Class: WorkOS::Authorization

Inherits:

Object

• Object
• WorkOS::Authorization

Defined in:

lib/workos/authorization.rb

Defined Under Namespace

Classes: ParentByExternalId, ParentById, ParentResourceByExternalId, ParentResourceById, ResourceTargetByExternalId, ResourceTargetById

Instance Attribute Summary

• #parent_external_id ⇒ String readonly
• #parent_resource_external_id ⇒ String readonly
• #parent_resource_id ⇒ String readonly
• #parent_resource_type_slug ⇒ String readonly
• #resource_external_id ⇒ String readonly
• #resource_id ⇒ String readonly
• #resource_type_slug ⇒ String readonly

Instance Method Summary

• #add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

  Add a permission to an environment role.

• #add_organization_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

  Add a permission to a custom role.

• #assign_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ WorkOS::UserRoleAssignment

  Assign a role.

• #check(organization_membership_id:, permission_slug:, resource_target:, request_options: {}) ⇒ WorkOS::AuthorizationCheck

  Check authorization.

• #create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

  Create an environment role.

• #create_group_role_assignment(group_id:, role_slug:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::GroupRoleAssignment

  Assign a role to a group.

• #create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

  Create a custom role.

• #create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Permission

  Create a permission.

• #create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

  Create an authorization resource.

• #delete_group_role_assignment(group_id:, role_assignment_id:, request_options: {}) ⇒ void

  Remove a group role assignment.

• #delete_group_role_assignments(group_id:, role_slug:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ void

  Remove group role assignments by criteria.

• #delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ void

  Delete a custom role.

• #delete_permission(slug:, request_options: {}) ⇒ void

  Delete a permission.

• #delete_resource(resource_id:, cascade_delete: false, request_options: {}) ⇒ void

  Delete an authorization resource.

• #delete_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, cascade_delete: false, request_options: {}) ⇒ void

  Delete an authorization resource by external ID.

• #get_environment_role(slug:, request_options: {}) ⇒ WorkOS::Role

  Get an environment role.

• #get_group_role_assignment(group_id:, role_assignment_id:, request_options: {}) ⇒ WorkOS::GroupRoleAssignment

  Get a group role assignment.

• #get_organization_role(organization_id:, slug:, request_options: {}) ⇒ WorkOS::Role

  Get a custom role.

• #get_permission(slug:, request_options: {}) ⇒ WorkOS::AuthorizationPermission

  Get a permission.

• #get_resource(resource_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

  Get a resource.

• #get_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

  Get a resource by external ID.

• #initialize(client) ⇒ Authorization constructor

  A new instance of Authorization.

• #list_effective_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

  List effective permissions for an organization membership on a resource.

• #list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

  List effective permissions for an organization membership on a resource by external ID.

• #list_environment_roles(request_options: {}) ⇒ WorkOS::RoleList

  List environment roles.

• #list_group_role_assignments(group_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::GroupRoleAssignment>

  List role assignments for a group.

• #list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

  List organization memberships for resource.

• #list_memberships_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

  List memberships for a resource by external ID.

• #list_organization_roles(organization_id:, request_options: {}) ⇒ WorkOS::RoleList

  List custom roles.

• #list_permissions(before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

  List permissions.

• #list_resources(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, resource_type_slug: nil, resource_external_id: nil, parent: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

  List resources.

• #list_resources_for_membership(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

  List resources for organization membership.

• #list_role_assignments(organization_membership_id:, before: nil, after: nil, limit: 10, order: "desc", resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

  List role assignments.

• #list_role_assignments_for_resource(resource_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

  List role assignments for a resource.

• #list_role_assignments_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

  List role assignments for a resource by external ID.

• #remove_organization_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ WorkOS::Role

  Remove a permission from a custom role.

• #remove_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ void

  Remove a role assignment.

• #remove_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ void

  Remove a role assignment by ID.

• #set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

  Set permissions for an environment role.

• #set_organization_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

  Set permissions for a custom role.

• #update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

  Update an environment role.

• #update_group_role_assignments(group_id:, role_assignments:, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::GroupRoleAssignment>

  Replace all role assignments for a group.

• #update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

  Update a custom role.

• #update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::AuthorizationPermission

  Update a permission.

• #update_resource(resource_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

  Update a resource.

• #update_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

  Update a resource by external ID.

Constructor Details

#initialize(client) ⇒ Authorization

Returns a new instance of Authorization.

# File 'lib/workos/authorization.rb', line 51

def initialize(client)
  @client = client
end

Instance Attribute Details

#parent_external_id ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/authorization.rb', line 49

ParentByExternalId = Data.define(:parent_resource_type_slug, :parent_external_id)

#parent_resource_external_id ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/authorization.rb', line 35

ParentResourceByExternalId = Data.define(:parent_resource_type_slug, :parent_resource_external_id)

#parent_resource_id ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/authorization.rb', line 27

ParentResourceById = Data.define(:parent_resource_id)

#parent_resource_type_slug ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/authorization.rb', line 35

ParentResourceByExternalId = Data.define(:parent_resource_type_slug, :parent_resource_external_id)

#resource_external_id ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/authorization.rb', line 21

ResourceTargetByExternalId = Data.define(:resource_external_id, :resource_type_slug)

#resource_id ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/authorization.rb', line 13

ResourceTargetById = Data.define(:resource_id)

#resource_type_slug ⇒ String (readonly)

Returns:

• (String)

# File 'lib/workos/authorization.rb', line 21

ResourceTargetByExternalId = Data.define(:resource_external_id, :resource_type_slug)

Instance Method Details

#add_environment_role_permission(slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

Add a permission to an environment role

Parameters:

• slug (String) —

  The slug of the environment role.

• body_slug (String) —

  The slug of the permission to add to the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1406

def add_environment_role_permission(
  slug:,
  body_slug:,
  request_options: {}
)
  body = {
    "slug" => body_slug
  }
  response = @client.request(
    method: :post,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#add_organization_role_permission(organization_id:, slug:, body_slug:, request_options: {}) ⇒ WorkOS::Role

Add a permission to a custom role

Parameters:

• organization_id (String) —

  The ID of the organization.

• slug (String) —

  The slug of the role.

• body_slug (String) —

  The slug of the permission to add to the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 716

def add_organization_role_permission(
  organization_id:,
  slug:,
  body_slug:,
  request_options: {}
)
  body = {
    "slug" => body_slug
  }
  response = @client.request(
    method: :post,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#assign_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ WorkOS::UserRoleAssignment

Assign a role

Parameters:

• organization_membership_id (String) —

  The ID of the organization membership.

• role_slug (String) —

  The slug of the role to assign.

• resource_target (WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId) —

  Identifies the resource target.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::UserRoleAssignment)

# File 'lib/workos/authorization.rb', line 502

def assign_role(
  organization_membership_id:,
  role_slug:,
  resource_target:,
  request_options: {}
)
  body = {
    "role_slug" => role_slug
  }
  case resource_target
  when WorkOS::Authorization::ResourceTargetById
    body["resource_id"] = resource_target.resource_id
  when WorkOS::Authorization::ResourceTargetByExternalId
    body["resource_external_id"] = resource_target.resource_external_id
    body["resource_type_slug"] = resource_target.resource_type_slug
  else
    raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}"
  end
  response = @client.request(
    method: :post,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::UserRoleAssignment.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#check(organization_membership_id:, permission_slug:, resource_target:, request_options: {}) ⇒ WorkOS::AuthorizationCheck

Check authorization

Parameters:

• organization_membership_id (String) —

  The ID of the organization membership to check.

• permission_slug (String) —

  The slug of the permission to check.

• resource_target (WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId) —

  Identifies the resource target.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthorizationCheck)

# File 'lib/workos/authorization.rb', line 241

def check(
  organization_membership_id:,
  permission_slug:,
  resource_target:,
  request_options: {}
)
  body = {
    "permission_slug" => permission_slug
  }
  case resource_target
  when WorkOS::Authorization::ResourceTargetById
    body["resource_id"] = resource_target.resource_id
  when WorkOS::Authorization::ResourceTargetByExternalId
    body["resource_external_id"] = resource_target.resource_external_id
    body["resource_type_slug"] = resource_target.resource_type_slug
  else
    raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}"
  end
  response = @client.request(
    method: :post,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/check",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationCheck.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_environment_role(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

Create an environment role

Parameters:

• slug (String) —

  A unique slug for the role.

• name (String) —

  A descriptive name for the role.

• description (String, nil) (defaults to: nil) —

  An optional description of the role.

• resource_type_slug (String, nil) (defaults to: nil) —

  The slug of the resource type the role is scoped to.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1329

def create_environment_role(
  slug:,
  name:,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/roles",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_group_role_assignment(group_id:, role_slug:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::GroupRoleAssignment

Assign a role to a group

Parameters:

• group_id (String) —

  The ID of the group.

• role_slug (String) —

  The slug of the role to assign to the group.

• resource_id (String, nil) (defaults to: nil) —

  The ID of the resource. Omit along with the external-id fields to target the organization itself.

• resource_external_id (String, nil) (defaults to: nil) —

  The external ID of the resource.

• resource_type_slug (String, nil) (defaults to: nil) —

  The resource type slug.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::GroupRoleAssignment)

# File 'lib/workos/authorization.rb', line 110

def create_group_role_assignment(
  group_id:,
  role_slug:,
  resource_id: nil,
  resource_external_id: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "role_slug" => role_slug,
    "resource_id" => resource_id,
    "resource_external_id" => resource_external_id,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::GroupRoleAssignment.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_organization_role(organization_id:, name:, slug: nil, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Role

Create a custom role

Parameters:

• organization_id (String) —

  The ID of the organization.

• slug (String, nil) (defaults to: nil) —

  A unique identifier for the role within the organization. When provided, must begin with 'org-' and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix.

• name (String) —

  A descriptive name for the role.

• description (String, nil) (defaults to: nil) —

  An optional description of the role's purpose.

• resource_type_slug (String, nil) (defaults to: nil) —

  The slug of the resource type the role is scoped to.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 614

def create_organization_role(
  organization_id:,
  name:,
  slug: nil,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_permission(slug:, name:, description: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Permission

Create a permission

Parameters:

• slug (String) —

  A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.

• name (String) —

  A descriptive name for the Permission.

• description (String, nil) (defaults to: nil) —

  An optional description of the Permission.

• resource_type_slug (String, nil) (defaults to: nil) —

  The slug of the resource type this permission is scoped to.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Permission)

# File 'lib/workos/authorization.rb', line 1502

def create_permission(
  slug:,
  name:,
  description: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "slug" => slug,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :post,
    path: "/authorization/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Permission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#create_resource(external_id:, name:, resource_type_slug:, organization_id:, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

Create an authorization resource

Parameters:

• external_id (String) —

  An external identifier for the resource.

• name (String) —

  A display name for the resource.

• description (String, nil) (defaults to: nil) —

  An optional description of the resource.

• resource_type_slug (String) —

  The slug of the resource type.

• organization_id (String) —

  The ID of the organization this resource belongs to.

• parent_resource (WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil) (defaults to: nil) —

  Identifies the parent resource.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 1079

def create_resource(
  external_id:,
  name:,
  resource_type_slug:,
  organization_id:,
  description: nil,
  parent_resource: nil,
  request_options: {}
)
  body = {
    "external_id" => external_id,
    "name" => name,
    "description" => description,
    "resource_type_slug" => resource_type_slug,
    "organization_id" => organization_id
  }.compact
  if parent_resource
    case parent_resource
    when WorkOS::Authorization::ParentResourceById
      body["parent_resource_id"] = parent_resource.parent_resource_id
    when WorkOS::Authorization::ParentResourceByExternalId
      body["parent_resource_external_id"] = parent_resource.parent_resource_external_id
      body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug
    else
      raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}"
    end
  end
  response = @client.request(
    method: :post,
    path: "/authorization/resources",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#delete_group_role_assignment(group_id:, role_assignment_id:, request_options: {}) ⇒ void

This method returns an undefined value.

Remove a group role assignment

Parameters:

• group_id (String) —

  The ID of the group.

• role_assignment_id (String) —

  The ID of the group role assignment to remove.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 221

def delete_group_role_assignment(
  group_id:,
  role_assignment_id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments/#{WorkOS::Util.encode_path(role_assignment_id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_group_role_assignments(group_id:, role_slug:, resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ void

This method returns an undefined value.

Remove group role assignments by criteria

Parameters:

• group_id (String) —

  The ID of the group.

• role_slug (String) —

  The slug of the role to remove assignments for.

• resource_id (String, nil) (defaults to: nil) —

  The ID of the resource. Mutually exclusive with resource_external_id and resource_type_slug.

• resource_external_id (String, nil) (defaults to: nil) —

  The external ID of the resource.

• resource_type_slug (String, nil) (defaults to: nil) —

  The resource type slug.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 171

def delete_group_role_assignments(
  group_id:,
  role_slug:,
  resource_id: nil,
  resource_external_id: nil,
  resource_type_slug: nil,
  request_options: {}
)
  body = {
    "role_slug" => role_slug,
    "resource_id" => resource_id,
    "resource_external_id" => resource_external_id,
    "resource_type_slug" => resource_type_slug
  }.compact
  @client.request(
    method: :delete,
    path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments",
    auth: true,
    body: body,
    request_options: request_options
  )
  nil
end

#delete_organization_role(organization_id:, slug:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete a custom role

Parameters:

• organization_id (String) —

  The ID of the organization.

• slug (String) —

  The slug of the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 696

def delete_organization_role(
  organization_id:,
  slug:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_permission(slug:, request_options: {}) ⇒ void

This method returns an undefined value.

Delete a permission

Parameters:

• slug (String) —

  A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 1578

def delete_permission(
  slug:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#delete_resource(resource_id:, cascade_delete: false, request_options: {}) ⇒ void

This method returns an undefined value.

Delete an authorization resource

Parameters:

• resource_id (String) —

  The ID of the authorization resource.

• cascade_delete (Boolean, nil) (defaults to: false) —

  If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 1183

def delete_resource(
  resource_id:,
  cascade_delete: false,
  request_options: {}
)
  params = {
    "cascade_delete" => cascade_delete
  }.compact
  @client.request(
    method: :delete,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    params: params,
    request_options: request_options
  )
  nil
end

#delete_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, cascade_delete: false, request_options: {}) ⇒ void

This method returns an undefined value.

Delete an authorization resource by external ID

Parameters:

• organization_id (String) —

  The ID of the organization that owns the resource.

• resource_type_slug (String) —

  The slug of the resource type.

• external_id (String) —

  An identifier you provide to reference the resource in your system.

• cascade_delete (Boolean, nil) (defaults to: false) —

  If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 862

def delete_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  cascade_delete: false,
  request_options: {}
)
  params = {
    "cascade_delete" => cascade_delete
  }.compact
  @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    params: params,
    request_options: request_options
  )
  nil
end

#get_environment_role(slug:, request_options: {}) ⇒ WorkOS::Role

Get an environment role

Parameters:

• slug (String) —

  The slug of the environment role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1358

def get_environment_role(
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_group_role_assignment(group_id:, role_assignment_id:, request_options: {}) ⇒ WorkOS::GroupRoleAssignment

Get a group role assignment

Parameters:

• group_id (String) —

  The ID of the group.

• role_assignment_id (String) —

  The ID of the group role assignment.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::GroupRoleAssignment)

# File 'lib/workos/authorization.rb', line 200

def get_group_role_assignment(
  group_id:,
  role_assignment_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments/#{WorkOS::Util.encode_path(role_assignment_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::GroupRoleAssignment.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_organization_role(organization_id:, slug:, request_options: {}) ⇒ WorkOS::Role

Get a custom role

Parameters:

• organization_id (String) —

  The ID of the organization.

• slug (String) —

  The slug of the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 645

def get_organization_role(
  organization_id:,
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_permission(slug:, request_options: {}) ⇒ WorkOS::AuthorizationPermission

Get a permission

Parameters:

• slug (String) —

  A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthorizationPermission)

# File 'lib/workos/authorization.rb', line 1531

def get_permission(
  slug:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationPermission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_resource(resource_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

Get a resource

Parameters:

• resource_id (String) —

  The ID of the authorization resource.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 1122

def get_resource(
  resource_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#get_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, request_options: {}) ⇒ WorkOS::AuthorizationResource

Get a resource by external ID

Parameters:

• organization_id (String) —

  The ID of the organization that owns the resource.

• resource_type_slug (String) —

  The slug of the resource type.

• external_id (String) —

  An identifier you provide to reference the resource in your system.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 793

def get_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_effective_permissions(organization_membership_id:, resource_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

List effective permissions for an organization membership on a resource

Parameters:

• organization_membership_id (String) —

  The ID of the organization membership.

• resource_id (String) —

  The ID of the authorization resource.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 343

def list_effective_permissions(
  organization_membership_id:,
  resource_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources/#{WorkOS::Util.encode_path(resource_id)}/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_effective_permissions(
      organization_membership_id: organization_membership_id,
      resource_id: resource_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {organization_membership_id: organization_membership_id, resource_id: resource_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_effective_permissions_by_external_id(organization_membership_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

List effective permissions for an organization membership on a resource by external ID

Parameters:

• organization_membership_id (String) —

  The ID of the organization membership.

• resource_type_slug (String) —

  The slug of the resource type.

• external_id (String) —

  An identifier you provide to reference the resource in your system.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 394

def list_effective_permissions_by_external_id(
  organization_membership_id:,
  resource_type_slug:,
  external_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_effective_permissions_by_external_id(
      organization_membership_id: organization_membership_id,
      resource_type_slug: resource_type_slug,
      external_id: external_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {organization_membership_id: organization_membership_id, resource_type_slug: resource_type_slug, external_id: external_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_environment_roles(request_options: {}) ⇒ WorkOS::RoleList

List environment roles

Parameters:

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::RoleList)

# File 'lib/workos/authorization.rb', line 1310

def list_environment_roles(request_options: {})
  response = @client.request(
    method: :get,
    path: "/authorization/roles",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::RoleList.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_group_role_assignments(group_id:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::GroupRoleAssignment>

List role assignments for a group

Parameters:

• group_id (String) —

  The ID of the group.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::GroupRoleAssignment>)

# File 'lib/workos/authorization.rb', line 63

def list_group_role_assignments(
  group_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_group_role_assignments(
      group_id: group_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::GroupRoleAssignment,
    filters: {group_id: group_id, before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_memberships_for_resource(resource_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

List organization memberships for resource

Parameters:

• resource_id (String) —

  The ID of the authorization resource.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• permission_slug (String) —

  The permission slug to filter by. Only users with this permission on the resource are returned.

• assignment (WorkOS::Types::AuthorizationAssignment, nil) (defaults to: nil) —

  Filter by assignment type. Use direct for direct assignments only, or indirect to include inherited assignments.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>)

# File 'lib/workos/authorization.rb', line 1211

def list_memberships_for_resource(
  resource_id:,
  permission_slug:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  assignment: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug,
    "assignment" => assignment
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}/organization_memberships",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_memberships_for_resource(
      resource_id: resource_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      assignment: assignment,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserOrganizationMembershipBaseListData,
    filters: {resource_id: resource_id, before: before, limit: limit, order: order, permission_slug: permission_slug, assignment: assignment},
    fetch_next: fetch_next
  )
end

#list_memberships_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, permission_slug:, before: nil, after: nil, limit: 10, order: "desc", assignment: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>

List memberships for a resource by external ID

Parameters:

• organization_id (String) —

  The ID of the organization that owns the resource.

• resource_type_slug (String) —

  The slug of the resource type this resource belongs to.

• external_id (String) —

  An identifier you provide to reference the resource in your system.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• permission_slug (String) —

  The permission slug to filter by. Only users with this permission on the resource are returned.

• assignment (WorkOS::Types::AuthorizationAssignment, nil) (defaults to: nil) —

  Filter by assignment type. Use "direct" for direct assignments only, or "indirect" to include inherited assignments.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserOrganizationMembershipBaseListData>)

# File 'lib/workos/authorization.rb', line 894

def list_memberships_for_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  permission_slug:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  assignment: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug,
    "assignment" => assignment
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}/organization_memberships",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_memberships_for_resource_by_external_id(
      organization_id: organization_id,
      resource_type_slug: resource_type_slug,
      external_id: external_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      assignment: assignment,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserOrganizationMembershipBaseListData,
    filters: {organization_id: organization_id, resource_type_slug: resource_type_slug, external_id: external_id, before: before, limit: limit, order: order, permission_slug: permission_slug, assignment: assignment},
    fetch_next: fetch_next
  )
end

#list_organization_roles(organization_id:, request_options: {}) ⇒ WorkOS::RoleList

List custom roles

Parameters:

• organization_id (String) —

  The ID of the organization.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::RoleList)

# File 'lib/workos/authorization.rb', line 591

def list_organization_roles(
  organization_id:,
  request_options: {}
)
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::RoleList.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#list_permissions(before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>

List permissions

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::AuthorizationPermission>)

# File 'lib/workos/authorization.rb', line 1458

def list_permissions(
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/permissions",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_permissions(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationPermission,
    filters: {before: before, limit: limit, order: order},
    fetch_next: fetch_next
  )
end

#list_resources(before: nil, after: nil, limit: 10, order: "desc", organization_id: nil, resource_type_slug: nil, resource_external_id: nil, parent: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

List resources

Parameters:

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• organization_id (String, nil) (defaults to: nil) —

  Filter resources by organization ID.

• resource_type_slug (String, nil) (defaults to: nil) —

  Filter resources by resource type slug.

• resource_external_id (String, nil) (defaults to: nil) —

  Filter resources by external ID.

• parent (WorkOS::Authorization::ParentById, WorkOS::Authorization::ParentByExternalId, nil) (defaults to: nil) —

  Identifies the parent.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>)

# File 'lib/workos/authorization.rb', line 1011

def list_resources(
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  organization_id: nil,
  resource_type_slug: nil,
  resource_external_id: nil,
  parent: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "organization_id" => organization_id,
    "resource_type_slug" => resource_type_slug,
    "resource_external_id" => resource_external_id
  }.compact
  if parent
    case parent
    when WorkOS::Authorization::ParentById
      params["parent_resource_id"] = parent.parent_resource_id
    when WorkOS::Authorization::ParentByExternalId
      params["parent_resource_type_slug"] = parent.parent_resource_type_slug
      params["parent_external_id"] = parent.parent_external_id
    else
      raise ArgumentError, "expected parent to be one of: WorkOS::Authorization::ParentById, WorkOS::Authorization::ParentByExternalId, got #{parent.class}"
    end
  end
  response = @client.request(
    method: :get,
    path: "/authorization/resources",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_resources(
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      organization_id: organization_id,
      resource_type_slug: resource_type_slug,
      resource_external_id: resource_external_id,
      parent: parent,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationResource,
    filters: {before: before, limit: limit, order: order, organization_id: organization_id, resource_type_slug: resource_type_slug, resource_external_id: resource_external_id, parent: parent},
    fetch_next: fetch_next
  )
end

#list_resources_for_membership(organization_membership_id:, permission_slug:, parent_resource:, before: nil, after: nil, limit: 10, order: "desc", request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>

List resources for organization membership

Parameters:

• organization_membership_id (String) —

  The ID of the organization membership.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• permission_slug (String) —

  The permission slug to filter by. Only child resources where the organization membership has this permission are returned.

• parent_resource (WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId) —

  Identifies the parent resource.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::AuthorizationResource>)

# File 'lib/workos/authorization.rb', line 281

def list_resources_for_membership(
  organization_membership_id:,
  permission_slug:,
  parent_resource:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "permission_slug" => permission_slug
  }.compact
  case parent_resource
  when WorkOS::Authorization::ParentResourceById
    params["parent_resource_id"] = parent_resource.parent_resource_id
  when WorkOS::Authorization::ParentResourceByExternalId
    params["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug
    params["parent_resource_external_id"] = parent_resource.parent_resource_external_id
  else
    raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}"
  end
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/resources",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_resources_for_membership(
      organization_membership_id: organization_membership_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      permission_slug: permission_slug,
      parent_resource: parent_resource,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::AuthorizationResource,
    filters: {organization_membership_id: organization_membership_id, before: before, limit: limit, order: order, permission_slug: permission_slug, parent_resource: parent_resource},
    fetch_next: fetch_next
  )
end

#list_role_assignments(organization_membership_id:, before: nil, after: nil, limit: 10, order: "desc", resource_id: nil, resource_external_id: nil, resource_type_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

List role assignments

Parameters:

• organization_membership_id (String) —

  The ID of the organization membership.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• resource_id (String, nil) (defaults to: nil) —

  Filter assignments by the ID of the resource.

• resource_external_id (String, nil) (defaults to: nil) —

  Filter assignments by the external ID of the resource.

• resource_type_slug (String, nil) (defaults to: nil) —

  Filter assignments by the slug of the resource type.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>)

# File 'lib/workos/authorization.rb', line 448

def list_role_assignments(
  organization_membership_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  resource_id: nil,
  resource_external_id: nil,
  resource_type_slug: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "resource_id" => resource_id,
    "resource_external_id" => resource_external_id,
    "resource_type_slug" => resource_type_slug
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_role_assignments(
      organization_membership_id: organization_membership_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      resource_id: resource_id,
      resource_external_id: resource_external_id,
      resource_type_slug: resource_type_slug,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserRoleAssignment,
    filters: {organization_membership_id: organization_membership_id, before: before, limit: limit, order: order, resource_id: resource_id, resource_external_id: resource_external_id, resource_type_slug: resource_type_slug},
    fetch_next: fetch_next
  )
end

#list_role_assignments_for_resource(resource_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

List role assignments for a resource

Parameters:

• resource_id (String) —

  The ID of the authorization resource.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• role_slug (String, nil) (defaults to: nil) —

  Filter assignments by the slug of the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>)

# File 'lib/workos/authorization.rb', line 1265

def list_role_assignments_for_resource(
  resource_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  role_slug: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "role_slug" => role_slug
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}/role_assignments",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_role_assignments_for_resource(
      resource_id: resource_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      role_slug: role_slug,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserRoleAssignment,
    filters: {resource_id: resource_id, before: before, limit: limit, order: order, role_slug: role_slug},
    fetch_next: fetch_next
  )
end

#list_role_assignments_for_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, before: nil, after: nil, limit: 10, order: "desc", role_slug: nil, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>

List role assignments for a resource by external ID

Parameters:

• organization_id (String) —

  The ID of the organization that owns the resource.

• resource_type_slug (String) —

  The slug of the resource type.

• external_id (String) —

  An identifier you provide to reference the resource in your system.

• before (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include before="obj_123" to fetch a new batch of objects before "obj_123".

• after (String, nil) (defaults to: nil) —

  An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with "obj_123", your subsequent call can include after="obj_123" to fetch a new batch of objects after "obj_123".

• limit (Integer, nil) (defaults to: 10) —

  Upper limit on the number of objects to return, between 1 and 100.

• order (WorkOS::Types::PaginationOrder, nil) (defaults to: "desc") —

  Order the results by the creation time. Supported values are "asc" (ascending), "desc" (descending), and "normal" (descending with reversed cursor semantics where before fetches older records and after fetches newer records).

• role_slug (String, nil) (defaults to: nil) —

  Filter assignments by the slug of the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::UserRoleAssignment>)

# File 'lib/workos/authorization.rb', line 954

def list_role_assignments_for_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  before: nil,
  after: nil,
  limit: 10,
  order: "desc",
  role_slug: nil,
  request_options: {}
)
  params = {
    "before" => before,
    "after" => after,
    "limit" => limit,
    "order" => order,
    "role_slug" => role_slug
  }.compact
  response = @client.request(
    method: :get,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}/role_assignments",
    auth: true,
    params: params,
    request_options: request_options
  )
  fetch_next = ->(cursor) {
    list_role_assignments_for_resource_by_external_id(
      organization_id: organization_id,
      resource_type_slug: resource_type_slug,
      external_id: external_id,
      before: before,
      after: cursor,
      limit: limit,
      order: order,
      role_slug: role_slug,
      request_options: request_options
    )
  }
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::UserRoleAssignment,
    filters: {organization_id: organization_id, resource_type_slug: resource_type_slug, external_id: external_id, before: before, limit: limit, order: order, role_slug: role_slug},
    fetch_next: fetch_next
  )
end

#remove_organization_role_permission(organization_id:, slug:, permission_slug:, request_options: {}) ⇒ WorkOS::Role

Remove a permission from a custom role

Parameters:

• organization_id (String) —

  The ID of the organization.

• slug (String) —

  The slug of the role.

• permission_slug (String) —

  The slug of the permission to remove.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 770

def remove_organization_role_permission(
  organization_id:,
  slug:,
  permission_slug:,
  request_options: {}
)
  response = @client.request(
    method: :delete,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions/#{WorkOS::Util.encode_path(permission_slug)}",
    auth: true,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#remove_role(organization_membership_id:, role_slug:, resource_target:, request_options: {}) ⇒ void

This method returns an undefined value.

Remove a role assignment

Parameters:

• organization_membership_id (String) —

  The ID of the organization membership.

• role_slug (String) —

  The slug of the role to remove.

• resource_target (WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId) —

  Identifies the resource target.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 538

def remove_role(
  organization_membership_id:,
  role_slug:,
  resource_target:,
  request_options: {}
)
  params = {}
  case resource_target
  when WorkOS::Authorization::ResourceTargetById
    params["resource_id"] = resource_target.resource_id
  when WorkOS::Authorization::ResourceTargetByExternalId
    params["resource_external_id"] = resource_target.resource_external_id
    params["resource_type_slug"] = resource_target.resource_type_slug
  else
    raise ArgumentError, "expected resource_target to be one of: WorkOS::Authorization::ResourceTargetById, WorkOS::Authorization::ResourceTargetByExternalId, got #{resource_target.class}"
  end
  body = {
    "role_slug" => role_slug
  }
  @client.request(
    method: :delete,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments",
    auth: true,
    params: params,
    body: body,
    request_options: request_options
  )
  nil
end

#remove_role_assignment(organization_membership_id:, role_assignment_id:, request_options: {}) ⇒ void

This method returns an undefined value.

Remove a role assignment by ID

Parameters:

• organization_membership_id (String) —

  The ID of the organization membership.

• role_assignment_id (String) —

  The ID of the role assignment to remove.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

# File 'lib/workos/authorization.rb', line 573

def remove_role_assignment(
  organization_membership_id:,
  role_assignment_id:,
  request_options: {}
)
  @client.request(
    method: :delete,
    path: "/authorization/organization_memberships/#{WorkOS::Util.encode_path(organization_membership_id)}/role_assignments/#{WorkOS::Util.encode_path(role_assignment_id)}",
    auth: true,
    request_options: request_options
  )
  nil
end

#set_environment_role_permissions(slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

Set permissions for an environment role

Parameters:

• slug (String) —

  The slug of the environment role.

• permissions (Array<String>) —

  The permission slugs to assign to the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1431

def set_environment_role_permissions(
  slug:,
  permissions:,
  request_options: {}
)
  body = {
    "permissions" => permissions
  }
  response = @client.request(
    method: :put,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#set_organization_role_permissions(organization_id:, slug:, permissions:, request_options: {}) ⇒ WorkOS::Role

Set permissions for a custom role

Parameters:

• organization_id (String) —

  The ID of the organization.

• slug (String) —

  The slug of the role.

• permissions (Array<String>) —

  The permission slugs to assign to the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 743

def set_organization_role_permissions(
  organization_id:,
  slug:,
  permissions:,
  request_options: {}
)
  body = {
    "permissions" => permissions
  }
  response = @client.request(
    method: :put,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}/permissions",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_environment_role(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

Update an environment role

Parameters:

• slug (String) —

  The slug of the environment role.

• name (String, nil) (defaults to: nil) —

  A descriptive name for the role.

• description (String, nil) (defaults to: nil) —

  An optional description of the role.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 1379

def update_environment_role(
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_group_role_assignments(group_id:, role_assignments:, request_options: {}) ⇒ WorkOS::Types::ListStruct<WorkOS::GroupRoleAssignment>

Replace all role assignments for a group

Parameters:

• group_id (String) —

  The ID of the group.

• role_assignments (Array<WorkOS::ReplaceGroupRoleAssignmentEntry>) —

  The list of role assignments that should exist for the group. All existing assignments will be replaced.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Types::ListStruct<WorkOS::GroupRoleAssignment>)

# File 'lib/workos/authorization.rb', line 141

def update_group_role_assignments(
  group_id:,
  role_assignments:,
  request_options: {}
)
  body = {
    "role_assignments" => role_assignments
  }
  response = @client.request(
    method: :put,
    path: "/authorization/groups/#{WorkOS::Util.encode_path(group_id)}/role_assignments",
    auth: true,
    body: body,
    request_options: request_options
  )
  WorkOS::Types::ListStruct.from_response(
    response,
    model: WorkOS::GroupRoleAssignment,
    filters: {group_id: group_id, role_assignments: role_assignments}
  )
end

#update_organization_role(organization_id:, slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::Role

Update a custom role

Parameters:

• organization_id (String) —

  The ID of the organization.

• slug (String) —

  The slug of the role.

• name (String, nil) (defaults to: nil) —

  A descriptive name for the role.

• description (String, nil) (defaults to: nil) —

  An optional description of the role's purpose.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::Role)

# File 'lib/workos/authorization.rb', line 668

def update_organization_role(
  organization_id:,
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/roles/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::Role.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_permission(slug:, name: nil, description: nil, request_options: {}) ⇒ WorkOS::AuthorizationPermission

Update a permission

Parameters:

• slug (String) —

  A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.

• name (String, nil) (defaults to: nil) —

  A descriptive name for the Permission.

• description (String, nil) (defaults to: nil) —

  An optional description of the Permission.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthorizationPermission)

# File 'lib/workos/authorization.rb', line 1552

def update_permission(
  slug:,
  name: nil,
  description: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  response = @client.request(
    method: :patch,
    path: "/authorization/permissions/#{WorkOS::Util.encode_path(slug)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationPermission.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_resource(resource_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

Update a resource

Parameters:

• resource_id (String) —

  The ID of the authorization resource.

• name (String, nil) (defaults to: nil) —

  A display name for the resource.

• description (String, nil) (defaults to: nil) —

  An optional description of the resource.

• parent_resource (WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil) (defaults to: nil) —

  Identifies the parent resource.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 1144

def update_resource(
  resource_id:,
  name: nil,
  description: nil,
  parent_resource: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  if parent_resource
    case parent_resource
    when WorkOS::Authorization::ParentResourceById
      body["parent_resource_id"] = parent_resource.parent_resource_id
    when WorkOS::Authorization::ParentResourceByExternalId
      body["parent_resource_external_id"] = parent_resource.parent_resource_external_id
      body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug
    else
      raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}"
    end
  end
  response = @client.request(
    method: :patch,
    path: "/authorization/resources/#{WorkOS::Util.encode_path(resource_id)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end

#update_resource_by_external_id(organization_id:, resource_type_slug:, external_id:, name: nil, description: nil, parent_resource: nil, request_options: {}) ⇒ WorkOS::AuthorizationResource

Update a resource by external ID

Parameters:

• organization_id (String) —

  The ID of the organization that owns the resource.

• resource_type_slug (String) —

  The slug of the resource type.

• external_id (String) —

  An identifier you provide to reference the resource in your system.

• name (String, nil) (defaults to: nil) —

  A display name for the resource.

• description (String, nil) (defaults to: nil) —

  An optional description of the resource.

• parent_resource (WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, nil) (defaults to: nil) —

  Identifies the parent resource.

• request_options (Hash) (defaults to: {}) —

  (see WorkOS::Types::RequestOptions)

Returns:

• (WorkOS::AuthorizationResource)

# File 'lib/workos/authorization.rb', line 819

def update_resource_by_external_id(
  organization_id:,
  resource_type_slug:,
  external_id:,
  name: nil,
  description: nil,
  parent_resource: nil,
  request_options: {}
)
  body = {
    "name" => name,
    "description" => description
  }.compact
  if parent_resource
    case parent_resource
    when WorkOS::Authorization::ParentResourceById
      body["parent_resource_id"] = parent_resource.parent_resource_id
    when WorkOS::Authorization::ParentResourceByExternalId
      body["parent_resource_external_id"] = parent_resource.parent_resource_external_id
      body["parent_resource_type_slug"] = parent_resource.parent_resource_type_slug
    else
      raise ArgumentError, "expected parent_resource to be one of: WorkOS::Authorization::ParentResourceById, WorkOS::Authorization::ParentResourceByExternalId, got #{parent_resource.class}"
    end
  end
  response = @client.request(
    method: :patch,
    path: "/authorization/organizations/#{WorkOS::Util.encode_path(organization_id)}/resources/#{WorkOS::Util.encode_path(resource_type_slug)}/#{WorkOS::Util.encode_path(external_id)}",
    auth: true,
    body: body,
    request_options: request_options
  )
  result = WorkOS::AuthorizationResource.new(response.body)
  result.last_response = WorkOS::Types::ApiResponse.new(http_status: response.code.to_i, http_headers: response.each_header.to_h, request_id: response["x-request-id"])
  result
end