Add ability to view a user's assigned roles

auth0 · Jan 17, 2023 · 9ed5077 · 9ed5077
1 parent 463bb7f
commit 9ed5077
Show file tree

Hide file tree

Showing 16 changed files with 190 additions and 2 deletions.
diff --git a/docs/auth0_users.md b/docs/auth0_users.md
@@ -12,6 +12,7 @@ Manage resources for users.
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/docs/auth0_users_create.md b/docs/auth0_users_create.md
@@ -54,6 +54,7 @@ auth0 users create [flags]
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/docs/auth0_users_delete.md b/docs/auth0_users_delete.md
@@ -48,6 +48,7 @@ auth0 users delete [flags]
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/docs/auth0_users_import.md b/docs/auth0_users_import.md
@@ -49,6 +49,7 @@ auth0 users import [flags]
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/docs/auth0_users_open.md b/docs/auth0_users_open.md
@@ -37,6 +37,7 @@ auth0 users open [flags]
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/docs/auth0_users_roles.md b/docs/auth0_users_roles.md
@@ -0,0 +1,11 @@
+---
+layout: default
+---
+# auth0 users roles
+
+Manage a user's assigned roles. To learn more about roles and their behavior, read [Role-based Access Control](https://auth0.com/docs/manage-users/access-control/rbac).
+
+## Commands
+
+- [auth0 users roles show](auth0_users_roles_show.md) - Show a user's roles
+
diff --git a/docs/auth0_users_roles_show.md b/docs/auth0_users_roles_show.md
@@ -0,0 +1,45 @@
+---
+layout: default
+---
+# auth0 users roles show
+
+Display information about an existing user's assigned roles.
+
+## Usage
+```
+auth0 users roles show [flags]
+```
+
+## Examples
+
+```
+  auth0 users roles show
+  auth0 users roles show <user-id>
+  auth0 users roles show <user-id> --number 100
+  auth0 users roles show <user-id> -n 100 --json
+```
+
+
+## Flags
+
+```
+      --json         Output in json format.
+  -n, --number int   Number of user roles to retrieve. Maximum result number is 1000. (default 50)
+```
+
+
+## InheritedFlags
+
+```
+      --debug           Enable debug mode.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+
+## Related Commands
+
+- [auth0 users roles show](auth0_users_roles_show.md) - Show a user's roles
+
+
diff --git a/docs/auth0_users_search.md b/docs/auth0_users_search.md
@@ -48,6 +48,7 @@ auth0 users search [flags]
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/docs/auth0_users_show.md b/docs/auth0_users_show.md
@@ -43,6 +43,7 @@ auth0 users show [flags]
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/docs/auth0_users_unblock.md b/docs/auth0_users_unblock.md
@@ -36,6 +36,7 @@ auth0 users unblock [flags]
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/docs/auth0_users_update.md b/docs/auth0_users_update.md
@@ -52,6 +52,7 @@ auth0 users update [flags]
 - [auth0 users delete](auth0_users_delete.md) - Delete a user
 - [auth0 users import](auth0_users_import.md) - Import users from schema
 - [auth0 users open](auth0_users_open.md) - Open the user's settings page
+- [auth0 users roles](auth0_users_roles.md) - Manage a user's roles
 - [auth0 users search](auth0_users_search.md) - Search for users
 - [auth0 users show](auth0_users_show.md) - Show an existing user
 - [auth0 users unblock](auth0_users_unblock.md) - Remove brute-force protection blocks for a given user

diff --git a/internal/auth0/user.go b/internal/auth0/user.go
@@ -3,7 +3,7 @@ package auth0
 import "github.com/auth0/go-auth0/management"
 
 type UserAPI interface {
-	// Retrieves a list of blocked IP addresses of a particular user.
+	// Blocks retrieves a list of blocked IP addresses of a particular user.
 	Blocks(id string, opts ...management.RequestOption) ([]*management.UserBlock, error)
 
 	// Unblock a user that was blocked due to an excessive amount of incorrectly
@@ -27,4 +27,7 @@ type UserAPI interface {
 
 	// Search for users
 	Search(opts ...management.RequestOption) (us *management.UserList, err error)
+
+	// Roles lists all roles associated with a user.
+	Roles(id string, opts ...management.RequestOption) (r *management.RoleList, err error)
 }
diff --git a/internal/cli/users.go b/internal/cli/users.go
@@ -121,8 +121,9 @@ func usersCmd(cli *cli) *cobra.Command {
 	cmd.AddCommand(searchUsersCmd(cli))
 	cmd.AddCommand(createUserCmd(cli))
 	cmd.AddCommand(showUserCmd(cli))
-	cmd.AddCommand(deleteUserCmd(cli))
 	cmd.AddCommand(updateUserCmd(cli))
+	cmd.AddCommand(deleteUserCmd(cli))
+	cmd.AddCommand(userRolesCmd(cli))
 	cmd.AddCommand(openUserCmd(cli))
 	cmd.AddCommand(userBlocksCmd(cli))
 	cmd.AddCommand(deleteUserBlocksCmd(cli))

diff --git a/internal/cli/users_roles.go b/internal/cli/users_roles.go
@@ -0,0 +1,97 @@
+package cli
+
+import (
+	"fmt"
+
+	"github.com/auth0/go-auth0/management"
+	"github.com/spf13/cobra"
+)
+
+var (
+	userRolesNumber = Flag{
+		Name:      "Number",
+		LongForm:  "number",
+		ShortForm: "n",
+		Help:      "Number of user roles to retrieve. Maximum result number is 1000.",
+	}
+)
+
+func userRolesCmd(cli *cli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "roles",
+		Short: "Manage a user's roles",
+		Long: "Manage a user's assigned roles. To learn more about roles and their behavior, read " +
+			"[Role-based Access Control](https://auth0.com/docs/manage-users/access-control/rbac).",
+	}
+
+	cmd.SetUsageTemplate(resourceUsageTemplate())
+	cmd.AddCommand(showUserRolesCmd(cli))
+
+	return cmd
+}
+
+func showUserRolesCmd(cli *cli) *cobra.Command {
+	var inputs struct {
+		ID     string
+		Number int
+	}
+
+	cmd := &cobra.Command{
+		Use:   "show",
+		Args:  cobra.MaximumNArgs(1),
+		Short: "Show a user's roles",
+		Long:  "Display information about an existing user's assigned roles.",
+		Example: `  auth0 users roles show
+  auth0 users roles show <user-id>
+  auth0 users roles show <user-id> --number 100
+  auth0 users roles show <user-id> -n 100 --json`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				if err := userID.Ask(cmd, &inputs.ID); err != nil {
+					return err
+				}
+			} else {
+				inputs.ID = args[0]
+			}
+
+			if inputs.Number < 1 || inputs.Number > 1000 {
+				return fmt.Errorf("number flag invalid, please pass a number between 1 and 1000")
+			}
+
+			list, err := getWithPagination(
+				cmd.Context(),
+				inputs.Number,
+				func(opts ...management.RequestOption) (result []interface{}, hasNext bool, err error) {
+					userRoleList, err := cli.api.User.Roles(inputs.ID, opts...)
+					if err != nil {
+						return nil, false, err
+					}
+
+					var output []interface{}
+					for _, userRole := range userRoleList.Roles {
+						output = append(output, userRole)
+					}
+
+					return output, userRoleList.HasNext(), nil
+				},
+			)
+			if err != nil {
+				return fmt.Errorf("failed to find roles for user with ID %s: %w", inputs.ID, err)
+			}
+
+			var userRoles []*management.Role
+			for _, item := range list {
+				userRoles = append(userRoles, item.(*management.Role))
+			}
+
+			cli.renderer.UserRoleList(userRoles)
+
+			return nil
+		},
+	}
+
+	cmd.Flags().BoolVar(&cli.json, "json", false, "Output in json format.")
+	userRolesNumber.RegisterInt(cmd, &inputs.Number, defaultPageSize)
+
+	return cmd
+}
diff --git a/internal/display/roles.go b/internal/display/roles.go
@@ -58,6 +58,24 @@ func (r *Renderer) RoleList(roles []*management.Role) {
 	r.Results(res)
 }
 
+func (r *Renderer) UserRoleList(roles []*management.Role) {
+	resource := "roles assigned to user"
+	r.Heading(fmt.Sprintf("%s (%d)", resource, len(roles)))
+
+	if len(roles) == 0 {
+		r.EmptyState(resource)
+		r.Infof("Use 'auth0 users roles assign' to assign roles to a user.")
+		return
+	}
+
+	var res []View
+	for _, role := range roles {
+		res = append(res, makeRoleView(role))
+	}
+
+	r.Results(res)
+}
+
 func (r *Renderer) RoleShow(role *management.Role) {
 	r.Heading("role")
 	r.Result(makeRoleView(role))

diff --git a/test/integration/test-cases.yaml b/test/integration/test-cases.yaml
@@ -464,6 +464,10 @@ tests:
         email: [email protected] # Name is not being displayed, hence using email
     exit-code: 0
 
+  users roles show:
+    command: auth0 users roles show $(cat ./test/integration/identifiers/user-id)
+    exit-code: 0
+
   # Test 'roles create'
   roles create and check data:
     command: auth0 roles create --name integration-test-role-new1 --description testRole --json --no-input