multi role support

src/api/org.ts

@@ -150,6 +150,7 @@ export type AddUserToOrgRequest = {
     userId: string
     orgId: string
     role: string
+    additionalRoles?: string[]
 }
 
 export function addUserToOrg(
@@ -161,6 +162,7 @@ export function addUserToOrg(
         user_id: addUserToOrgRequest.userId,
         org_id: addUserToOrgRequest.orgId,
         role: addUserToOrgRequest.role,
+        additional_roles: addUserToOrgRequest.additionalRoles ?? [],
     }
     return httpRequest(authUrl, integrationApiKey, `${ENDPOINT_PATH}/add_user`, "POST", JSON.stringify(request)).then(
         (httpResponse) => {
@@ -183,6 +185,7 @@ export type ChangeUserRoleInOrgRequest = {
     userId: string
     orgId: string
     role: string
+    additionalRoles?: string[]
 }
 
 export function changeUserRoleInOrg(
@@ -194,6 +197,7 @@ export function changeUserRoleInOrg(
         user_id: changeUserRoleInOrgRequest.userId,
         org_id: changeUserRoleInOrgRequest.orgId,
         role: changeUserRoleInOrgRequest.role,
+        additional_roles: changeUserRoleInOrgRequest.additionalRoles ?? [],
     }
     return httpRequest(
         authUrl,

src/api/user.ts

@@ -278,6 +278,7 @@ export type InviteUserToOrgRequest = {
     orgId: string
     email: string
     role: string
+    additionalRoles?: string[]
 }
 
 export function inviteUserToOrg(
@@ -289,6 +290,7 @@ export function inviteUserToOrg(
         org_id: inviteUserToOrgRequest.orgId,
         email: inviteUserToOrgRequest.email,
         role: inviteUserToOrgRequest.role,
+        additional_roles: inviteUserToOrgRequest.additionalRoles ?? [],
     }
 
     return httpRequest(authUrl, integrationApiKey, `/api/backend/v1/invite_user`, "POST", JSON.stringify(body)).then(

src/index.ts

@@ -1,6 +1,11 @@
 export { AccessToken, CreateAccessTokenRequest } from "./api/accessToken"
 export { CreateMagicLinkRequest, MagicLink } from "./api/magicLink"
-export { OrgQuery, OrgQueryResponse } from "./api/org"
+export { 
+    OrgQuery,
+    OrgQueryResponse,
+    AddUserToOrgRequest,
+    ChangeUserRoleInOrgRequest,
+} from "./api/org"
 export { TokenVerificationMetadata } from "./api/tokenVerificationMetadata"
 export {
     CreateUserRequest,
@@ -49,6 +54,7 @@ export {
     Org,
     OrgIdToOrgMemberInfo,
     OrgMemberInfo,
+    OrgRoleStructure,
     toOrgIdToOrgMemberInfo,
     toUser,
     User,

src/user.ts

@@ -198,15 +198,22 @@ export type UserMetadata = {
     properties?: { [key: string]: unknown }
 }
 
+export enum OrgRoleStructure {
+    SingleRole = "single_role_in_hierarchy",
+    MultiRole = "multi_role",
+}
+
 export class OrgMemberInfo {
     public readonly orgId: string
     public readonly orgName: string
     public readonly orgMetadata: { [key: string]: unknown }
     public readonly urlSafeOrgName: string
+    public readonly orgRoleStructure: OrgRoleStructure 
 
     private readonly userAssignedRole: string
     private readonly userInheritedRolesPlusCurrentRole: string[]
     private readonly userPermissions: string[]
+    private readonly userAssignedAdditionalRoles: string[]
 
     constructor(
         orgId: string,
@@ -215,7 +222,9 @@ export class OrgMemberInfo {
         urlSafeOrgName: string,
         userAssignedRole: string,
         userInheritedRolesPlusCurrentRole: string[],
-        userPermissions: string[]
+        userPermissions: string[],
+        orgRoleStructure?: OrgRoleStructure,
+        userAssignedAdditionalRoles?: string[]
     ) {
         this.orgId = orgId
         this.orgName = orgName
@@ -225,6 +234,8 @@ export class OrgMemberInfo {
         this.userAssignedRole = userAssignedRole
         this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole
         this.userPermissions = userPermissions
+        this.orgRoleStructure = orgRoleStructure ?? OrgRoleStructure.SingleRole
+        this.userAssignedAdditionalRoles = userAssignedAdditionalRoles ?? []
     }
 
     // getters
@@ -237,16 +248,28 @@ export class OrgMemberInfo {
     }
 
     get inheritedRolesPlusCurrentRole(): string[] {
-        return this.userInheritedRolesPlusCurrentRole
+        if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {
+            return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)
+        } else {
+            return this.userInheritedRolesPlusCurrentRole
+        }
     }
 
     // validation methods
     public isRole(role: string): boolean {
-        return this.userAssignedRole === role
+        if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {
+            return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)
+        } else {
+            return this.userAssignedRole === role
+        }
     }
 
     public isAtLeastRole(role: string): boolean {
-        return this.userInheritedRolesPlusCurrentRole.includes(role)
+        if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {
+            return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)
+        } else {
+            return this.userInheritedRolesPlusCurrentRole.includes(role)
+        }
     }
 
     public hasPermission(permission: string): boolean {
@@ -267,7 +290,9 @@ export class OrgMemberInfo {
                 obj.urlSafeOrgName,
                 obj.userAssignedRole,
                 obj.userInheritedRolesPlusCurrentRole,
-                obj.userPermissions
+                obj.userPermissions,
+                obj.orgRoleStructure,
+                obj.userAssignedAdditionalRoles
             )
         } catch (e) {
             console.error(
@@ -295,9 +320,11 @@ export type InternalOrgMemberInfo = {
     org_name: string
     org_metadata: { [key: string]: any }
     url_safe_org_name: string
+    org_role_structure: OrgRoleStructure
     user_role: string
     inherited_user_roles_plus_current_role: string[]
     user_permissions: string[]
+    additional_roles: string[]
 }
 
 // This type is used to represent the user returned from the refresh token.
@@ -368,7 +395,9 @@ export function toOrgIdToOrgMemberInfo(snake_case?: {
                 snakeCaseValue.url_safe_org_name,
                 snakeCaseValue.user_role,
                 snakeCaseValue.inherited_user_roles_plus_current_role,
-                snakeCaseValue.user_permissions
+                snakeCaseValue.user_permissions,
+                snakeCaseValue.org_role_structure,
+                snakeCaseValue.additional_roles
             )
         }
     }

src/utils.ts

@@ -47,7 +47,7 @@ function isOrgMemberInfo(value: any) {
         value.hasOwnProperty("urlSafeOrgName") &&
         value.hasOwnProperty("orgMetadata") &&
         value.hasOwnProperty("userAssignedRole") &&
-        value.hasOwnProperty("userRoles") &&
+        value.hasOwnProperty("userInheritedRoles") &&
         value.hasOwnProperty("userPermissions")
     )
 }
@@ -72,16 +72,18 @@ function processKeys(obj: any): any {
                 value["orgMetadata"],
                 value["urlSafeOrgName"],
                 value["userAssignedRole"],
-                value["userRoles"],
-                value["userPermissions"]
+                value["userInheritedRoles"],
+                value["userPermissions"],
+                value["orgRoleStructure"],
+                value["additionalRoles"]
             )
         }
 
         let newKey
         if (key === "user_role") {
             newKey = "userAssignedRole"
         } else if (key === "inherited_user_roles_plus_current_role") {
-            newKey = "userRoles"
+            newKey = "userInheritedRoles"
         } else {
             newKey = camelCase(key)
         }