FGA_BASE: adding base types and module registraiton#556
FGA_BASE: adding base types and module registraiton#556swaroopAkkineniWorkos wants to merge 20 commits intomainfrom
Conversation
swaroopAkkineniWorkos
changed the title
|
@greptile review |
Greptile SummaryAdded foundational types and HTTP client support for the FGA (Fine-Grained Authorization) base module. This PR introduces four new authorization type models ( Key changes:
Confidence Score: 5/5
Important Files Changed
Class Diagram%%{init: {'theme': 'neutral'}}%%
classDiagram
class WorkOSModel {
<<BaseModel>>
}
class Resource {
+string object
+string id
+string external_id
+string name
+Optional~string~ description
+string resource_type_slug
+string organization_id
+Optional~string~ parent_resource_id
+string created_at
+string updated_at
}
class RoleAssignment {
+string object
+string id
+RoleAssignmentRole role
+RoleAssignmentResource resource
+string created_at
+string updated_at
}
class RoleAssignmentRole {
+string slug
}
class RoleAssignmentResource {
+string id
+string external_id
+string resource_type_slug
}
class AccessEvaluation {
+bool authorized
}
class AuthorizationOrganizationMembership {
+string object
+string id
+string user_id
+string organization_id
+string organization_name
+OrganizationMembershipStatus status
+Optional~Mapping~ custom_attributes
+string created_at
+string updated_at
}
WorkOSModel <|-- Resource
WorkOSModel <|-- RoleAssignment
WorkOSModel <|-- RoleAssignmentRole
WorkOSModel <|-- RoleAssignmentResource
WorkOSModel <|-- AccessEvaluation
WorkOSModel <|-- AuthorizationOrganizationMembership
RoleAssignment --> RoleAssignmentRole
RoleAssignment --> RoleAssignmentResource
Last reviewed commit: a5823c6 |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| from workos.types.workos_model import WorkOSModel | ||
| from workos.typing.literals import LiteralOrUntyped | ||
|
|
||
| OrganizationMembershipStatus = Literal["active", "inactive", "pending"] |
There was a problem hiding this comment.
Duplicated OrganizationMembershipStatus literal
This exact same Literal["active", "inactive", "pending"] type alias is already defined in src/workos/types/user_management/organization_membership.py:7. Consider importing from a shared location or re-exporting from one module to the other to avoid the definitions drifting apart over time.
There was a problem hiding this comment.
Just pushed up a change where I moved "OrganizationMembershipStatus" to it's own file to be imported
|
Change branch name before merging |
| headers: HeadersType = None, | ||
| exclude_default_auth_headers: bool = False, | ||
| force_include_body: bool = False, | ||
| exclude_none: bool = True, |
There was a problem hiding this comment.
Should we add docstring for this argument?
src/workos/authorization.py
Outdated
| if cascade_delete is not None: | ||
| await self._http_client.delete_with_body( | ||
| f"{AUTHORIZATION_RESOURCES_PATH}/{resource_id}", | ||
| json={"cascade_delete": cascade_delete}, |
There was a problem hiding this comment.
This adds cascade_delete to the body, but I believe it should be passed as a query param instead. Which is what delete_resource_by_external_id does here
src/workos/authorization.py
Outdated
| if description is not None: | ||
| json["description"] = description |
There was a problem hiding this comment.
Does description here need the same treatment as in update_resource?
|
|
||
| # --- create_resource --- | ||
|
|
||
| def test_create_resource_required_fields_only( |
There was a problem hiding this comment.
Should we update this test since parent isn't a required field?
| id: str | ||
| user_id: str | ||
| organization_id: str | ||
| organization_name: str |
There was a problem hiding this comment.
It looks like we don't include organization_name in the responses where this gets used. For instance listOrganizationMembershipsForResource calls serializeBase, which doesn't include organization_name.
| from workos.types.workos_model import WorkOSModel | ||
|
|
||
|
|
||
| class AccessEvaluation(WorkOSModel): |
There was a problem hiding this comment.
Why not just call this a CheckResponse?
| from workos.typing.literals import LiteralOrUntyped | ||
|
|
||
|
|
||
| class AuthorizationOrganizationMembership(WorkOSModel): |
There was a problem hiding this comment.
Is there a type in the organization memberships package that we can reuse?
There was a problem hiding this comment.
For instance create a base type like we did for the node package
| organization_id: str | ||
| organization_name: str | ||
| status: LiteralOrUntyped[OrganizationMembershipStatus] | ||
| custom_attributes: Optional[Mapping[str, Any]] = None |
There was a problem hiding this comment.
authz doesn't return custom attributes
There was a problem hiding this comment.
i included it because it's on the UserlandUserOrganizationMembershipBase object that gets returned here https://github.com/workos/workos/blob/61dd6210464228608b3f0013993ed6279051fa73/packages/api/src/authorization-resources/authorization-resources.controller.ts#L432
| @@ -0,0 +1,3 @@ | |||
| from typing import Literal | |||
|
|
|||
| OrganizationMembershipStatus = Literal["active", "inactive", "pending"] | |||
There was a problem hiding this comment.
It's risky to duplicate this if it already exists in another package. Could drift from the other types.
There was a problem hiding this comment.
I actually broke it out out organization_membership.py into it's own file so it could be imported as the single source of truth
src/workos/authorization.py
Outdated
| if cascade_delete is not None: | ||
| self._http_client.delete_with_body( | ||
| f"{AUTHORIZATION_RESOURCES_PATH}/{resource_id}", | ||
| json={"cascade_delete": cascade_delete}, |
There was a problem hiding this comment.
Could be wrong, but isn't this a url param?
3 participants
Description
Documentation
Does this require changes to the WorkOS Docs? E.g. the API Reference or code snippets need updates.
If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.