From 882e5d0e974ff09d45a3b204b17783cae4a51e5b Mon Sep 17 00:00:00 2001 From: Aaron Tainter Date: Fri, 10 Apr 2026 16:09:21 -0700 Subject: [PATCH] feat: Add resource_type_slug to createOrganizationRole to create resource-scoped custom roles --- src/workos/authorization.py | 21 +++++++++++++++----- tests/test_authorization.py | 39 +++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 5 deletions(-) diff --git a/src/workos/authorization.py b/src/workos/authorization.py index 24364f11..0503944f 100644 --- a/src/workos/authorization.py +++ b/src/workos/authorization.py @@ -147,9 +147,10 @@ def create_organization_role( self, organization_id: str, *, - slug: str, + slug: Optional[str] = None, name: str, description: Optional[str] = None, + resource_type_slug: Optional[str] = None, ) -> SyncOrAsync[OrganizationRole]: ... def list_organization_roles( @@ -474,13 +475,18 @@ def create_organization_role( self, organization_id: str, *, - slug: str, + slug: Optional[str] = None, name: str, description: Optional[str] = None, + resource_type_slug: Optional[str] = None, ) -> OrganizationRole: - json: Dict[str, Any] = {"slug": slug, "name": name} + json: Dict[str, Any] = {"name": name} + if slug is not None: + json["slug"] = slug if description is not None: json["description"] = description + if resource_type_slug is not None: + json["resource_type_slug"] = resource_type_slug response = self._http_client.request( f"authorization/organizations/{organization_id}/roles", @@ -1152,13 +1158,18 @@ async def create_organization_role( self, organization_id: str, *, - slug: str, + slug: Optional[str] = None, name: str, description: Optional[str] = None, + resource_type_slug: Optional[str] = None, ) -> OrganizationRole: - json: Dict[str, Any] = {"slug": slug, "name": name} + json: Dict[str, Any] = {"name": name} + if slug is not None: + json["slug"] = slug if description is not None: json["description"] = description + if resource_type_slug is not None: + json["resource_type_slug"] = resource_type_slug response = await self._http_client.request( f"authorization/organizations/{organization_id}/roles", diff --git a/tests/test_authorization.py b/tests/test_authorization.py index 56b0f954..ee29f745 100644 --- a/tests/test_authorization.py +++ b/tests/test_authorization.py @@ -234,6 +234,45 @@ def test_create_organization_role( ) assert request_kwargs["json"] == {"slug": "admin", "name": "Admin"} + def test_create_organization_role_without_slug( + self, mock_organization_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_organization_role, 201 + ) + + role = syncify( + self.authorization.create_organization_role( + "org_01EHT88Z8J8795GZNQ4ZP1J81T", + name="Admin", + ) + ) + + assert role.id == "role_01ABC" + assert request_kwargs["json"] == {"name": "Admin"} + + def test_create_organization_role_with_resource_type_slug( + self, mock_organization_role, capture_and_mock_http_client_request + ): + request_kwargs = capture_and_mock_http_client_request( + self.http_client, mock_organization_role, 201 + ) + + syncify( + self.authorization.create_organization_role( + "org_01EHT88Z8J8795GZNQ4ZP1J81T", + slug="admin", + name="Admin", + resource_type_slug="project", + ) + ) + + assert request_kwargs["json"] == { + "slug": "admin", + "name": "Admin", + "resource_type_slug": "project", + } + def test_list_organization_roles( self, mock_organization_roles, capture_and_mock_http_client_request ):