FGA_4: list/assign/remove role, remove roleAssginment

[swaroopAkkineniWorkos]

Description

Documentation

Does this require changes to the WorkOS Docs? E.g. the API Reference or code snippets need updates.

[ ] Yes

If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.

[swaroopAkkineniWorkos]

@greptile review

[greptile-apps]

Greptile Summary

Adds four new methods to the Authorization module for managing role assignments: listing, assigning, and removing roles from organization memberships. Implementation includes both sync and async versions, supports resource identification by ID or external ID, and includes proper pagination support.

• Added list_role_assignments() with cursor-based pagination
• Added assign_role() to create role assignments
• Added remove_role() to remove roles by slug and resource identifier
• Added remove_role_assignment() to remove by assignment ID
• New ResourceIdentifier union type supports both ID-based and external ID-based resource identification
• Comprehensive test coverage includes auto-pagination, both resource identifier types, and sync/async execution

Note: PR title contains typo "roleAssginment" (should be "roleAssignment")

Confidence Score: 5/5

• This PR is safe to merge with no issues found
• Code follows established SDK patterns consistently, includes comprehensive test coverage for all methods with both sync/async variants, properly handles pagination, and has no security concerns
• No files require special attention

Important Files Changed

Filename	Overview
src/workos/authorization.py	Added four role assignment methods (list_role_assignments, assign_role, remove_role, remove_role_assignment) with both sync and async implementations following existing codebase patterns
src/workos/types/authorization/init.py	Added exports for ResourceIdentifier types and RoleAssignment types to public API
src/workos/types/authorization/resource_identifier.py	New type definition for identifying resources by ID or external ID with type slug
tests/test_authorization_role_assignments.py	Comprehensive test coverage for all four role assignment methods including both ID and external ID variants, auto-pagination, and sync/async execution

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Client] --> B{Operation Type}
    
    B -->|List| C[list_role_assignments]
    C --> D[GET /authorization/organization_memberships/:id/role_assignments]
    D --> E[Returns paginated RoleAssignment list]
    
    B -->|Assign| F[assign_role]
    F --> G{Resource Identifier Type}
    G -->|By ID| H[POST with resource_id]
    G -->|By External ID| I[POST with resource_external_id + resource_type_slug]
    H --> J[Returns RoleAssignment]
    I --> J
    
    B -->|Remove by Role| K[remove_role]
    K --> L{Resource Identifier Type}
    L -->|By ID| M[DELETE with resource_id in body]
    L -->|By External ID| N[DELETE with external_id + type_slug in body]
    M --> O[Returns None]
    N --> O
    
    B -->|Remove by ID| P[remove_role_assignment]
    P --> Q[DELETE /role_assignments/:assignment_id]
    Q --> O

Loading

_{Last reviewed commit: 8796fc2}

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[swaroopAkkineniWorkos]

this is duplicate of what is in https://github.com/workos/workos-python/pull/568/changes#r2842020033, can consolidate

[greptile-apps]

_{4 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}