RBAC

from shark_auth import RBACClient
rbac = RBACClient("https://auth.example.com", admin_api_key="sk_live_admin")

import { RbacClient } from "@sharkauth/sdk";
const rbac = new RbacClient({ baseUrl: "https://auth.example.com", adminKey: "sk_live_admin" });

role = rbac.create_role(name="editor", description="Can edit but not delete")
rbac.list_roles()
rbac.get_role(role["id"])
rbac.update_role(role["id"], description="Updated")
rbac.delete_role(role["id"])

const role = await rbac.createRole("editor", "Can edit but not delete");
await rbac.listRoles();
await rbac.updateRole(role.id, { description: "Updated" });
await rbac.deleteRole(role.id);

perm = rbac.create_permission("documents:write", "folder_123")
rbac.list_permissions()
rbac.delete_permission(perm["id"])

const perm = await rbac.createPermission("documents:write", "folder_123");
await rbac.listPermissions();
// Note: deletePermission is not yet implemented in the TS SDK.

rbac.attach_permission_to_role(role["id"], perm["id"])
rbac.detach_permission_from_role(role["id"], perm["id"])

await rbac.attachPermission(role.id, perm.id);
await rbac.detachPermission(role.id, perm.id);

rbac.assign_role_to_user("usr_alice", role["id"])
rbac.revoke_role_from_user("usr_alice", role["id"])
rbac.list_user_roles("usr_alice")

await rbac.assignRole("usr_alice", role.id);
await rbac.revokeRole("usr_alice", role.id);
await rbac.listUserRoles("usr_alice");

from shark_auth import AuthClient

auth = AuthClient("https://auth.example.com")
auth.login("alice@example.com", "...")
result = auth.check(action="write", resource="documents:123")
# {"allowed": True}

const result = await auth.check("write", "documents:123");