descope · aviadl · Dec 18, 2023 · Dec 18, 2023
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -7,4 +7,9 @@
  "mypy-type-checker.importStrategy": "fromEnvironment",
  "isort.importStrategy": "fromEnvironment",
  "black-formatter.importStrategy": "fromEnvironment",
+ "workbench.colorCustomizations": {
+ "activityBar.background": "#4D1C3B",
+ "titleBar.activeBackground": "#6B2752",
+ "titleBar.activeForeground": "#FDF8FB"
+ },
 }
diff --git a/descope/management/common.py b/descope/management/common.py
@@ -26,6 +26,7 @@ class MgmtV1:
  user_update_name_path = "/v1/mgmt/user/update/name"
  user_update_picture_path = "/v1/mgmt/user/update/picture"
  user_update_custom_attribute_path = "/v1/mgmt/user/update/customAttribute"
+ user_set_role_path = "/v1/mgmt/user/update/role/set"
  user_add_role_path = "/v1/mgmt/user/update/role/add"
  user_remove_role_path = "/v1/mgmt/user/update/role/remove"
  user_set_password_path = "/v1/mgmt/user/password/set"

diff --git a/descope/management/user.py b/descope/management/user.py
@@ -740,6 +740,34 @@ def update_custom_attribute(
  )
  return response.json()
 
+ def set_roles(
+ self,
+ login_id: str,
+ role_names: List[str],
+ ) -> dict:
+ """
+ Set roles to a user without tenant association. Use set_tenant_roles
+ for users that are part of a multi-tenant project.
+
+ Args:
+ login_id (str): The login ID of the user to update.
+ role_names (List[str]): A list of roles to set to a user without tenant association.
+
+ Return value (dict):
+ Return dict in the format
+ {"user": {}}
+ Containing the updated user information.
+
+ Raise:
+ AuthException: raised if the operation fails
+ """
+ response = self._auth.do_post(
+ MgmtV1.user_set_role_path,
+ {"loginId": login_id, "roleNames": role_names},
+ pswd=self._auth.management_key,
+ )
+ return response.json()
+
  def add_roles(
  self,
  login_id: str,
@@ -850,6 +878,35 @@ def remove_tenant(
  )
  return response.json()
 
+ def set_tenant_roles(
+ self,
+ login_id: str,
+ tenant_id: str,
+ role_names: List[str],
+ ) -> dict:
+ """
+ Set roles to a user in a specific tenant.
+
+ Args:
+ login_id (str): The login ID of the user to update.
+ tenant_id (str): The ID of the user's tenant.
+ role_names (List[str]): A list of roles to set on the user.
+
+ Return value (dict):
+ Return dict in the format
+ {"user": {}}
+ Containing the updated user information.
+
+ Raise:
+ AuthException: raised if the operation fails
+ """
+ response = self._auth.do_post(
+ MgmtV1.user_set_role_path,
+ {"loginId": login_id, "tenantId": tenant_id, "roleNames": role_names},
+ pswd=self._auth.management_key,
+ )
+ return response.json()
+
  def add_tenant_roles(
  self,
  login_id: str,

diff --git a/tests/management/test_user.py b/tests/management/test_user.py
@@ -939,6 +939,42 @@ def test_update_custom_attribute(self):
  timeout=DEFAULT_TIMEOUT_SECONDS,
  )
 
+ def test_set_roles(self):
+ # Test failed flows
+ with patch("requests.post") as mock_post:
+ mock_post.return_value.ok = False
+ self.assertRaises(
+ AuthException,
+ self.client.mgmt.user.set_roles,
+ "valid-id",
+ ["foo", "bar"],
+ )
+
+ # Test success flow
+ with patch("requests.post") as mock_post:
+ network_resp = mock.Mock()
+ network_resp.ok = True
+ network_resp.json.return_value = json.loads("""{"user": {"id": "u1"}}""")
+ mock_post.return_value = network_resp
+ resp = self.client.mgmt.user.set_roles("valid-id", ["foo", "bar"])
+ user = resp["user"]
+ self.assertEqual(user["id"], "u1")
+ mock_post.assert_called_with(
+ f"{common.DEFAULT_BASE_URL}{MgmtV1.user_set_role_path}",
+ headers={
+ **common.default_headers,
+ "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}",
+ },
+ params=None,
+ json={
+ "loginId": "valid-id",
+ "roleNames": ["foo", "bar"],
+ },
+ allow_redirects=False,
+ verify=True,
+ timeout=DEFAULT_TIMEOUT_SECONDS,
+ )
+
  def test_add_roles(self):
  # Test failed flows
  with patch("requests.post") as mock_post:
@@ -1083,6 +1119,46 @@ def test_remove_tenant(self):
  timeout=DEFAULT_TIMEOUT_SECONDS,
  )
 
+ def test_set_tenant_roles(self):
+ # Test failed flows
+ with patch("requests.post") as mock_post:
+ mock_post.return_value.ok = False
+ self.assertRaises(
+ AuthException,
+ self.client.mgmt.user.set_tenant_roles,
+ "valid-id",
+ "tid",
+ ["foo", "bar"],
+ )
+
+ # Test success flow
+ with patch("requests.post") as mock_post:
+ network_resp = mock.Mock()
+ network_resp.ok = True
+ network_resp.json.return_value = json.loads("""{"user": {"id": "u1"}}""")
+ mock_post.return_value = network_resp
+ resp = self.client.mgmt.user.set_tenant_roles(
+ "valid-id", "tid", ["foo", "bar"]
+ )
+ user = resp["user"]
+ self.assertEqual(user["id"], "u1")
+ mock_post.assert_called_with(
+ f"{common.DEFAULT_BASE_URL}{MgmtV1.user_set_role_path}",
+ headers={
+ **common.default_headers,
+ "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}",
+ },
+ params=None,
+ json={
+ "loginId": "valid-id",
+ "tenantId": "tid",
+ "roleNames": ["foo", "bar"],
+ },
+ allow_redirects=False,
+ verify=True,
+ timeout=DEFAULT_TIMEOUT_SECONDS,
+ )
+
  def test_add_tenant_roles(self):
  # Test failed flows
  with patch("requests.post") as mock_post: