_id, resource_type_slug: resource_type_slug},
    fetch_next: fetch_next
  )
end

#list_role_assignments_for_resource(resource_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>`

List role assignments for a resource

Parameters:

resource_id (String) —
The ID of the authorization resource.
before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
role_slug (String, nil) (defaults to: nil) —
Filter assignments by the slug of the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>)

# File 'lib/workos/authorization.rb', line 1085

def list_role_assignments_for_resource(
  resource_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  role_slug: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "role_slug" => role_slug
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}/role_assignments",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_role_assignments_for_resource(
      resource_id: resource_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      role_slug: role_slug,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserRoleAssignment,
    filters: {resource_id: resource_id, before: before, limit: limit, order: order, role_slug: role_slug},
    fetch_next: fetch_next
  )
end

#list_role_assignments_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>`

List role assignments for a resource by external ID

Parameters:

organization_id (String) —
The ID of the organization that owns the resource.
resource_type_slug (String) —
The slug of the resource type.
external_id (String) —
An identifier you provide to reference the resource in your system.
before (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".
after (String, nil) (defaults to: nil) —
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".
limit (Integer, nil) (defaults to: 10) —
Upper limit on the number of objects to return, between 1 and 100.
order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —
Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records). Defaults to descending.
role_slug (String, nil) (defaults to: nil) —
Filter assignments by the slug of the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>)

# File 'lib/workos/authorization.rb', line 774

def list_role_assignments_for_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  role_slug: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "role_slug" => role_slug
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}/role_assignments",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_role_assignments_for_resource_by_external_id(
      organization_id: organization_id,
      resource_type_slug: resource_type_slug,
      external_id: external_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      role_slug: role_slug,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserRoleAssignment,
    filters: {organization_id: organization_id, resource_type_slug: resource_type_slug, external_id: external_id, before: before, limit: limit, order: order, role_slug: role_slug},
    fetch_next: fetch_next
  )
end

#remove_organization_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ `WorkOS::Role`

Remove a permission from a custom role

Parameters:

organization_id (String) —
The ID of the organization.
slug (String) —
The slug of the role.
permission_slug (String) —
The slug of the permission to remove.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 590

def remove_organization_role_permission(
  organization_id:,
  slug:,
  permission_slug:,
  request_options: {}
)
  response = @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions/#{WorkOS::Util.encode_path(permission_slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#remove_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ `void`

This method returns an undefined value.

Remove a role assignment

Parameters:

organization_membership_id (String) —
The ID of the organization membership.
role_slug (String) —
The slug of the role to remove.
resource_target (WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId) —
Identifies the resource target.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 358

def remove_role(
  organization_membership_id:,
  role_slug:,
  resource_target:,
  request_options: {}
)
  params = {}
  case resource_target
  when WorkOS::Authorization::ResourceTargetById
    params["resource_id"] = resource_target.resource_id
  when WorkOS::Authorization::ResourceTargetByExternalId
    params["resource_external_id"] = resource_target.resource_external_id
    params["resource_type_slug"] = resource_target.resource_type_slug
  else
    raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}"
  end
  body = {
    "role_slug" => role_slug
  }
  @client.request(
    method: :delete,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    params: params,
    body: body,
    request_options: request_options
  )
  nil
end

#remove_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ `void`

This method returns an undefined value.

Remove a role assignment by ID

Parameters:

organization_membership_id (String) —
The ID of the organization membership.
role_assignment_id (String) —
The ID of the role assignment to remove.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 393

def remove_role_assignment(
  organization_membership_id:,
  role_assignment_id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments/#{WorkOS::Util.encode_path(role_assignment_id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ `WorkOS::Role`

Set permissions for an environment role

Parameters:

slug (String) —
The slug of the environment role.
permissions (Array<String>) —
The permission slugs to assign to the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1251

def set_environment_role_permissions(
  slug:,
  permissions:,
  request_options: {}
)
  body = {
    "permissions" => permissions
  }
  response = @client.request(
    method: :put,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#set_organization_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ `WorkOS::Role`

Set permissions for a custom role

Parameters:

organization_id (String) —
The ID of the organization.
slug (String) —
The slug of the role.
permissions (Array<String>) —
The permission slugs to assign to the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 563

def set_organization_role_permissions(
  organization_id:,
  slug:,
  permissions:,
  request_options: {}
)
  body = {
    "permissions" => permissions
  }
  response = @client.request(
    method: :put,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::Role`

Update an environment role

Parameters:

slug (String) —
The slug of the environment role.
name (String, nil) (defaults to: nil) —
A descriptive name for the role.
description (String, nil) (defaults to: nil) —
An optional description of the role.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1199

def update_environment_role(
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::Role`

Update a custom role

Parameters:

organization_id (String) —
The ID of the organization.
slug (String) —
The slug of the role.
name (String, nil) (defaults to: nil) —
A descriptive name for the role.
description (String, nil) (defaults to: nil) —
An optional description of the role's purpose.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::Role)

# File 'lib/workos/authorization.rb', line 488

def update_organization_role(
  organization_id:,
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::AuthorizationPermission`

Update a permission

Parameters:

slug (String) —
A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
name (String, nil) (defaults to: nil) —
A descriptive name for the Permission.
description (String, nil) (defaults to: nil) —
An optional description of the Permission.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationPermission)

# File 'lib/workos/authorization.rb', line 1372

def update_permission(
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationPermission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_resource(resource_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Update a resource

Parameters:

resource_id (String) —
The ID of the authorization resource.
name (String, nil) (defaults to: nil) —
A display name for the resource.
description (String, nil) (defaults to: nil) —
An optional description of the resource.
parent_resource (WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil) (defaults to: nil) —
Identifies the parent resource.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 964

def update_resource(
  resource_id:,
  name: nil,
  description: nil,
  parent_resource: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  if parent_resource
    case parent_resource
    when WorkOS::Authorization::ParentResourceById
      body["parent_resource_id"] = parent_resource.parent_resource_id
    when WorkOS::Authorization::ParentResourceByExternalId
      body["parent_resource_external_id"] = parent_resource.parent_resource_external_id
      body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug
    else
      raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}"
    end
  end
  response = @client.request(
    method: :patch,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

Update a resource by external ID

Parameters:

organization_id (String) —
The ID of the organization that owns the resource.
resource_type_slug (String) —
The slug of the resource type.
external_id (String) —
An identifier you provide to reference the resource in your system.
name (String, nil) (defaults to: nil) —
A display name for the resource.
description (String, nil) (defaults to: nil) —
An optional description of the resource.
parent_resource (WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil) (defaults to: nil) —
Identifies the parent resource.
request_options (Hash) (defaults to: {}) —
(see WorkOS::Types::RequestOptions)

Returns:

(WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 639

def update_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  name: nil,
  description: nil,
  parent_resource: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  if parent_resource
    case parent_resource
    when WorkOS::Authorization::ParentResourceById
      body["parent_resource_id"] = parent_resource.parent_resource_id
    when WorkOS::Authorization::ParentResourceByExternalId
      body["parent_resource_external_id"] = parent_resource.parent_resource_external_id
      body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug
    else
      raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}"
    end
  end
  response = @client.request(
    method: :patch,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

Class: WorkOS::Authorization

Defined Under Namespace

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Authorization

Instance Attribute Details

#parent_external_id ⇒ String (readonly)

#parent_resource_external_id ⇒ String (readonly)

#parent_resource_id ⇒ String (readonly)

#parent_resource_type_slug ⇒ String (readonly)

#resource_external_id ⇒ String (readonly)

#resource_id ⇒ String (readonly)

#resource_type_slug ⇒ String (readonly)

Instance Method Details

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

#add_organization_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

#assign_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ WorkOS::UserRoleAssignment

#check(organization_membership_id:, permission_slug:, resource_target:, request_options: {}) ⇒ WorkOS::AuthorizationCheck

#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Permission

#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ void

#delete_permission(slug:, request_options: {}) ⇒ void

#delete_resource(resource_id:, cascade_delete: false, request_options: {}) ⇒ void

#delete_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, cascade_delete: false, request_options: {}) ⇒ void

#get_environment_role(slug:, request_options: {}) ⇒ WorkOS::Role

#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ WorkOS::Role

#get_permission(slug:, request_options: {}) ⇒ WorkOS::AuthorizationPermission

#get_resource(resource_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

#get_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

#list_effective_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

#list_environment_roles(request_options: {}) ⇒ WorkOS::RoleList

#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

#list_memberships_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

#list_organization_roles(organization_id:, request_options: {}) ⇒ WorkOS::RoleList

#list_permissions(before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

#list_resources(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, resource_type_slug: nil, resource_external_id: nil, parent: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

#list_resources_for_membership(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

#list_role_assignments(organization_membership_id:, before: nil, after: nil, limit: 10, order: "desc", resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

#list_role_assignments_for_resource(resource_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

#list_role_assignments_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

#remove_organization_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ WorkOS::Role

#remove_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ void

#remove_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ void

#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

#set_organization_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::AuthorizationPermission

#update_resource(resource_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

#update_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

#initialize(client) ⇒ `Authorization`

#parent_external_id ⇒ `String` (readonly)

#parent_resource_external_id ⇒ `String` (readonly)

#parent_resource_id ⇒ `String` (readonly)

#parent_resource_type_slug ⇒ `String` (readonly)

#resource_external_id ⇒ `String` (readonly)

#resource_id ⇒ `String` (readonly)

#resource_type_slug ⇒ `String` (readonly)

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ `WorkOS::Role`

#add_organization_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ `WorkOS::Role`

#assign_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ `WorkOS::UserRoleAssignment`

#check(organization_membership_id:, permission_slug:, resource_target:, request_options: {}) ⇒ `WorkOS::AuthorizationCheck`

#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Role`

#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Role`

#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Permission`

#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ `void`

#delete_permission(slug:, request_options: {}) ⇒ `void`

#delete_resource(resource_id:, cascade_delete: false, request_options: {}) ⇒ `void`

#delete_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, cascade_delete: false, request_options: {}) ⇒ `void`

#get_environment_role(slug:, request_options: {}) ⇒ `WorkOS::Role`

#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ `WorkOS::Role`

#get_permission(slug:, request_options: {}) ⇒ `WorkOS::AuthorizationPermission`

#get_resource(resource_id:, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#get_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#list_effective_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

#list_environment_roles(request_options: {}) ⇒ `WorkOS::RoleList`

#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>`

#list_memberships_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>`

#list_organization_roles(organization_id:, request_options: {}) ⇒ `WorkOS::RoleList`

#list_permissions(before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>`

#list_resources(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, resource_type_slug: nil, resource_external_id: nil, parent: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>`

#list_resources_for_membership(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>`

#list_role_assignments(organization_membership_id:, before: nil, after: nil, limit: 10, order: "desc", resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>`

#list_role_assignments_for_resource(resource_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>`

#list_role_assignments_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ `WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>`

#remove_organization_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ `WorkOS::Role`

#remove_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ `void`

#remove_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ `void`

#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ `WorkOS::Role`

#set_organization_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ `WorkOS::Role`

#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::Role`

#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::Role`

#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ `WorkOS::AuthorizationPermission`

#update_resource(resource_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`

#update_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ `WorkOS::AuthorizationResource`