Skip to content

Allow searching for users with all roles in a tenant #637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
slavikm merged 3 commits into from
Aug 20, 2025
Merged

Allow searching for users with all roles in a tenant #637

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
93fceb9
Allow searching for users with all roles in a tenant
slavikm Aug 20, 2025
5bfb1b4
Oopsy, forgot import
slavikm Aug 20, 2025
07485f5
Tests
slavikm Aug 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions descope/management/common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -407,9 +407,3 @@ def sort_to_dict(sort: List[Sort]) -> list:
}
)
return sort_list


def map_to_values_object(input_map: dict):
if not input_map:
return {}
return {k: {"values": v} for k, v in input_map.items()}
13 changes: 8 additions & 5 deletions descope/management/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
MgmtV1,
Sort,
associated_tenants_to_dict,
map_to_values_object,
sort_to_dict,
)
from descope.management.user_pwd import UserPassword
Expand Down Expand Up @@ -666,7 +665,9 @@ def search_all(
to_modified_time (int): Optional int, only include users whose last modification/update occurred on or before this time (in Unix epoch milliseconds)
user_ids (List[str]): Optional list of user IDs to filter by
tenant_role_ids (dict): Optional mapping of tenant ID to list of role IDs.
Dict value is in the form of {"tenant_id": {"values":["role_id1", "role_id2"], "and": True}} if you want to match all roles (AND) or any role (OR).
tenant_role_names (dict): Optional mapping of tenant ID to list of role names.
Dict value is in the form of {"tenant_id": {"values":["role_name1", "role_name2"], "and": True}} if you want to match all roles (AND) or any role (OR).

Return value (dict):
Return dict in the format
Expand Down Expand Up @@ -733,9 +734,9 @@ def search_all(
body["toModifiedTime"] = to_modified_time

if tenant_role_ids is not None:
body["tenantRoleIds"] = map_to_values_object(tenant_role_ids)
body["tenantRoleIds"] = tenant_role_ids
if tenant_role_names is not None:
body["tenantRoleNames"] = map_to_values_object(tenant_role_names)
body["tenantRoleNames"] = tenant_role_names

response = self._auth.do_post(
MgmtV1.users_search_path,
Expand Down Expand Up @@ -786,7 +787,9 @@ def search_all_test_users(
from_modified_time (int): Optional int, only include users whose last modification/update occurred on or after this time (in Unix epoch milliseconds)
to_modified_time (int): Optional int, only include users whose last modification/update occurred on or before this time (in Unix epoch milliseconds)
tenant_role_ids (dict): Optional mapping of tenant ID to list of role IDs.
Dict value is in the form of {"tenant_id": {"values":["role_id1", "role_id2"], "and": True}} if you want to match all roles (AND) or any role (OR).
tenant_role_names (dict): Optional mapping of tenant ID to list of role names.
Dict value is in the form of {"tenant_id": {"values":["role_name1", "role_name2"], "and": True}} if you want to match all roles (AND) or any role (OR).

Return value (dict):
Return dict in the format
Expand Down Expand Up @@ -850,9 +853,9 @@ def search_all_test_users(
body["toModifiedTime"] = to_modified_time

if tenant_role_ids is not None:
body["tenantRoleIds"] = map_to_values_object(tenant_role_ids)
body["tenantRoleIds"] = tenant_role_ids
if tenant_role_names is not None:
body["tenantRoleNames"] = map_to_values_object(tenant_role_names)
body["tenantRoleNames"] = tenant_role_names

response = self._auth.do_post(
MgmtV1.test_users_search_path,
Expand Down
30 changes: 15 additions & 15 deletions tests/management/test_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,7 @@ def test_invite_batch(self):
users = resp["users"]
self.assertEqual(users[0]["id"], "u1")

expectedUsers = {
expected_users = {
"users": [
{
"loginId": "[email protected]",
Expand Down Expand Up @@ -369,7 +369,7 @@ def test_invite_batch(self):
"x-descope-project-id": self.dummy_project_id,
},
params=None,
json=expectedUsers,
json=expected_users,
allow_redirects=False,
verify=True,
timeout=DEFAULT_TIMEOUT_SECONDS,
Expand Down Expand Up @@ -403,8 +403,8 @@ def test_invite_batch(self):
send_sms=True,
)

del expectedUsers["users"][0]["hashedPassword"]
expectedUsers["users"][0]["password"] = "clear"
del expected_users["users"][0]["hashedPassword"]
expected_users["users"][0]["password"] = "clear"
mock_post.assert_called_with(
f"{common.DEFAULT_BASE_URL}{MgmtV1.user_create_batch_path}",
headers={
Expand All @@ -413,7 +413,7 @@ def test_invite_batch(self):
"x-descope-project-id": self.dummy_project_id,
},
params=None,
json=expectedUsers,
json=expected_users,
allow_redirects=False,
verify=True,
timeout=DEFAULT_TIMEOUT_SECONDS,
Expand All @@ -426,7 +426,7 @@ def test_invite_batch(self):
send_sms=True,
)

del expectedUsers["users"][0]["password"]
del expected_users["users"][0]["password"]
mock_post.assert_called_with(
f"{common.DEFAULT_BASE_URL}{MgmtV1.user_create_batch_path}",
headers={
Expand All @@ -435,7 +435,7 @@ def test_invite_batch(self):
"x-descope-project-id": self.dummy_project_id,
},
params=None,
json=expectedUsers,
json=expected_users,
allow_redirects=False,
verify=True,
timeout=DEFAULT_TIMEOUT_SECONDS,
Expand Down Expand Up @@ -1056,8 +1056,8 @@ def test_search_all(self):
)
mock_post.return_value = network_resp
resp = self.client.mgmt.user.search_all(
tenant_role_ids={"tenant1": ["roleA", "roleB"]},
tenant_role_names={"tenant2": ["admin", "user"]},
tenant_role_ids={"tenant1": {"values": ["roleA", "roleB"], "and": True}},
tenant_role_names={"tenant2": {"values": ["admin", "user"], "and": False}},
)
users = resp["users"]
self.assertEqual(len(users), 2)
Expand All @@ -1078,8 +1078,8 @@ def test_search_all(self):
"page": 0,
"testUsersOnly": False,
"withTestUser": False,
"tenantRoleIds": {"tenant1": {"values": ["roleA", "roleB"]}},
"tenantRoleNames": {"tenant2": {"values": ["admin", "user"]}},
"tenantRoleIds": {"tenant1": {"values": ["roleA", "roleB"], "and": True}},
"tenantRoleNames": {"tenant2": {"values": ["admin", "user"], "and": False}},
},
allow_redirects=False,
verify=True,
Expand Down Expand Up @@ -1302,8 +1302,8 @@ def test_search_all_test_users(self):
)
mock_post.return_value = network_resp
resp = self.client.mgmt.user.search_all_test_users(
tenant_role_ids={"tenant1": ["roleA", "roleB"]},
tenant_role_names={"tenant2": ["admin", "user"]},
tenant_role_ids={"tenant1": {"values": ["roleA", "roleB"], "and": True}},
tenant_role_names={"tenant2": {"values": ["admin", "user"], "and": False}},
)
users = resp["users"]
self.assertEqual(len(users), 2)
Expand All @@ -1324,8 +1324,8 @@ def test_search_all_test_users(self):
"page": 0,
"testUsersOnly": True,
"withTestUser": True,
"tenantRoleIds": {"tenant1": {"values": ["roleA", "roleB"]}},
"tenantRoleNames": {"tenant2": {"values": ["admin", "user"]}},
"tenantRoleIds": {"tenant1": {"values": ["roleA", "roleB"], "and": True}},
"tenantRoleNames": {"tenant2": {"values": ["admin", "user"], "and": False}},
},
allow_redirects=False,
verify=True,
Expand Down
Loading