Skip to content

Add permissions to Role #382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nholden merged 1 commit into from
Jul 3, 2025
+202 −9
Merged

Add permissions to Role #382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion lib/workos/organizations.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,14 @@ def delete_organization(id:)

# Retrieve a list of roles for the given organization.
#
# @param [String] organizationId The ID of the organization to fetch roles for.
# @param [String] organization_id The ID of the organization to fetch roles for.
#
# @example
# WorkOS::Organizations.list_organization_roles(organization_id: 'org_01EHZNVPK3SFK441A1RGBFSHRT')
# => #<WorkOS::Types::ListStruct data=[#<WorkOS::Role id="role_123" name="Admin" slug="admin"
# permissions=["admin:all"] ...>] ...>
#
# @return [WorkOS::Types::ListStruct] - Collection of Role objects, each including permissions array
def list_organization_roles(organization_id:)
response = execute_request(
request: get_request(
Expand Down
4 changes: 3 additions & 1 deletion lib/workos/role.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ module WorkOS
class Role
include HashProvider

attr_accessor :id, :name, :slug, :description, :type, :created_at, :updated_at
attr_accessor :id, :name, :slug, :description, :permissions, :type, :created_at, :updated_at

def initialize(json)
hash = JSON.parse(json, symbolize_names: true)
Expand All @@ -16,6 +16,7 @@ def initialize(json)
@name = hash[:name]
@slug = hash[:slug]
@description = hash[:description]
@permissions = hash[:permissions] || []
@type = hash[:type]
@created_at = hash[:created_at]
@updated_at = hash[:updated_at]
Expand All @@ -27,6 +28,7 @@ def to_json(*)
name: name,
slug: slug,
description: description,
permissions: permissions,
type: type,
created_at: created_at,
updated_at: updated_at,
Expand Down
42 changes: 42 additions & 0 deletions spec/lib/workos/organizations_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,48 @@
expect(roles.list_metadata).to eq(expected_metadata)
end
end

it 'returns properly initialized Role objects with all attributes' do
VCR.use_cassette 'organization/list_organization_roles' do
roles = described_class.list_organization_roles(organization_id: 'org_01JEXP6Z3X7HE4CB6WQSH9ZAFE')

first_role = roles.data.first
expect(first_role).to be_a(WorkOS::Role)
expect(first_role.id).to eq('role_01HS1C7GRJE08PBR3M6Y0ZYGDZ')
expect(first_role.name).to eq('Admin')
expect(first_role.slug).to eq('admin')
expect(first_role.description).to eq('Write access to every resource available')
expect(first_role.permissions).to eq(['admin:all', 'read:users', 'write:users', 'manage:roles'])
expect(first_role.type).to eq('EnvironmentRole')
expect(first_role.created_at).to eq('2024-03-15T15:38:29.521Z')
expect(first_role.updated_at).to eq('2024-11-14T17:08:00.556Z')
end
end

it 'handles roles with empty permissions arrays' do
VCR.use_cassette 'organization/list_organization_roles' do
roles = described_class.list_organization_roles(organization_id: 'org_01JEXP6Z3X7HE4CB6WQSH9ZAFE')

platform_manager_role = roles.data.find { |role| role.slug == 'org-platform-manager' }
expect(platform_manager_role).to be_a(WorkOS::Role)
expect(platform_manager_role.permissions).to eq([])
end
end

it 'properly serializes Role objects including permissions' do
VCR.use_cassette 'organization/list_organization_roles' do
roles = described_class.list_organization_roles(organization_id: 'org_01JEXP6Z3X7HE4CB6WQSH9ZAFE')

billing_role = roles.data.find { |role| role.slug == 'billing' }
serialized = billing_role.to_json
Copy link

@greptile-apps greptile-apps bot Jul 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: .to_json returns a JSON string, but test expects a hash. Should be testing against billing_role.as_json or parsing the JSON string first

Suggested change
serialized = billing_role.to_json
serialized = billing_role.as_json

Copy link
Member

@nholden nholden Jul 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to_json returns a hash. We do things a little different around here. 🤠


expect(serialized[:id]).to eq('role_01JA8GJZRDSZEB9289DQXJ3N9Z')
expect(serialized[:name]).to eq('Billing Manager')
expect(serialized[:slug]).to eq('billing')
expect(serialized[:permissions]).to eq(['read:billing', 'write:billing'])
expect(serialized[:type]).to eq('EnvironmentRole')
end
end
end
end
end
142 changes: 142 additions & 0 deletions spec/lib/workos/role_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
# frozen_string_literal: true

describe WorkOS::Role do
describe '.initialize' do
context 'with full role data including permissions' do
it 'initializes all attributes correctly' do
role_json = {
id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
name: 'Admin',
slug: 'admin',
description: 'Administrator role with full access',
permissions: ['read:users', 'write:users', 'admin:all'],
type: 'system',
created_at: '2022-05-13T17:45:31.732Z',
updated_at: '2022-07-13T17:45:42.618Z',
}.to_json

role = described_class.new(role_json)

expect(role.id).to eq('role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY')
expect(role.name).to eq('Admin')
expect(role.slug).to eq('admin')
expect(role.description).to eq('Administrator role with full access')
expect(role.permissions).to eq(['read:users', 'write:users', 'admin:all'])
expect(role.type).to eq('system')
expect(role.created_at).to eq('2022-05-13T17:45:31.732Z')
expect(role.updated_at).to eq('2022-07-13T17:45:42.618Z')
end
end

context 'with role data without permissions' do
it 'initializes permissions as empty array' do
role_json = {
id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
name: 'User',
slug: 'user',
description: 'Basic user role',
type: 'custom',
created_at: '2022-05-13T17:45:31.732Z',
updated_at: '2022-07-13T17:45:42.618Z',
}.to_json

role = described_class.new(role_json)

expect(role.id).to eq('role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY')
expect(role.name).to eq('User')
expect(role.slug).to eq('user')
expect(role.description).to eq('Basic user role')
expect(role.permissions).to eq([])
expect(role.type).to eq('custom')
expect(role.created_at).to eq('2022-05-13T17:45:31.732Z')
expect(role.updated_at).to eq('2022-07-13T17:45:42.618Z')
end
end

context 'with role data with null permissions' do
it 'initializes permissions as empty array' do
role_json = {
id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
name: 'User',
slug: 'user',
description: 'Basic user role',
permissions: nil,
type: 'custom',
created_at: '2022-05-13T17:45:31.732Z',
updated_at: '2022-07-13T17:45:42.618Z',
}.to_json

role = described_class.new(role_json)

expect(role.permissions).to eq([])
end
end

context 'with role data with empty permissions array' do
it 'preserves empty permissions array' do
role_json = {
id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
name: 'User',
slug: 'user',
description: 'Basic user role',
permissions: [],
type: 'custom',
created_at: '2022-05-13T17:45:31.732Z',
updated_at: '2022-07-13T17:45:42.618Z',
}.to_json

role = described_class.new(role_json)

expect(role.permissions).to eq([])
end
end
end

describe '.to_json' do
context 'with role that has permissions' do
it 'includes permissions in serialized output' do
role_json = {
id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
name: 'Admin',
slug: 'admin',
description: 'Administrator role',
permissions: ['read:all', 'write:all'],
type: 'system',
created_at: '2022-05-13T17:45:31.732Z',
updated_at: '2022-07-13T17:45:42.618Z',
}.to_json

role = described_class.new(role_json)
serialized = role.to_json

expect(serialized[:id]).to eq('role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY')
expect(serialized[:name]).to eq('Admin')
expect(serialized[:slug]).to eq('admin')
expect(serialized[:description]).to eq('Administrator role')
expect(serialized[:permissions]).to eq(['read:all', 'write:all'])
expect(serialized[:type]).to eq('system')
expect(serialized[:created_at]).to eq('2022-05-13T17:45:31.732Z')
expect(serialized[:updated_at]).to eq('2022-07-13T17:45:42.618Z')
end
end

context 'with role that has no permissions' do
it 'includes empty permissions array in serialized output' do
role_json = {
id: 'role_01FAEAJCJ3P1Z6WP5Y9VQPN2XY',
name: 'User',
slug: 'user',
description: 'Basic user role',
type: 'custom',
created_at: '2022-05-13T17:45:31.732Z',
updated_at: '2022-07-13T17:45:42.618Z',
}.to_json

role = described_class.new(role_json)
serialized = role.to_json

expect(serialized[:permissions]).to eq([])
end
end
end
end
14 changes: 7 additions & 7 deletions spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.