Add create_authorization_session and create_self_service_session methods (#4)

* Add create_authorization_session and create_self_service_session methods

* Correct function call in example

* Add has_permission method

Author: kkajla12

examples/example.py

@@ -9,10 +9,11 @@ def make_warrant_requests(api_key):
     provided_user_id = "custom_user_100"
     user2 = client.create_user(provided_user_id)
     print("Created user with provided id: " + user2)
-    print("Created session token for user " + user1 + ": " + client.create_session(user1))
-    print("Created session token for user " + user2 + ": " + client.create_session(user2))
+    print("Created authorization session token for user " + user1 + ": " + client.create_authorization_session({type:"sess", user_id:user1}))
+    print("Created authorization session token for user " + user2 + ": " + client.create_authorization_session({type:"sess", user_id:user2}))
     tenant1 = client.create_tenant("custom_tenant_210")
     print("Created tenant with provided id: " + tenant1)
+    print("Created self service session for user " + user2 + ": " + client.create_self_service_session({type:"ssdash", user_id:user2, tenant_id: tenant1}, "http://example.com"))
     admin_role = client.create_role("admin1")
     print("Created role: " + admin_role)
     permission1 = client.create_permission("create_report")
@@ -61,4 +62,4 @@ def make_warrant_requests(api_key):
 if __name__ == '__main__':
     # Replace with your Warrant api key
     api_key = "API_KEY"
-    make_warrant_requests(api_key)
+    make_warrant_requests(api_key)

warrant/__init__.py

@@ -4,6 +4,7 @@
 __version__ = "0.2.1"
 
 API_ENDPOINT = "https://api.warrant.dev"
+SELF_SERVICE_DASHBOARD_BASE_URL = "https://self-serve.warrant.dev"
 
 class WarrantException(Exception):
     def __init__(self, msg, status_code=-1):
@@ -31,6 +32,11 @@ def __init__(self, warrants, op):
         self.warrants = warrants
         self.op = op
 
+class PermissionCheck(object):
+    def __init__(self, permission_id, user_id):
+        self.permission_id = permission_id
+        self.user_id = user_id
+
 class WarrantClient(object):
     def __init__(self, api_key):
         self._apiKey = api_key
@@ -144,16 +150,26 @@ def remove_permission_from_role(self, role_id, permission_id):
             raise WarrantException(msg="Must include a roleId and permissionId")
         self._make_delete_request(uri="/v1/roles/"+role_id+"/permissions/"+permission_id)
 
-    def create_session(self, user_id):
-        if user_id == "":
+    def create_authorization_session(self, session):
+        if session.user_id == "":
             raise WarrantException(msg="Invalid userId provided")
-        payload = {
-            "type": "sess",
-            "userId": user_id
-        }
-        json = self._make_post_request(uri="/v1/sessions", json=payload)
+        if session.type != "sess":
+            raise WarrantException(msg="Invalid type provided")
+        if redirect_url == "":
+            raise WarrantException(msg="Must include a redirect_url")
+        json = self._make_post_request(uri="/v1/sessions", json=session)
         return json['token']
 
+    def create_self_service_session(self, session, redirect_url):
+        if session.tenant_id == "":
+            raise WarrantException(msg="Invalid tenant_id provided")
+        if session.user_id == "":
+            raise WarrantException(msg="Invalid user_id provided")
+        if session.type != "ssdash":
+            raise WarrantException(msg="Invalid type provided")
+        json = self._make_post_request(uri="/v1/sessions", json=session)
+        return f"{SELF_SERVICE_DASHBOARD_BASE_URL}/{json['token']}?redirectUrl={redirect_url}"
+
     def create_warrant(self, object_type, object_id, relation, subject):
         if object_type == "" or object_id == "" or relation == "":
             raise WarrantException(msg="Invalid object_type, object_id and/or relation")
@@ -193,3 +209,16 @@ def is_authorized(self, warrant_check):
             return True
         else:
             return False
+
+    def has_permission(self, permission_check):
+        return self.is_authorized({
+            warrants: [{
+                objectType: "permission",
+                objectId: permission_check.permission_id,
+                relation: "member",
+                subject: {
+                    objectType: "user",
+                    objectId: permission_check.user_id
+                }
+            }]
+        })