feat: add resource_type_slug to permissions, environment and organization roles

Author: csrbarber

src/workos/authorization.py

@@ -50,6 +50,7 @@ def create_permission(
         slug: str,
         name: str,
         description: Optional[str] = None,
+        resource_type_slug: Optional[str] = None,
     ) -> SyncOrAsync[Permission]: ...
 
     def list_permissions(
@@ -133,6 +134,7 @@ def create_environment_role(
         slug: str,
         name: str,
         description: Optional[str] = None,
+        resource_type_slug: Optional[str] = None,
     ) -> SyncOrAsync[EnvironmentRole]: ...
 
     def list_environment_roles(self) -> SyncOrAsync[EnvironmentRoleList]: ...
@@ -174,10 +176,13 @@ def create_permission(
         slug: str,
         name: str,
         description: Optional[str] = None,
+        resource_type_slug: Optional[str] = None,
     ) -> Permission:
         json: Dict[str, Any] = {"slug": slug, "name": name}
         if description is not None:
             json["description"] = description
+        if resource_type_slug is not None:
+            json["resource_type_slug"] = resource_type_slug
 
         response = self._http_client.request(
             AUTHORIZATION_PERMISSIONS_PATH,
@@ -359,10 +364,13 @@ def create_environment_role(
         slug: str,
         name: str,
         description: Optional[str] = None,
+        resource_type_slug: Optional[str] = None,
     ) -> EnvironmentRole:
         json: Dict[str, Any] = {"slug": slug, "name": name}
         if description is not None:
             json["description"] = description
+        if resource_type_slug is not None:
+            json["resource_type_slug"] = resource_type_slug
 
         response = self._http_client.request(
             "authorization/roles",
@@ -450,10 +458,13 @@ async def create_permission(
         slug: str,
         name: str,
         description: Optional[str] = None,
+        resource_type_slug: Optional[str] = None,
     ) -> Permission:
         json: Dict[str, Any] = {"slug": slug, "name": name}
         if description is not None:
             json["description"] = description
+        if resource_type_slug is not None:
+            json["resource_type_slug"] = resource_type_slug
 
         response = await self._http_client.request(
             AUTHORIZATION_PERMISSIONS_PATH,
@@ -635,10 +646,13 @@ async def create_environment_role(
         slug: str,
         name: str,
         description: Optional[str] = None,
+        resource_type_slug: Optional[str] = None,
     ) -> EnvironmentRole:
         json: Dict[str, Any] = {"slug": slug, "name": name}
         if description is not None:
             json["description"] = description
+        if resource_type_slug is not None:
+            json["resource_type_slug"] = resource_type_slug
 
         response = await self._http_client.request(
             "authorization/roles",

src/workos/types/authorization/environment_role.py

@@ -9,6 +9,7 @@ class EnvironmentRole(WorkOSModel):
     name: str
     slug: str
     description: Optional[str] = None
+    resource_type_slug: str
     permissions: Sequence[str]
     type: Literal["EnvironmentRole"]
     created_at: str

src/workos/types/authorization/organization_role.py

@@ -9,6 +9,7 @@ class OrganizationRole(WorkOSModel):
     name: str
     slug: str
     description: Optional[str] = None
+    resource_type_slug: str
     permissions: Sequence[str]
     type: Literal["OrganizationRole"]
     created_at: str

src/workos/types/authorization/permission.py

@@ -9,6 +9,7 @@ class Permission(WorkOSModel):
     slug: str
     name: str
     description: Optional[str] = None
+    resource_type_slug: str
     system: bool
     created_at: str
     updated_at: str

tests/test_authorization.py

@@ -53,13 +53,35 @@ def test_create_permission(
 
         assert permission.id == "perm_01ABC"
         assert permission.slug == "documents:read"
+        assert permission.resource_type_slug == "organization"
         assert request_kwargs["method"] == "post"
         assert request_kwargs["url"].endswith("/authorization/permissions")
         assert request_kwargs["json"] == {
             "slug": "documents:read",
             "name": "Read Documents",
         }
 
+    def test_create_permission_with_resource_type_slug(
+        self, mock_permission, capture_and_mock_http_client_request
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client, mock_permission, 201
+        )
+
+        syncify(
+            self.authorization.create_permission(
+                slug="documents:read",
+                name="Read Documents",
+                resource_type_slug="project",
+            )
+        )
+
+        assert request_kwargs["json"] == {
+            "slug": "documents:read",
+            "name": "Read Documents",
+            "resource_type_slug": "project",
+        }
+
     def test_create_permission_with_description(
         self, mock_permission, capture_and_mock_http_client_request
     ):
@@ -205,6 +227,7 @@ def test_create_organization_role(
 
         assert role.id == "role_01ABC"
         assert role.type == "OrganizationRole"
+        assert role.resource_type_slug == "organization"
         assert request_kwargs["method"] == "post"
         assert request_kwargs["url"].endswith(
             "/authorization/organizations/org_01EHT88Z8J8795GZNQ4ZP1J81T/roles"
@@ -366,10 +389,32 @@ def test_create_environment_role(
 
         assert role.id == "role_01DEF"
         assert role.type == "EnvironmentRole"
+        assert role.resource_type_slug == "organization"
         assert request_kwargs["method"] == "post"
         assert request_kwargs["url"].endswith("/authorization/roles")
         assert request_kwargs["json"] == {"slug": "member", "name": "Member"}
 
+    def test_create_environment_role_with_resource_type_slug(
+        self, mock_environment_role, capture_and_mock_http_client_request
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client, mock_environment_role, 201
+        )
+
+        syncify(
+            self.authorization.create_environment_role(
+                slug="member",
+                name="Member",
+                resource_type_slug="project",
+            )
+        )
+
+        assert request_kwargs["json"] == {
+            "slug": "member",
+            "name": "Member",
+            "resource_type_slug": "project",
+        }
+
     def test_list_environment_roles(
         self, mock_environment_roles, capture_and_mock_http_client_request
     ):

tests/utils/fixtures/mock_environment_role.py

@@ -12,6 +12,7 @@ def __init__(self, id: str):
             name="Member",
             slug="member",
             description="Default environment member role",
+            resource_type_slug="organization",
             permissions=["documents:read"],
             type="EnvironmentRole",
             created_at=now,

tests/utils/fixtures/mock_organization_role.py

@@ -17,6 +17,7 @@ def __init__(
             name="Admin",
             slug="admin",
             description="Organization admin role",
+            resource_type_slug="organization",
             permissions=["documents:read", "documents:write"],
             type="OrganizationRole",
             created_at=now,

tests/utils/fixtures/mock_permission.py

@@ -12,6 +12,7 @@ def __init__(self, id: str, slug: str = "documents:read"):
             slug=slug,
             name="Read Documents",
             description="Allows reading documents",
+            resource_type_slug="organization",
             system=False,
             created_at=now,
             updated_at=now,