Skip to content

feat: Add organization role support #1455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
csrbarber wants to merge 3 commits into
base: feature/ent-4798-workos-node-environment-roles
Choose a base branch
from
Open

feat: Add organization role support #1455

csrbarber wants to merge 3 commits into from
+454 −0

Conversation

@csrbarber
Copy link
Contributor

@csrbarber csrbarber commented Jan 30, 2026

Description

  • Adds Organization Role support

Documentation

Does this require changes to the WorkOS Docs? E.g. the API Reference or code snippets need updates.

[X] Yes

If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.

@linear
Copy link

linear bot commented Jan 30, 2026

ENT-4798 workos-node

@csrbarber csrbarber marked this pull request as ready for review January 30, 2026 14:06
@csrbarber csrbarber requested a review from a team as a code owner January 30, 2026 14:07
@csrbarber csrbarber requested review from mthadley and removed request for a team January 30, 2026 14:07
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 30, 2026

Greptile Overview

Greptile Summary

Added organization role support to the Authorization module, mirroring the existing environment role functionality with organization-scoped operations.

  • Implemented 8 new methods in Authorization class: createOrganizationRole, listOrganizationRoles, getOrganizationRole, updateOrganizationRole, deleteOrganizationRole, setOrganizationRolePermissions, addOrganizationRolePermission, and removeOrganizationRolePermission
  • All methods follow the established pattern from environment roles with organization ID scoping
  • Added complete type definitions with proper interfaces for options and responses
  • Implemented serializers for snake_case to camelCase conversion
  • listOrganizationRoles returns mixed Role types (both EnvironmentRole and OrganizationRole) using discriminated union via the type field
  • Comprehensive test coverage added for all new methods with appropriate fixtures
  • Follows existing codebase patterns and conventions consistently

Confidence Score: 5/5

  • This PR is safe to merge with no identified risks
  • The implementation follows established patterns from environment roles exactly, has comprehensive test coverage for all methods, uses proper TypeScript typing, and doesn't introduce any security concerns or violate custom rules
  • No files require special attention

Important Files Changed

Filename Overview
src/authorization/authorization.ts Added 8 new methods for organization role CRUD operations and permission management, following existing environment role patterns
src/authorization/authorization.spec.ts Added comprehensive test coverage for all 8 organization role methods with fixtures
src/authorization/interfaces/organization-role.interface.ts Defined OrganizationRole interface matching EnvironmentRole structure with type discrimination
src/authorization/serializers/organization-role.serializer.ts Implemented deserializers for Role and OrganizationRole with snake_case to camelCase conversion

Sequence Diagram

sequenceDiagram
    participant Client
    participant Authorization
    participant WorkOS API
    participant Serializer

    Note over Client,Serializer: Create Organization Role Flow
    Client->>Authorization: createOrganizationRole(orgId, options)
    Authorization->>Serializer: serializeCreateOrganizationRoleOptions(options)
    Serializer-->>Authorization: serialized options
    Authorization->>WorkOS API: POST /authorization/organizations/{orgId}/roles
    WorkOS API-->>Authorization: OrganizationRoleResponse
    Authorization->>Serializer: deserializeOrganizationRole(data)
    Serializer-->>Authorization: OrganizationRole
    Authorization-->>Client: OrganizationRole

    Note over Client,Serializer: List Organization Roles Flow
    Client->>Authorization: listOrganizationRoles(orgId, options?)
    Authorization->>WorkOS API: GET /authorization/organizations/{orgId}/roles
    WorkOS API-->>Authorization: ListOrganizationRolesResponse
    Authorization->>Serializer: deserializeRole() for each role
    Serializer-->>Authorization: Role[]
    Authorization-->>Client: RoleList (EnvironmentRole + OrganizationRole)

    Note over Client,Serializer: Permission Management Flow
    Client->>Authorization: addOrganizationRolePermission(orgId, slug, permSlug)
    Authorization->>WorkOS API: POST /authorization/organizations/{orgId}/roles/{slug}/permissions
    WorkOS API-->>Authorization: OrganizationRoleResponse
    Authorization->>Serializer: deserializeOrganizationRole(data)
    Serializer-->>Authorization: OrganizationRole with updated permissions
    Authorization-->>Client: OrganizationRole
Loading

greptile-apps[bot]
greptile-apps bot reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

mattgd
mattgd reviewed Jan 30, 2026
View reviewed changes
src/authorization/interfaces/organization-role.interface.ts
Comment on lines +1 to +11
export interface OrganizationRole {
object: 'role';
id: string;
name: string;
slug: string;
description: string | null;
permissions: string[];
type: 'OrganizationRole';
createdAt: string;
updatedAt: string;
}
Copy link
Contributor

@mattgd mattgd Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we update the Role type to be a union of this and the EnvironmentRole type?

src/authorization/authorization.ts
Comment on lines +145 to +146
organizationId: string,
slug: string,
Copy link
Contributor

@mattgd mattgd Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth disambiguating all of these orgId/slug parameters with an object. Similar comment from other PR, so good with matching whatever decision you make there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattgd mattgd mattgd left review comments

@mthadley mthadley Awaiting requested review from mthadley mthadley is a code owner automatically assigned from workos/typescript

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@csrbarber @mattgd