Skip to content

Commit 31fb41d

Browse files
csrbarberclaudegjtorikian
authored
feat: Add RBAC environment roles API support (#338)
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Garen J. Torikian <gjtorikian@users.noreply.github.com>
1 parent dd7dca2 commit 31fb41d

5 files changed

Lines changed: 809 additions & 11 deletions

File tree

lib/RBAC.php

Lines changed: 364 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ public function createPermission(
5353
*
5454
* @throws Exception\WorkOSException
5555
*
56-
* @return array{?string, ?string, Resource\Permission[]}
56+
* @return Resource\PaginatedResource
5757
*/
5858
public function listPermissions(
5959
int $limit = self::DEFAULT_PAGE_SIZE,
@@ -72,13 +72,7 @@ public function listPermissions(
7272

7373
$response = Client::request(Client::METHOD_GET, $path, null, $params, true);
7474

75-
$permissions = [];
76-
list($before, $after) = Util\Request::parsePaginationArgs($response);
77-
foreach ($response["data"] as $responseData) {
78-
\array_push($permissions, Resource\Permission::constructFromResponse($responseData));
79-
}
80-
81-
return [$before, $after, $permissions];
75+
return Resource\PaginatedResource::constructFromResponse($response, Resource\Permission::class, 'permissions');
8276
}
8377

8478
/**
@@ -148,4 +142,366 @@ public function deletePermission(string $slug)
148142

149143
return $response;
150144
}
145+
146+
/**
147+
* Create an Environment Role.
148+
*
149+
* @param string $slug The slug of the Role
150+
* @param string $name The name of the Role
151+
* @param null|string $description The description of the Role
152+
* @param null|string $resourceTypeSlug The resource type slug of the Role
153+
*
154+
* @throws Exception\WorkOSException
155+
*
156+
* @return Resource\Role
157+
*/
158+
public function createEnvironmentRole(
159+
string $slug,
160+
string $name,
161+
?string $description = null,
162+
?string $resourceTypeSlug = null
163+
) {
164+
$path = "authorization/roles";
165+
166+
$params = [
167+
"slug" => $slug,
168+
"name" => $name,
169+
];
170+
171+
if (isset($description)) {
172+
$params["description"] = $description;
173+
}
174+
if (isset($resourceTypeSlug)) {
175+
$params["resource_type_slug"] = $resourceTypeSlug;
176+
}
177+
178+
$response = Client::request(Client::METHOD_POST, $path, null, $params, true);
179+
180+
return Resource\Role::constructFromResponse($response);
181+
}
182+
183+
/**
184+
* List Environment Roles.
185+
*
186+
* @param int $limit Maximum number of records to return
187+
* @param null|string $before Role ID to look before
188+
* @param null|string $after Role ID to look after
189+
* @param null|string $order The order in which to paginate records
190+
*
191+
* @throws Exception\WorkOSException
192+
*
193+
* @return Resource\PaginatedResource
194+
*/
195+
public function listEnvironmentRoles(
196+
int $limit = self::DEFAULT_PAGE_SIZE,
197+
?string $before = null,
198+
?string $after = null,
199+
?string $order = null
200+
) {
201+
$path = "authorization/roles";
202+
203+
$params = [
204+
"limit" => $limit,
205+
"before" => $before,
206+
"after" => $after,
207+
"order" => $order,
208+
];
209+
210+
$response = Client::request(Client::METHOD_GET, $path, null, $params, true);
211+
212+
return Resource\PaginatedResource::constructFromResponse($response, Resource\Role::class, 'roles');
213+
}
214+
215+
/**
216+
* Get an Environment Role.
217+
*
218+
* @param string $slug The slug of the Role
219+
*
220+
* @throws Exception\WorkOSException
221+
*
222+
* @return Resource\Role
223+
*/
224+
public function getEnvironmentRole(string $slug)
225+
{
226+
$path = "authorization/roles/{$slug}";
227+
228+
$response = Client::request(Client::METHOD_GET, $path, null, null, true);
229+
230+
return Resource\Role::constructFromResponse($response);
231+
}
232+
233+
/**
234+
* Update an Environment Role.
235+
*
236+
* @param string $slug The slug of the Role to update
237+
* @param null|string $name The updated name of the Role
238+
* @param null|string $description The updated description of the Role
239+
*
240+
* @throws Exception\WorkOSException
241+
*
242+
* @return Resource\Role
243+
*/
244+
public function updateEnvironmentRole(
245+
string $slug,
246+
?string $name = null,
247+
?string $description = null
248+
) {
249+
$path = "authorization/roles/{$slug}";
250+
251+
$params = [];
252+
253+
if (isset($name)) {
254+
$params["name"] = $name;
255+
}
256+
if (isset($description)) {
257+
$params["description"] = $description;
258+
}
259+
260+
$response = Client::request(Client::METHOD_PATCH, $path, null, $params, true);
261+
262+
return Resource\Role::constructFromResponse($response);
263+
}
264+
265+
/**
266+
* Set permissions for an Environment Role.
267+
*
268+
* @param string $slug The slug of the Role
269+
* @param array<string> $permissions The permission slugs to set on the Role
270+
*
271+
* @throws Exception\WorkOSException
272+
*
273+
* @return Resource\Role
274+
*/
275+
public function setEnvironmentRolePermissions(string $slug, array $permissions)
276+
{
277+
$path = "authorization/roles/{$slug}/permissions";
278+
279+
$params = [
280+
"permissions" => $permissions,
281+
];
282+
283+
$response = Client::request(Client::METHOD_PUT, $path, null, $params, true);
284+
285+
return Resource\Role::constructFromResponse($response);
286+
}
287+
288+
/**
289+
* Add a permission to an Environment Role.
290+
*
291+
* @param string $roleSlug The slug of the Role
292+
* @param string $permissionSlug The slug of the Permission to add
293+
*
294+
* @throws Exception\WorkOSException
295+
*
296+
* @return Resource\Role
297+
*/
298+
public function addEnvironmentRolePermission(string $roleSlug, string $permissionSlug)
299+
{
300+
$path = "authorization/roles/{$roleSlug}/permissions";
301+
302+
$params = [
303+
"slug" => $permissionSlug,
304+
];
305+
306+
$response = Client::request(Client::METHOD_POST, $path, null, $params, true);
307+
308+
return Resource\Role::constructFromResponse($response);
309+
}
310+
311+
/**
312+
* Create an Organization Role.
313+
*
314+
* @param string $organizationId WorkOS Organization ID
315+
* @param string $slug The slug of the Role
316+
* @param string $name The name of the Role
317+
* @param null|string $description The description of the Role
318+
*
319+
* @throws Exception\WorkOSException
320+
*
321+
* @return Resource\Role
322+
*/
323+
public function createOrganizationRole(
324+
string $organizationId,
325+
string $slug,
326+
string $name,
327+
?string $description = null
328+
) {
329+
$path = "authorization/organizations/{$organizationId}/roles";
330+
331+
$params = [
332+
"slug" => $slug,
333+
"name" => $name,
334+
];
335+
336+
if (isset($description)) {
337+
$params["description"] = $description;
338+
}
339+
340+
$response = Client::request(Client::METHOD_POST, $path, null, $params, true);
341+
342+
return Resource\Role::constructFromResponse($response);
343+
}
344+
345+
/**
346+
* List Organization Roles.
347+
*
348+
* @param string $organizationId WorkOS Organization ID
349+
*
350+
* @throws Exception\WorkOSException
351+
*
352+
* @return Resource\Role[]
353+
*/
354+
public function listOrganizationRoles(string $organizationId)
355+
{
356+
$path = "authorization/organizations/{$organizationId}/roles";
357+
358+
$response = Client::request(Client::METHOD_GET, $path, null, null, true);
359+
360+
$roles = [];
361+
foreach ($response["data"] as $responseData) {
362+
\array_push($roles, Resource\Role::constructFromResponse($responseData));
363+
}
364+
365+
return $roles;
366+
}
367+
368+
/**
369+
* Get an Organization Role.
370+
*
371+
* @param string $organizationId WorkOS Organization ID
372+
* @param string $slug The slug of the Role
373+
*
374+
* @throws Exception\WorkOSException
375+
*
376+
* @return Resource\Role
377+
*/
378+
public function getOrganizationRole(string $organizationId, string $slug)
379+
{
380+
$path = "authorization/organizations/{$organizationId}/roles/{$slug}";
381+
382+
$response = Client::request(Client::METHOD_GET, $path, null, null, true);
383+
384+
return Resource\Role::constructFromResponse($response);
385+
}
386+
387+
/**
388+
* Update an Organization Role.
389+
*
390+
* @param string $organizationId WorkOS Organization ID
391+
* @param string $slug The slug of the Role to update
392+
* @param null|string $name The updated name of the Role
393+
* @param null|string $description The updated description of the Role
394+
*
395+
* @throws Exception\WorkOSException
396+
*
397+
* @return Resource\Role
398+
*/
399+
public function updateOrganizationRole(
400+
string $organizationId,
401+
string $slug,
402+
?string $name = null,
403+
?string $description = null
404+
) {
405+
$path = "authorization/organizations/{$organizationId}/roles/{$slug}";
406+
407+
$params = [];
408+
409+
if (isset($name)) {
410+
$params["name"] = $name;
411+
}
412+
if (isset($description)) {
413+
$params["description"] = $description;
414+
}
415+
416+
$response = Client::request(Client::METHOD_PATCH, $path, null, $params, true);
417+
418+
return Resource\Role::constructFromResponse($response);
419+
}
420+
421+
/**
422+
* Delete an Organization Role.
423+
*
424+
* @param string $organizationId WorkOS Organization ID
425+
* @param string $slug The slug of the Role to delete
426+
*
427+
* @throws Exception\WorkOSException
428+
*
429+
* @return array
430+
*/
431+
public function deleteOrganizationRole(string $organizationId, string $slug)
432+
{
433+
$path = "authorization/organizations/{$organizationId}/roles/{$slug}";
434+
435+
$response = Client::request(Client::METHOD_DELETE, $path, null, null, true);
436+
437+
return $response;
438+
}
439+
440+
/**
441+
* Set permissions for an Organization Role.
442+
*
443+
* @param string $organizationId WorkOS Organization ID
444+
* @param string $slug The slug of the Role
445+
* @param array<string> $permissions The permission slugs to set on the Role
446+
*
447+
* @throws Exception\WorkOSException
448+
*
449+
* @return Resource\Role
450+
*/
451+
public function setOrganizationRolePermissions(string $organizationId, string $slug, array $permissions)
452+
{
453+
$path = "authorization/organizations/{$organizationId}/roles/{$slug}/permissions";
454+
455+
$params = [
456+
"permissions" => $permissions,
457+
];
458+
459+
$response = Client::request(Client::METHOD_PUT, $path, null, $params, true);
460+
461+
return Resource\Role::constructFromResponse($response);
462+
}
463+
464+
/**
465+
* Add a permission to an Organization Role.
466+
*
467+
* @param string $organizationId WorkOS Organization ID
468+
* @param string $roleSlug The slug of the Role
469+
* @param string $permissionSlug The slug of the Permission to add
470+
*
471+
* @throws Exception\WorkOSException
472+
*
473+
* @return Resource\Role
474+
*/
475+
public function addOrganizationRolePermission(string $organizationId, string $roleSlug, string $permissionSlug)
476+
{
477+
$path = "authorization/organizations/{$organizationId}/roles/{$roleSlug}/permissions";
478+
479+
$params = [
480+
"slug" => $permissionSlug,
481+
];
482+
483+
$response = Client::request(Client::METHOD_POST, $path, null, $params, true);
484+
485+
return Resource\Role::constructFromResponse($response);
486+
}
487+
488+
/**
489+
* Remove a permission from an Organization Role.
490+
*
491+
* @param string $organizationId WorkOS Organization ID
492+
* @param string $roleSlug The slug of the Role
493+
* @param string $permissionSlug The slug of the Permission to remove
494+
*
495+
* @throws Exception\WorkOSException
496+
*
497+
* @return array
498+
*/
499+
public function removeOrganizationRolePermission(string $organizationId, string $roleSlug, string $permissionSlug)
500+
{
501+
$path = "authorization/organizations/{$organizationId}/roles/{$roleSlug}/permissions/{$permissionSlug}";
502+
503+
$response = Client::request(Client::METHOD_DELETE, $path, null, null, true);
504+
505+
return $response;
506+
}
151507
}

0 commit comments

Comments
 (0)