Use warrant create/delete endpoints (#11)

* Update self service create to support self service strategy

* Use warrant create/delete for assign/remove methods

* Fix lint error

* Add object type constants

Author: stanleyphu

examples/example.py

@@ -26,8 +26,9 @@
 print(f"Created tenants: [{tenant1.id}, {tenant2.id}]")
 tenant1.assign_user(user1.id)
 print(f"Assigned user [{user1.id}] to tenant [{tenant1.id}]")
-tenant2.assign_user(user2.id)
-print(f"Assigned user [{user2.id}] to tenant [{tenant2.id}]")
+user2_subject = warrant.Subject("user", user2.id)
+warrant.Warrant.create("tenant", tenant1.id, "admin", user2_subject)
+print(f"Assigned user [{user2.id}] as admin to tenant [{tenant2.id}]")
 tenant1_users = ""
 for u in tenant1.list_users():
     tenant1_users += u.id + " "
@@ -143,8 +144,8 @@
 """
 # Generate a self-service dashboard url for user2
 print("---------- FE & Self-service Authz Tokens ----------")
-user2.assign_permission("view-self-service-dashboard")
-print("Created self service dashboard url for user [" + user2.id + "]: " + warrant.Authz.create_self_service_url(tenant_id=tenant1.id, user_id=user2.id, redirect_url="http://example.com"))
+print("Created self service dashboard url for user [" + user2.id + "]: " +
+      warrant.Authz.create_self_service_url(tenant_id=tenant1.id, user_id=user2.id, self_service_strategy="rbac", redirect_url="http://example.com"))
 
 # Authz sessions
 print("Created authorization session token for user [" + user1.id + "]: " + warrant.Authz.create_authorization_session(user_id=user1.id))
@@ -156,24 +157,25 @@
 Create and query your own warrants
 """
 print("---------- Create & Query Warrants ----------")
+permission1 = warrant.Permission.create(id="permission1")
 user1_subject = warrant.Subject("user", user1.id)
-result = warrant.Authz.check("permission", "view-self-service-dashboard", "member", user1_subject)
-print(f"Does [{user1.id}] have the [view-self-service-dashboard] permission? (should be false) -> {result}")
-warrant.Warrant.create("permission", "view-self-service-dashboard", "member", user1_subject)
-print("Manually assigned [view-self-service-dashboard] permission to [" + user1.id + "]")
-result = warrant.Authz.check("permission", "view-self-service-dashboard", "member", user1_subject)
-print(f"Does [{user1.id}] have the [view-self-service-dashboard] permission? (should be true) -> {result}")
+result = warrant.Authz.check("permission", "permission1", "member", user1_subject)
+print(f"Does [{user1.id}] have the [permission1] permission? (should be false) -> {result}")
+warrant.Warrant.create("permission", "permission1", "member", user1_subject)
+print("Manually assigned [permission1] permission to [" + user1.id + "]")
+result = warrant.Authz.check("permission", "permission1", "member", user1_subject)
+print(f"Does [{user1.id}] have the [permission1] permission? (should be true) -> {result}")
 
 # Query warrants
-warrants = warrant.Warrant.query(select="explicit warrants", for_clause="subject=user:"+user1.id, where="relation=member")
-print("Query warrants results:")
-for w in warrants:
-    print(f"[{w.object_type}:{w.object_id} {w.relation} {w.subject.object_type}:{w.subject.object_id}]")
-
-warrant.Warrant.delete("permission", "view-self-service-dashboard", "member", user1_subject)
-print("Manually removed [view-self-service-dashboard] permission from [" + user1.id + "]")
-result = warrant.Authz.check("permission", "view-self-service-dashboard", "member", user1_subject)
-print(f"Does [{user1.id}] have the [view-self-service-dashboard] permission? (should be false) -> {result}")
+# warrants = warrant.Warrant.query(select="explicit warrants", for_clause="subject=user:"+user1.id, where="relation=member")
+# print("Query warrants results:")
+# for w in warrants:
+#     print(f"[{w.object_type}:{w.object_id} {w.relation} {w.subject.object_type}:{w.subject.object_id}]")
+
+warrant.Warrant.delete("permission", "permission1", "member", user1_subject)
+print("Manually removed [permission1] permission from [" + user1.id + "]")
+result = warrant.Authz.check("permission", "permission1", "member", user1_subject)
+print(f"Does [{user1.id}] have the [permission1] permission? (should be false) -> {result}")
 print("\n")
 
 
@@ -185,13 +187,12 @@
 user1.remove_permission(special_perm.id)
 user1.remove_role(admin_role.id)
 user2.remove_role(viewer_role.id)
-user2.remove_permission("view-self-service-dashboard")
 admin_role.remove_permission(create_report_perm.id)
 admin_role.remove_permission(delete_report_perm.id)
 admin_role.remove_permission(view_report_perm.id)
 viewer_role.remove_permission(view_report_perm.id)
 tenant1.remove_user(user1.id)
-tenant2.remove_user(user2.id)
+warrant.Warrant.delete("tenant", tenant1.id, "admin", user2_subject)
 enterprise_tier.remove_feature(analytics_feature.id)
 free_tier.remove_feature(dashboard_feature.id)
 
@@ -205,6 +206,7 @@
 warrant.Permission.delete(delete_report_perm.id)
 warrant.Permission.delete(view_report_perm.id)
 warrant.Permission.delete(special_perm.id)
+warrant.Permission.delete(permission1.id)
 warrant.Feature.delete(analytics_feature.id)
 warrant.Feature.delete(dashboard_feature.id)
 warrant.PricingTier.delete(enterprise_tier.id)

warrant/authz.py

@@ -37,11 +37,12 @@ def create_authorization_session(cls, user_id):
         return json["token"]
 
     @classmethod
-    def create_self_service_url(cls, tenant_id, user_id, redirect_url):
+    def create_self_service_url(cls, tenant_id, user_id, self_service_strategy, redirect_url):
         payload = {
             "type": "ssdash",
             "userId": user_id,
-            "tenantId": tenant_id
+            "tenantId": tenant_id,
+            "selfServiceStrategy": self_service_strategy,
         }
         json = cls._post(uri="/v1/sessions", json=payload)
         token = json["token"]

warrant/constants.py

@@ -0,0 +1,6 @@
+FEATURE_OBJECT_TYPE = "feature"
+PERMISSION_OBJECT_TYPE = "permission"
+PRICING_TIER_OBJECT_TYPE = "pricing-tier"
+ROLE_OBJECT_TYPE = "role"
+TENANT_OBJECT_TYPE = "tenant"
+USER_OBJECT_TYPE = "user"

warrant/feature.py

@@ -1,4 +1,4 @@
-from warrant import APIResource
+from warrant import APIResource, Subject, Warrant, constants
 
 
 class Feature(APIResource):
@@ -34,11 +34,13 @@ def list_for_pricing_tier(cls, pricing_tier_id, list_params={}):
 
     @classmethod
     def assign_to_pricing_tier(cls, pricing_tier_id, feature_id):
-        cls._post(uri="/v1/pricing-tiers/"+pricing_tier_id+"/features/"+feature_id, json={})
+        pricing_tier_subject = Subject(constants.PRICING_TIER_OBJECT_TYPE, pricing_tier_id)
+        return Warrant.create(constants.FEATURE_OBJECT_TYPE, feature_id, "member", pricing_tier_subject)
 
     @classmethod
     def remove_from_pricing_tier(cls, pricing_tier_id, feature_id):
-        cls._delete(uri="/v1/pricing-tiers/"+pricing_tier_id+"/features/"+feature_id, params={})
+        pricing_tier_subject = Subject(constants.PRICING_TIER_OBJECT_TYPE, pricing_tier_id)
+        return Warrant.delete(constants.FEATURE_OBJECT_TYPE, feature_id, "member", pricing_tier_subject)
 
     """
     Tenants
@@ -49,11 +51,13 @@ def list_for_tenant(cls, tenant_id, list_params={}):
 
     @classmethod
     def assign_to_tenant(cls, tenant_id, feature_id):
-        cls._post(uri="/v1/tenants/"+tenant_id+"/features/"+feature_id, json={})
+        tenant_subject = Subject(constants.TENANT_OBJECT_TYPE, tenant_id)
+        return Warrant.create(constants.FEATURE_OBJECT_TYPE, feature_id, "member", tenant_subject)
 
     @classmethod
     def remove_from_tenant(cls, tenant_id, feature_id):
-        cls._delete(uri="/v1/tenants/"+tenant_id+"/features/"+feature_id, params={})
+        tenant_subject = Subject(constants.TENANT_OBJECT_TYPE, tenant_id)
+        return Warrant.delete(constants.FEATURE_OBJECT_TYPE, feature_id, "member", tenant_subject)
 
     """
     Users
@@ -64,11 +68,13 @@ def list_for_user(cls, user_id, list_params={}):
 
     @classmethod
     def assign_to_user(cls, user_id, feature_id):
-        cls._post(uri="/v1/users/"+user_id+"/features/"+feature_id, json={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.create(constants.FEATURE_OBJECT_TYPE, feature_id, "member", user_subject)
 
     @classmethod
     def remove_from_user(cls, user_id, feature_id):
-        cls._delete(uri="/v1/users/"+user_id+"/features/"+feature_id, params={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.delete(constants.FEATURE_OBJECT_TYPE, feature_id, "member", user_subject)
 
     """
     JSON serialization/deserialization

warrant/permission.py

@@ -1,4 +1,4 @@
-from warrant import APIResource
+from warrant import APIResource, Subject, Warrant, constants
 
 
 class Permission(APIResource):
@@ -47,11 +47,13 @@ def list_for_user(cls, user_id, list_params={}):
 
     @classmethod
     def assign_to_user(cls, user_id, permission_id):
-        cls._post(uri="/v1/users/"+user_id+"/permissions/"+permission_id, json={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.create(constants.PERMISSION_OBJECT_TYPE, permission_id, "member", user_subject)
 
     @classmethod
     def remove_from_user(cls, user_id, permission_id):
-        cls._delete(uri="/v1/users/"+user_id+"/permissions/"+permission_id, params={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.delete(constants.PERMISSION_OBJECT_TYPE, permission_id, "member", user_subject)
 
     """
     Roles
@@ -62,11 +64,13 @@ def list_for_role(cls, role_id, list_params={}):
 
     @classmethod
     def assign_to_role(cls, role_id, permission_id):
-        return cls._post(uri="/v1/roles/"+role_id+"/permissions/"+permission_id, json={})
+        role_subject = Subject(constants.ROLE_OBJECT_TYPE, role_id)
+        return Warrant.create(constants.PERMISSION_OBJECT_TYPE, permission_id, "member", role_subject)
 
     @classmethod
     def remove_from_role(cls, role_id, permission_id):
-        return cls._delete(uri="/v1/roles/"+role_id+"/permissions/"+permission_id, params={})
+        role_subject = Subject(constants.ROLE_OBJECT_TYPE, role_id)
+        return Warrant.delete(constants.PERMISSION_OBJECT_TYPE, permission_id, "member", role_subject)
 
     """
     JSON serialization/deserialization

warrant/pricing_tier.py

@@ -1,4 +1,4 @@
-from warrant import APIResource, Feature
+from warrant import APIResource, Feature, Subject, Warrant, constants
 
 
 class PricingTier(APIResource):
@@ -46,11 +46,13 @@ def list_for_tenant(cls, tenant_id, list_params={}):
 
     @classmethod
     def assign_to_tenant(cls, tenant_id, pricing_tier_id):
-        cls._post(uri="/v1/tenants/"+tenant_id+"/pricing-tiers/"+pricing_tier_id)
+        tenant_subject = Subject(constants.TENANT_OBJECT_TYPE, tenant_id)
+        return Warrant.create(constants.PRICING_TIER_OBJECT_TYPE, pricing_tier_id, "member", tenant_subject)
 
     @classmethod
     def remove_from_tenant(cls, tenant_id, pricing_tier_id):
-        cls._delete(uri="/v1/tenants/"+tenant_id+"/pricing-tiers/"+pricing_tier_id, params={})
+        tenant_subject = Subject(constants.TENANT_OBJECT_TYPE, tenant_id)
+        return Warrant.delete(constants.PRICING_TIER_OBJECT_TYPE, pricing_tier_id, "member", tenant_subject)
 
     """
     Users
@@ -61,11 +63,13 @@ def list_for_user(cls, user_id, list_params={}):
 
     @classmethod
     def assign_to_user(cls, user_id, pricing_tier_id):
-        cls._post(uri="/v1/users/"+user_id+"/pricing-tiers/"+pricing_tier_id)
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.create(constants.PRICING_TIER_OBJECT_TYPE, pricing_tier_id, "member", user_subject)
 
     @classmethod
     def remove_from_user(cls, user_id, pricing_tier_id):
-        cls._delete(uri="/v1/users/"+user_id+"/pricing-tiers/"+pricing_tier_id, params={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.delete(constants.PRICING_TIER_OBJECT_TYPE, pricing_tier_id, "member", user_subject)
 
     """
     JSON serialization/deserialization

warrant/role.py

@@ -1,4 +1,4 @@
-from warrant import APIResource, Permission
+from warrant import APIResource, Permission, Subject, Warrant, constants
 
 
 class Role(APIResource):
@@ -47,11 +47,13 @@ def list_for_user(cls, user_id, list_params={}):
 
     @classmethod
     def assign_to_user(cls, user_id, role_id):
-        cls._post(uri="/v1/users/"+user_id+"/roles/"+role_id, json={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.create(constants.ROLE_OBJECT_TYPE, role_id, "member", user_subject)
 
     @classmethod
     def remove_from_user(cls, user_id, role_id):
-        cls._delete(uri="/v1/users/"+user_id+"/roles/"+role_id, params={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.delete(constants.ROLE_OBJECT_TYPE, role_id, "member", user_subject)
 
     """
     Permissions

warrant/user.py

@@ -1,4 +1,4 @@
-from warrant import APIResource, PricingTier, Feature, Role, Permission, Authz, Subject
+from warrant import APIResource, PricingTier, Feature, Role, Permission, Authz, Subject, Warrant, constants
 
 
 class User(APIResource):
@@ -43,11 +43,13 @@ def delete(cls, id):
     """
     @classmethod
     def assign_to_tenant(cls, tenant_id, user_id):
-        cls._post(uri="/v1/tenants/"+tenant_id+"/users/"+user_id, json={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.create(constants.TENANT_OBJECT_TYPE, tenant_id, "member", user_subject)
 
     @classmethod
     def remove_from_tenant(cls, tenant_id, user_id):
-        cls._delete(uri="/v1/tenants/"+tenant_id+"/users/"+user_id, params={})
+        user_subject = Subject(constants.USER_OBJECT_TYPE, user_id)
+        return Warrant.delete(constants.TENANT_OBJECT_TYPE, tenant_id, "member", user_subject)
 
     """
     Roles