Merge pull request #49 from PropelAuth/feat/role_mappings

support for custom role to permissions mappings

propelauth_py/__init__.py

@@ -25,10 +25,12 @@
     _invite_user_to_org,
 )
 from propelauth_py.api.org import (
+    _fetch_custom_role_mappings,
     _fetch_org,
     _fetch_org_by_query,
     _create_org,
     _remove_user_from_org,
+    _subscribe_org_to_role_mapping,
     _update_org_metadata,
     _add_user_to_org,
     _allow_org_to_setup_saml_connection,
@@ -108,6 +110,7 @@
         "fetch_batch_user_metadata_by_usernames",
         "fetch_org",
         "fetch_org_by_query",
+        "fetch_custom_role_mappings",
         "fetch_users_by_query",
         "fetch_users_in_org",
         "create_user",
@@ -122,6 +125,7 @@
         "create_org",
         "delete_org",
         "update_org_metadata",
+        "subscribe_org_to_role_mapping",
         "add_user_to_org",
         "change_user_role_in_org",
         "remove_user_from_org",
@@ -206,6 +210,12 @@ def fetch_org_by_query(
             order_by,
             name,
         )
+
+    def fetch_custom_role_mappings():
+        return _fetch_custom_role_mappings(
+            auth_url,
+            integration_api_key,
+        )
 
     def fetch_users_by_query(
         page_size=10,
@@ -375,6 +385,7 @@ def create_org(
         members_must_have_matching_domain=False,
         domain=None,
         max_users=None,
+        custom_role_mapping_name=None,
     ):
         return _create_org(
             auth_url,
@@ -384,6 +395,7 @@ def create_org(
             members_must_have_matching_domain,
             domain,
             max_users,
+            custom_role_mapping_name,
         )
 
     def update_org_metadata(
@@ -408,6 +420,14 @@ def update_org_metadata(
             members_must_have_email_domain_match=members_must_have_email_domain_match,
             domain=domain,
         )
+
+    def subscribe_org_to_role_mapping(org_id, custom_role_mapping_name):
+        return _subscribe_org_to_role_mapping(
+            auth_url,
+            integration_api_key,
+            org_id,
+            custom_role_mapping_name,
+        )
 
     def delete_org(org_id):
         return _delete_org(auth_url, integration_api_key, org_id)
@@ -573,6 +593,7 @@ def validate_api_key(api_key_token):
         fetch_batch_user_metadata_by_usernames=fetch_batch_user_metadata_by_usernames,
         fetch_org=fetch_org,
         fetch_org_by_query=fetch_org_by_query,
+        fetch_custom_role_mappings=fetch_custom_role_mappings,
         fetch_users_by_query=fetch_users_by_query,
         fetch_users_in_org=fetch_users_in_org,
         create_user=create_user,
@@ -587,6 +608,7 @@ def validate_api_key(api_key_token):
         create_org=create_org,
         delete_org=delete_org,
         update_org_metadata=update_org_metadata,
+        subscribe_org_to_role_mapping=subscribe_org_to_role_mapping,
         add_user_to_org=add_user_to_org,
         change_user_role_in_org=change_user_role_in_org,
         remove_user_from_org=remove_user_from_org,

propelauth_py/api/org.py

@@ -62,6 +62,22 @@ def _fetch_org_by_query(
 
     return response.json()
 
+def _fetch_custom_role_mappings(auth_url, integration_api_key):
+    url = auth_url + "/api/backend/v1/custom_role_mappings"
+    response = requests.get(url, auth=_ApiKeyAuth(integration_api_key))
+    if response.status_code == 401:
+        raise ValueError("integration_api_key is incorrect")
+    elif response.status_code == 426:
+        raise RuntimeError(
+            "Cannot use organizations unless B2B support is enabled. Enable it in your PropelAuth "
+            "dashboard."
+        )
+    elif not response.ok:
+        raise RuntimeError("Unknown error when fetching org")
+
+    return response.json()
+
+
 
 ####################
 #       POST       #
@@ -74,6 +90,7 @@ def _create_org(
     members_must_have_matching_domain=False,
     domain=None,
     max_users=None,
+    custom_role_mapping_name=None,
 ):
     url = auth_url + f"{ENDPOINT_PATH}/"
     json = {
@@ -85,6 +102,8 @@ def _create_org(
         json["domain"] = domain
     if max_users is not None:
         json["max_users"] = max_users
+    if custom_role_mapping_name is not None:
+        json["custom_role_mapping_name"] = custom_role_mapping_name
 
     response = requests.post(url, json=json, auth=_ApiKeyAuth(integration_api_key))
     if response.status_code == 401:
@@ -227,6 +246,32 @@ def _update_org_metadata(
 
     return True
 
+def _subscribe_org_to_role_mapping(
+    auth_url,
+    integration_api_key,
+    org_id,
+    custom_role_mapping_name,
+):
+    if not _is_valid_id(org_id):
+        return False
+
+    url = auth_url + f"{ENDPOINT_PATH}/{org_id}"
+    json = {
+        "custom_role_mapping_name": custom_role_mapping_name,
+    }
+
+    response = requests.put(url, json=json, auth=_ApiKeyAuth(integration_api_key))
+    if response.status_code == 401:
+        raise ValueError("integration_api_key is incorrect")
+    elif response.status_code == 400:
+        raise UpdateUserMetadataException(response.json())
+    elif response.status_code == 404:
+        return False
+    elif not response.ok:
+        raise RuntimeError("Unknown error when subscribing an org to a custom role mapping")
+
+    return True
+
 
 ####################
 #      DELETE      #

tests/test_init_base_auth.py

@@ -25,11 +25,13 @@
     _invite_user_to_org,
 )
 from propelauth_py.api.org import (
+    _fetch_custom_role_mappings,
     _fetch_org,
     _fetch_org_by_query,
     _create_org,
     _remove_user_from_org,
     _update_org_metadata,
+    _subscribe_org_to_role_mapping,
     _add_user_to_org,
     _allow_org_to_setup_saml_connection,
     _disallow_org_to_setup_saml_connection,
@@ -76,9 +78,11 @@
     _validate_personal_api_key,
     _fetch_org,
     _fetch_org_by_query,
+    _fetch_custom_role_mappings,
     _create_org,
     _remove_user_from_org,
     _update_org_metadata,
+    _subscribe_org_to_role_mapping,
     _add_user_to_org,
     _allow_org_to_setup_saml_connection,
     _disallow_org_to_setup_saml_connection,