Skip to content

feat: Add resource_type_slug to createOrganizationRole to create resource-scoped custom roles#607

Open
atainter wants to merge 1 commit intomainfrom
at-add-custom-fga-role-support
Open

feat: Add resource_type_slug to createOrganizationRole to create resource-scoped custom roles#607
atainter wants to merge 1 commit intomainfrom
at-add-custom-fga-role-support

Conversation

@atainter
Copy link
Copy Markdown
Contributor

@atainter atainter commented Apr 10, 2026

Also makes permission slug optional. If omitted, the service will create auto-generated slugs

@atainter atainter requested review from a team as code owners April 10, 2026 23:09
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Apr 10, 2026

Greptile Summary

This PR adds resource_type_slug as an optional parameter to create_organization_role in both Authorization (sync) and AsyncAuthorization (async) classes, and makes the existing slug parameter optional so the backend can auto-generate it. Changes are applied consistently to the AuthorizationModule Protocol, both concrete implementations, and new tests cover both new behaviours.

Confidence Score: 5/5

Safe to merge — changes are minimal, consistent across sync/async implementations and Protocol, and well-tested.

Both parameters are purely additive and optional, backward compatibility is preserved, the Protocol and both concrete classes are updated in lockstep, and the new tests cover the new behaviour under the sync_and_async marker.

No files require special attention.

Important Files Changed

Filename Overview
src/workos/authorization.py Protocol, sync Authorization, and async AsyncAuthorization all updated consistently: slug made optional, resource_type_slug added as optional, and JSON payload construction updated with conditional inclusion.
tests/test_authorization.py Two new test cases added: one for calling without a slug, one for calling with resource_type_slug. Both run under the existing @pytest.mark.sync_and_async class decorator, so both sync and async paths are covered.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant Authorization
    participant HTTPClient
    participant WorkOSAPI

    Caller->>Authorization: create_organization_role(org_id, name, slug?, resource_type_slug?)
    Note over Authorization: Build JSON body:<br/>name (always)<br/>slug (if provided)<br/>description (if provided)<br/>resource_type_slug (if provided)
    Authorization->>HTTPClient: POST /authorization/organizations/{org_id}/roles
    HTTPClient->>WorkOSAPI: HTTP POST with JSON body
    WorkOSAPI-->>HTTPClient: 201 OrganizationRole JSON
    HTTPClient-->>Authorization: response dict
    Authorization-->>Caller: OrganizationRole model
Loading

Reviews (1): Last reviewed commit: "feat: Add resource_type_slug to createOr..." | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonatascastro12 jonatascastro12 Awaiting requested review from jonatascastro12 jonatascastro12 is a code owner automatically assigned from workos/python

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@atainter