warrant 0.1.5 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7a0016f74f11a01ab6e90a022af7d753cccab0faa147ea7380801e0719ceef9d
-  data.tar.gz: 48d306868975015baf94dbc8f4f10033683eecbb8ee33ce6a60292a9c0e2d462
+  metadata.gz: 5c44e60e9d2c5fef31622621a356033848368ba16854759d81ec6797ba3a0dbe
+  data.tar.gz: 146f08b5bac7ed1db618f39ef8e6c7f0a2884b8167e65c3812d2ee0d41fcf2c6
 SHA512:
-  metadata.gz: 258c374b7ed97c77dc2aaaa65daac9318eff36cde02e7226b88baae155b9dac673407c8a04705ad4d0b0700d343f665596bd47170745e22a79acb6d03a8b12e7
-  data.tar.gz: 30d20c2ecf85cc477c5106565d787a1f58e0cca2a5d130c43633770b9fd2fed441c14132502f9390d3bd6820214c9d87bdf2c6fe082252a8b5a4c5d4de9ecb6b
+  metadata.gz: 27f2a30747e35747387f294a05d221571488fc60f4c4522257770352eeea31ad1785c77b5579c2de031265c07ade7f9fe49b7cb91962282a662e53e3945ba758
+  data.tar.gz: 59c909e93d57c04301bcf13600573e073ebe61c83493ceed1c280c9629745cfe1cc40e089d71a804608bd768d39039563cfae2cde9410c30d19a9d007f29a35a

data/README.md

@@ -3,9 +3,10 @@
 Use [Warrant](https://warrant.dev/) in ruby projects.
 
 [![Gem Version](https://badge.fury.io/rb/warrant.svg)](https://badge.fury.io/rb/warrant)
-[![Discord](https://img.shields.io/discord/865661082203193365?label=discord)](https://discord.gg/QNCMKWzqET)
+[![Slack](https://img.shields.io/badge/slack-join-brightgreen)](https://join.slack.com/t/warrantcommunity/shared_invite/zt-12g84updv-5l1pktJf2bI5WIKN4_~f4w)
 
 ## Installation
+---
 
 Add this line to your application's Gemfile:
 
@@ -17,99 +18,39 @@ And then execute:
 
     $ bundle install
 
-Or install it yourself as:
+Or install it yourself:
 
     $ gem install warrant
 
-## Usage
+You can also build the gem from source:
 
-```ruby
-require 'warrant'
-Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
-```
+    $ gem build warrant.gemspec
 
-### `create_user(email, user_id = '')`
-
-This method creates a user entity in Warrant with the specified `user_d`. Provide an optional `username` to make it easier to identify users in the Warrant dashboard.
-
-```ruby
-# Create user with user email and id
-Warrant::WarrantClient.create_user(user.email, user.id)
-
-# Create user with generated id
-Warrant::WarrantClient.create_user()
-```
-
-### `create_warrant(object_type, object_id, relation, user)`
-
-#### **User parameters**
-Can provide either a user id, or a combination of object type, object id, and relation
+## Documentation
 ---
-#### **user_id**
-Creates a warrant for the user specified by user_id
-
-#### **object_type**
-#### **object_id**
-#### **relation**
-Creates a warrant for the given userset specified by object type, object id, and relation
-
-
-This method creates a warrant which specifies that the provided `user` (or userset) has `relation` on the object of type `objectType` with id `objectId`.
-
-```ruby
-# Create a warrant allowing user.id to "view" the store with id store.id
-Warrant::WarrantClient.create_warrant('store', store.id, 'view', { user_id: user.id })
-
-# Create a warrant specifying all members of the manager role to "view" store of id store.id
-Warrant::WarrantClient.create_warrant('store', store.id, 'view', { object_type: 'role', object_id: 'manager', relation: 'member' })
-```
-
-### `create_session(userId)`
 
-This method creates a session in Warrant for the user with the specified `userId` and returns a session token which can be used to make authorized requests to the Warrant API only for the specified user. This session token can safely be used to make requests to the Warrant API's authorization endpoint to determine user access in web and mobile client applications.
-
-```ruby
-# Create session token for user
-Warrant::WarrantClient.create_session(user.id)
-```
-
-### `is_authorized(object_type, object_id, relation, user_id)`
-
-This method returns `true` if the user with the specified `user_id` has the specified `relation` to the object of type `object_type` with id `objectId` and `false` otherwise.
-
-```ruby
-# Example: user 123 can only view store 824
-Warrant::WarrantClient.is_authorized('store', '824', 'view', '123') # true
-Warrant::WarrantClient.is_authorized('store', '824', 'edit', '123') # false
-```
-
-### `list_warrants(filters = {})`
-This method returns all warrants that match the filters provided, or all warrants for your organization if none are provided. 
+- [Ruby API Docs](https://rubydoc.info/gems/warrant)
+- [Warrant Docs](https://docs.warrant.dev/)
 
-#### **Filter Parameters** 
+## Requirements
 ---
-#### **object_type**
-Only return warrants with the given object type.
-
-#### **object_id**
-Only return warrants with the given object id.
 
-#### **relation**
-Only return warrants with the given relation.
-
-#### **user_id**
-Only return warrants with the given user id
+- Ruby 2.3+.
 
+## Usage
+---
 
 ```ruby
-# List all warrants for an organization
-Warrant::WarrantClient.list_warrants
+require 'warrant'
+Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
 
-# List all warrants with object type of store
-Warrant::WarrantClient.list_warrants(object_type: 'store')
+# create a user
+Warrant::User.create(user_id: "user123")
+
+# check whether user slp951 has view access to report 7asm24
+Warrant::Warrant.is_authorized?(object_type: "report", object_id: "7asm24", relation: "viewer", subject: { object_id: "user", object_id: "slp951" })
 ```
 
----
 
 We’ve used a random API key in these code examples. Replace it with your [actual publishable API keys](https://app.warrant.dev) to
 test this code through your own Warrant account.
@@ -117,7 +58,3 @@ test this code through your own Warrant account.
 For more information on how to use the Warrant API, please refer to the [Warrant API reference](https://docs.warrant.dev).
 
 Note that we may release new [minor and patch](https://semver.org/) versions of this library with small but backwards-incompatible fixes to the type declarations. These changes will not affect Warrant itself.
-
-## Warrant Documentation
-
-- [Warrant Docs](https://docs.warrant.dev/)

data/lib/warrant/api_operations.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+module Warrant
+    # @!visibility private
+    class APIOperations
+        class << self
+            def post(uri, params = {}, use_ssl = true)
+                http = Net::HTTP.new(uri.host, uri.port)
+                http.use_ssl = use_ssl
+                headers = {
+                    "Authorization": "ApiKey #{::Warrant.config.api_key}"
+                }
+                http.post(uri.path, params.to_json, headers)
+            end
+
+            def delete(uri, params = {})
+                http = Net::HTTP.new(uri.host, uri.port)
+                http.use_ssl = true
+                request = Net::HTTP::Delete.new(uri.path)
+                request["Authorization"] = "ApiKey #{::Warrant.config.api_key}"
+
+                http.request(request, params.to_json)
+            end
+
+            def get(uri, params = {})
+                http = Net::HTTP.new(uri.host, uri.port)
+                http.use_ssl = true
+                headers = {
+                    "Authorization": "ApiKey #{::Warrant.config.api_key}"
+                }
+
+                unless params.empty?
+                    normalized_params = Util.normalize_params(params.compact)
+                    uri.query = URI.encode_www_form(normalized_params)
+                end
+
+                http.get(uri, headers)
+            end
+
+            def put(uri, params = {})
+                http = Net::HTTP.new(uri.host, uri.port)
+                http.use_ssl = true
+                headers = {
+                    "Authorization": "ApiKey #{::Warrant.config.api_key}"
+                }
+                http.put(uri.path, params.to_json, headers)
+            end
+
+            def raise_error(response)
+                error_code = JSON.parse(response.body)['code']
+
+                case error_code
+                when Error::DUPLICATE_RECORD_ERROR
+                    raise DuplicateRecordError.initialize_error_from_response(response)
+                when Error::INTERNAL_ERROR
+                    raise InternalError.initialize_error_from_response(response)
+                when Error::INVALID_REQUEST_ERROR
+                    raise InvalidRequestError.initialize_error_from_response(response)
+                when Error::INVALID_PARAMETER_ERROR
+                    raise InvalidParameterError.initialize_error_from_response(response)
+                when Error::MISSING_REQUIRED_PARAMETER_ERROR
+                    raise MissingRequiredParameterError.initialize_error_from_response(response)
+                when Error::NOT_FOUND_ERROR
+                    raise NotFoundError.initialize_error_from_response(response)
+                when Error::UNAUTHORIZED_ERROR
+                    raise UnauthorizedError.initialize_error_from_response(response)
+                when Error::UNKNOWN_ORIGIN_ERROR
+                    raise UnknownOriginError.initialize_error_from_response(response)
+                else
+                    raise WarrantError.initialize_error_from_response(response)
+                end
+            end
+        end
+    end
+end

data/lib/warrant/errors.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Warrant
+    class Error
+        DUPLICATE_RECORD_ERROR = "duplicate_record"
+        INTERNAL_ERROR = "internal_error"
+        INVALID_REQUEST_ERROR = "invalid_request"
+        INVALID_PARAMETER_ERROR = "invalid_parameter"
+        MISSING_REQUIRED_PARAMETER_ERROR = "missing_required_parameter"
+        NOT_FOUND_ERROR = "not_found"
+        UNAUTHORIZED_ERROR = "unauthorized"
+    end
+
+    class WarrantError < StandardError
+        attr_reader :code, :headers, :message, :http_status, :http_headers, :http_body, :json_body
+
+        def initialize(code = nil, message = nil, http_status = nil, http_headers = nil, http_body = nil, json_body = nil)
+            @code = code
+            @headers = headers
+            @message = message
+            @http_status = http_status
+            @http_headers = http_headers
+            @http_body = http_body
+            @json_body = json_body
+        end
+
+        def self.initialize_error_from_response(response)
+            response_json = JSON.parse(response.body)
+            self.new(
+                response_json['code'],
+                Util.snake_case(response_json['message']),
+                response.code,
+                response.to_hash,
+                response.body,
+                response_json
+            )
+        end
+    end
+
+    class DuplicateRecordError < WarrantError; end
+    class InternalError < WarrantError; end
+    class InvalidRequestError < WarrantError; end
+    class InvalidParameterError < WarrantError; end
+    class MissingRequiredParameterError < WarrantError; end
+    class NotFoundError < WarrantError; end
+    class UnauthorizedError < WarrantError; end
+end

data/lib/warrant/models/permission.rb

@@ -3,9 +3,210 @@
 module Warrant
     class Permission
         attr_reader :permission_id
-
+        
+        # @!visibility private
         def initialize(permission_id)
             @permission_id = permission_id
         end
+
+        # Creates a permission with the given parameters
+        #
+        # @option params [String] :permission_id A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'. (optional)
+        #
+        # @return [Permission] created permission
+        #
+        # @example Create a new Permission with the permission id "test-permission"
+        #   Warrant::Permission.create(permission_id: "test-permission")
+        #
+        # @raise [Warrant::DuplicateRecordError]
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidParameterError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.create(params = {})
+            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/permissions"), Util.normalize_params(params))
+
+            case res
+            when Net::HTTPSuccess
+                res_json = JSON.parse(res.body)
+                Permission.new(res_json['permissionId'])
+            else
+                APIOperations.raise_error(res)
+            end
+        end
+
+        # Deletes a permission with given permission id
+        #
+        # @param permission_id [String] A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
+        #
+        # @return [nil] if delete was successful
+        #
+        # @example Delete a Permission with the permission id "test-permission"
+        #   Warrant::Permission.delete("test-permission")
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.delete(permission_id)
+            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/permissions/#{permission_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                return
+            else
+                APIOperations.raise_error(res)
+            end
+        end
+
+        # Lists all permissions for your organization
+        #
+        # @return [Array<Permission>] all permissions for organization
+        #
+        # @example List all permissions
+        #   Warrant::Permission.list()
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.list(filters = {})
+            res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/permissions"))
+
+            case res
+            when Net::HTTPSuccess
+                permissions = JSON.parse(res.body)
+                permissions.map{ |permission| Permission.new(permission['permissionId']) }
+            else
+                APIOperations.raise_error(res)
+            end   
+        end
+
+        # Get a permission with the given permission_id
+        #
+        # @param permission_id [String] A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
+        #
+        # @return [Permission] retrieved permission
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidParameterError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.get(permission_id)
+            res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/permissions/#{permission_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                permission = JSON.parse(res.body)
+                Permission.new(permission['permissionId'])
+            else
+                APIOperations.raise_error(res)
+            end  
+        end
+
+        # Assign a permission to a role
+        #
+        # @param role_id [String] The role_id of the role you want to assign a permission to.
+        # @param permission_id [String] The permission_id of the permission you want to assign to a role.
+        #
+        # @return [Permission] assigned permission
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.assign_to_role(role_id, permission_id)
+            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}/permissions/#{permission_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                permission = JSON.parse(res.body)
+                Permission.new(permission['permissionId'])
+            else
+                APIOperations.raise_error(res)
+            end  
+        end
+
+        # Remove a permission from a role
+        #
+        # @param role_id [String] The role_id of the role you want to assign a permission to.
+        # @param permission_id [String] The permission_id of the permission you want to assign to a role.
+        #
+        # @return [nil] if remove was successful
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.remove_from_role(role_id, permission_id)
+            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}/permissions/#{permission_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                return
+            else
+                APIOperations.raise_error(res)
+            end  
+        end
+
+        # Assign a permission to a user
+        #
+        # @param user_id [String] The user_id of the user you want to assign a permission to.
+        # @param permission_id [String] The permission_id of the permission you want to assign to a user.
+        #
+        # @return [Permission] assigned permission
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.assign_to_user(user_id, permission_id)
+            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                permission = JSON.parse(res.body)
+                Permission.new(permission['permissionId'])
+            else
+                APIOperations.raise_error(res)
+            end  
+        end
+
+        # Remove a permission from a user
+        #
+        # @param user_id [String] The user_id of the user you want to assign a permission to.
+        # @param permission_id [String] The permission_id of the permission you want to assign to a user.
+        #
+        # @return [nil] if remove was successful
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.remove_from_user(user_id, permission_id)
+            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                return
+            else
+                APIOperations.raise_error(res)
+            end  
+        end
     end
 end

data/lib/warrant/models/role.rb

@@ -4,8 +4,192 @@ module Warrant
     class Role
         attr_reader :role_id
 
+        # @!visibility private
         def initialize(role_id)
             @role_id = role_id
         end
+
+        # Creates a role with the given parameters
+        #
+        # @option params [String] :role_id A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'. (optional)
+        #
+        # @return [Role] created role
+        #
+        # @example Create a new Role with the role id "test-role"
+        #   Warrant::Role.create(role_id: "test-role")
+        #
+        # @raise [Warrant::DuplicateRecordError]
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidParameterError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.create(params = {})
+            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/roles"), Util.normalize_params(params))
+
+            case res
+            when Net::HTTPSuccess
+                res_json = JSON.parse(res.body)
+                Role.new(res_json['roleId'])
+            else
+                APIOperations.raise_error(res)
+            end
+        end
+
+        # Deletes a role with given role id
+        #
+        # @param role_id [String] A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
+        #
+        # @return [nil] if delete was successful
+        #
+        # @example Delete a Role with the role id "test-role"
+        #   Warrant::Role.delete("test-role")
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.delete(role_id)
+            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                return
+            else
+                APIOperations.raise_error(res)
+            end
+        end
+
+        # Lists all roles for your organization
+        #
+        # @return [Array<Role>] all roles for your organization
+        #
+        # @example List all roles
+        #   Warrant::Role.list()
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.list(filters = {})
+            res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/roles"))
+
+            case res
+            when Net::HTTPSuccess
+                roles = JSON.parse(res.body)
+                roles.map{ |role| Role.new(role['roleId']) }
+            else
+                APIOperations.raise_error(res)
+            end   
+        end
+
+        # Get a role with the given role_id
+        #
+        # @param role_id [String] A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
+        #
+        # @return [Role] retrieved role
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidParameterError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.get(role_id)
+            res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                role = JSON.parse(res.body)
+                Role.new(role['roleId'])
+            else
+                APIOperations.raise_error(res)
+            end  
+        end
+
+        # Assign a role to a user
+        #
+        # @param user_id [String] The user_id of the user you want to assign a role to.
+        # @param role_id [String] The role_id of the role you want to assign to a user.
+        #
+        # @return [Permission] assigned role
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.assign_to_user(user_id, role_id)
+            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                role = JSON.parse(res.body)
+                Role.new(role['permissionId'])
+            else
+                APIOperations.raise_error(res)
+            end  
+        end
+
+        # Remove a role from a user
+        #
+        # @param user_id [String] The user_id of the role you want to assign a role to.
+        # @param role_id [String] The role_id of the role you want to assign to a user.
+        #
+        # @return [nil] if remove was successful
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def self.remove_from_user(user_id, role_id)
+            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}"))
+
+            case res
+            when Net::HTTPSuccess
+                return
+            else
+                APIOperations.raise_error(res)
+            end  
+        end
+
+        # Assign a permission to a role
+        #
+        # @param permission_id [String] The permission_id of the permission you want to assign to a role.
+        #
+        # @return [Permission] assigned permission
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def assign_permission(permission_id)
+            return Permission.assign_to_role(role_id, permission_id)
+        end
+
+        # Remove a permission from a role
+        #
+        # @param permission_id [String] The permission_id of the permission you want to assign to a role.
+        #
+        # @return [nil] if remove was successful
+        #
+        # @raise [Warrant::InternalError]
+        # @raise [Warrant::InvalidRequestError]
+        # @raise [Warrant::MissingRequiredParameterError]
+        # @raise [Warrant::NotFoundError]
+        # @raise [Warrant::UnauthorizedError]
+        # @raise [Warrant::WarrantError]
+        def remove_permission(permission_id)
+            return Permission.remove_from_role(role_id, permission_id)
+        end
     end
 end