Merge pull request #248 from auth0/add-role-permission-endpoints

Add role permission endpoints to RoleClient
auth0 · Apr 2, 2019 · c755e3e · c755e3e
2 parents a66e179 + feddedd
commit c755e3e
Show file tree

Hide file tree

Showing 9 changed files with 169 additions and 7 deletions.
diff --git a/src/Auth0.ManagementApi/Clients/ClientBase.cs b/src/Auth0.ManagementApi/Clients/ClientBase.cs
@@ -8,7 +8,7 @@ namespace Auth0.ManagementApi.Clients
     public class ClientBase
     {
         /// <summary>
-        /// The <see cref="IApiConnection"/> which is used to make all REST calls.
+        /// The <see cref="IApiConnection"/> which is used to make all HTTP API calls.
         /// </summary>
         internal IApiConnection Connection { get; }
 

diff --git a/src/Auth0.ManagementApi/Clients/RolesClient.cs b/src/Auth0.ManagementApi/Clients/RolesClient.cs
@@ -132,7 +132,7 @@ public Task<IPagedList<AssignedUser>> GetUsersAsync(string id)
         /// </summary>
         /// <param name="id">The ID of the role to query.</param>
         /// <param name="pagination">Specifies <see cref="PaginationInfo"/> to use in requesting paged results.</param>
-        /// <returns>An <see cref="IPagedList{AssignedUser}"/> containing the assigned user.</returns>
+        /// <returns>An <see cref="IPagedList{AssignedUser}"/> containing the assigned users.</returns>
         public Task<IPagedList<AssignedUser>> GetUsersAsync(string id, PaginationInfo pagination)
         {
             return Connection.GetAsync<IPagedList<AssignedUser>>("roles/{id}/users",
@@ -159,5 +159,47 @@ public Task AssignUsersAsync(string id, AssignUsersRequest request)
                     {"id", id},
                 }, null, null);
         }
+
+        /// <summary>
+        /// Gets the permissions for a role.
+        /// </summary>
+        /// <param name="id">The id of the role to obtain the permissions for.</param>
+        /// <param name="pagination">Specifies <see cref="PaginationInfo"/> to use in requesting paged results.</param>
+        /// <returns>An <see cref="IPagedList{Permission}"/> containing the assigned permissions.</returns>
+        public Task<IPagedList<Permission>> GetPermissionsAsync(string id, PaginationInfo pagination)
+        {
+            return Connection.GetAsync<IPagedList<Permission>>("roles/{id}/permissions",
+                new Dictionary<string, string>
+                {
+                        {"id", id},
+                        {"page", pagination.PageNo.ToString()},
+                        {"per_page", pagination.PerPage.ToString()},
+                        {"include_totals", pagination.IncludeTotals.ToString().ToLower()}
+                }, null, null, new PagedListConverter<Permission>("users"));
+        }
+
+        /// <summary>
+        /// Add permissions to a role.
+        /// </summary>
+        /// <param name="id">The ID of the role to add permissions to.</param>
+        /// <param name="request">A <see cref="AssociatePermissionsRequest" /> containing the permission identifiers to remove from the role.</param>
+        /// <returns>A <see cref="Task"/> that represents the asynchronous remove operation.</returns>
+        public Task AssociatePermissionsAsync(string id, AssociatePermissionsRequest request)
+        {
+            return Connection.PostAsync<object>("roles/{id}/permissions", request, null, null,
+                new Dictionary<string, string> { { "id", id}, }, null, null);
+        }
+
+        /// <summary>
+        /// Remove permissions associated with a role.
+        /// </summary>
+        /// <param name="id">The ID of the role to remove permissions from.</param>
+        /// <param name="request">A <see cref="AssociatePermissionsRequest" /> containing the role IDs to remove to the user.</param>
+        /// <returns>A <see cref="Task"/> that represents the asynchronous remove operation.</returns>
+        public Task UnassociatePermissionsAsync(string id, AssociatePermissionsRequest request)
+        {
+            return Connection.DeleteAsync<object>("roles/{id}/permissions", request, 
+                new Dictionary<string, string> { {"id", id}, }, null);
+        }
     }
 }
diff --git a/src/Auth0.ManagementApi/Models/AssignRolesRequest.cs b/src/Auth0.ManagementApi/Models/AssignRolesRequest.cs
@@ -3,12 +3,12 @@
 namespace Auth0.ManagementApi.Models
 {
     /// <summary>
-    ///
+    /// Contains details of roles that should be assigned to a user.
     /// </summary>
     public class AssignRolesRequest
     {
         /// <summary>
-        /// Role IDs to assign to the user
+        /// Role IDs to assign to the user.
         /// </summary>
         [JsonProperty("roles")]
         public string[] Roles { get; set; }

diff --git a/src/Auth0.ManagementApi/Models/AssignUsersRequest.cs b/src/Auth0.ManagementApi/Models/AssignUsersRequest.cs
@@ -3,12 +3,12 @@
 namespace Auth0.ManagementApi.Models
 {
     /// <summary>
-    ///
+    /// Contains details of users that should be assigned to a role.
     /// </summary>
     public class AssignUsersRequest
     {
         /// <summary>
-        /// User IDs to assign to the role
+        /// User IDs to assign to the role.
         /// </summary>
         [JsonProperty("users")]
         public string[] Users { get; set; }

diff --git a/src/Auth0.ManagementApi/Models/AssociatePermissionsRequest.cs b/src/Auth0.ManagementApi/Models/AssociatePermissionsRequest.cs
@@ -0,0 +1,17 @@
+using Newtonsoft.Json;
+using System.Collections.Generic;
+
+namespace Auth0.ManagementApi.Models
+{
+    /// <summary>
+    /// Contains details of permissions that should be assigned to a role.
+    /// </summary>
+    public class AssociatePermissionsRequest
+    {
+        /// <summary>
+        /// User IDs to assign to the role.
+        /// </summary>
+        [JsonProperty("permissions")]
+        public IList<PermissionIdentity> Permissions { get; set; }
+    }
+}
diff --git a/src/Auth0.ManagementApi/Models/Permission.cs b/src/Auth0.ManagementApi/Models/Permission.cs
@@ -0,0 +1,22 @@
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    /// <summary>
+    /// Represents a permission.
+    /// </summary>
+    public class Permission : PermissionIdentity
+    {
+        /// <summary>
+        /// The name of the resource server.
+        /// </summary>
+        [JsonProperty("resource_server_name")]
+        public string ResourceServerName { get; set; }
+
+        /// <summary>
+        /// The description of the permission.
+        /// </summary>
+        [JsonProperty("description")]
+        public string Description { get; set; }
+    }
+}
diff --git a/src/Auth0.ManagementApi/Models/PermissionIdentity.cs b/src/Auth0.ManagementApi/Models/PermissionIdentity.cs
@@ -0,0 +1,22 @@
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    /// <summary>
+    /// Represents the properties of a permission that give it its unique identity.
+    /// </summary>
+    public class PermissionIdentity
+    {
+        /// <summary>
+        /// The resource server that the permission is attached to.
+        /// </summary>
+        [JsonProperty("resource_server_identifier")]
+        public string Identifier { get; set; }
+
+        /// <summary>
+        /// The name of the permission.
+        /// </summary>
+        [JsonProperty("permission_name")]
+        public string Name { get; set; }
+    }
+}
diff --git a/src/Auth0.ManagementApi/Models/ResourceServerBase.cs b/src/Auth0.ManagementApi/Models/ResourceServerBase.cs
@@ -41,7 +41,7 @@ public class ResourceServerBase
         /// The amount of time (in seconds) that the token will be valid after being issued
         /// </summary>
         [JsonProperty("token_lifetime")]
-        public int TokenLifetime { get; set; }
+        public int? TokenLifetime { get; set; }
 
         /// <summary>
         /// The amount of time (in seconds) that the token will be valid after being issued from browser based flows.

diff --git a/tests/Auth0.ManagementApi.IntegrationTests/RolesTests.cs b/tests/Auth0.ManagementApi.IntegrationTests/RolesTests.cs
@@ -200,6 +200,65 @@ public async Task Test_roles_assign_role_to_user()
             await _apiClient.Users.DeleteAsync(user.UserId);
         }
 
+        [Fact]
+        public async Task Test_roles_assign_unassign_permission_to_role()
+        {
+            // Add a new role
+            var newRoleRequest = new RoleCreateRequest
+            {
+                Name = $"{Guid.NewGuid():N}role",
+                Description = $"{Guid.NewGuid():N}description",
+            };
+            var role = await _apiClient.Roles.CreateAsync(newRoleRequest);
+            role.Should().NotBeNull();
+            role.Name.Should().Be(newRoleRequest.Name);
+            role.Description.Should().Be(newRoleRequest.Description);
+
+            // Get a resource server
+            var resourceServer = await _apiClient.ResourceServers.GetAsync("5ca26ccd95daa4089c4eba35");
+            var originalScopes = resourceServer.Scopes.ToList();
+
+            // Create a permission/scope
+            var newScope = new ResourceServerScope { Value = $"{Guid.NewGuid():N}scope", Description = "Integration test" };
+
+            // Update resource server with new scope
+            resourceServer = await _apiClient.ResourceServers.UpdateAsync(resourceServer.Id, new ResourceServerUpdateRequest
+            {
+                Scopes = originalScopes.Concat(new[] { newScope }).ToList(),
+            });
+
+            // Associate a permission with the role
+            var assignPermissionsRequest = new AssociatePermissionsRequest()
+            {
+                Permissions = new[] { new PermissionIdentity { Identifier = resourceServer.Identifier, Name = newScope.Value } } 
+            };
+            await _apiClient.Roles.AssociatePermissionsAsync(role.Id, assignPermissionsRequest);
+
+            // Ensure the permission is associated with the role
+            var associatedPermissions = await _apiClient.Roles.GetPermissionsAsync(role.Id, new PaginationInfo());
+            associatedPermissions.Should().NotBeNull();
+            associatedPermissions.Should().HaveCount(1);
+            associatedPermissions.First().Identifier.Should().Be(resourceServer.Identifier);
+            associatedPermissions.First().Name.Should().Be(newScope.Value);
+
+            // Unassociate a permission with the role
+            await _apiClient.Roles.UnassociatePermissionsAsync(role.Id, assignPermissionsRequest);
+
+            // Ensure the permission is unassociated with the role
+            associatedPermissions = await _apiClient.Roles.GetPermissionsAsync(role.Id, new PaginationInfo());
+            associatedPermissions.Should().NotBeNull();
+            associatedPermissions.Should().HaveCount(0);
+
+            // Clean Up - Remove the permission from the resource server
+            resourceServer = await _apiClient.ResourceServers.UpdateAsync(resourceServer.Id, new ResourceServerUpdateRequest
+            {
+                Scopes = originalScopes
+            });
+
+            // Clean Up - Remove the role
+            await _apiClient.Roles.DeleteAsync(role.Id);
+        }
+
         [Fact]
         public async Task Test_when_paging_not_specified_does_not_include_totals()
         {