Add support for account and entity permissions endpoints

dawiddzhafarov · dawiddzhafarov · commit f78260a6d96f · 2026-02-04T14:27:33.000+01:00
diff --git a/linode_api4/groups/iam.py b/linode_api4/groups/iam.py
@@ -96,3 +96,49 @@ def entities(self, *filters):
         return self.client._get_and_filter(
             LinodeEntity, *filters, endpoint="/entities"
         )
+
+    def account_permissions_get(self, username):
+        """
+        Returns the account-level permissions for the specified user.
+
+        This is intended to be called off of the :any:`LinodeClient`
+        class, like this::
+
+           permissions_account = client.account_permissions_get("myusername")
+
+        API Documentation: TODO
+
+        :param username: The username to get permissions for.
+        :type username: str
+
+        :returns: The account-level permissions for the user.
+        :rtype: List[str]
+        """
+        return self.client.get(
+            f"/iam/users/{username}/permissions/account",
+        )
+
+    def entity_permissions_get(self, username, entity_type, entity_id):
+        """
+        Returns the entity-level permissions for the specified user on a specific entity.
+
+        This is intended to be called off of the :any:`LinodeClient`
+        class, like this::
+
+           permissions_entity = client.entity_permissions_get("myusername", "linode", 123456)
+
+        API Documentation: TODO
+
+        :param username: The username to get permissions for.
+        :type username: str
+        :param entity_type: The type of entity (e.g., "linode", "firewall").
+        :type entity_type: str
+        :param entity_id: The ID of the specific entity.
+        :type entity_id: int
+
+        :returns: The entity-level permissions for the user on the specified entity.
+        :rtype: List[str]
+        """
+        return self.client.get(
+            f"/iam/users/{username}/permissions/{entity_type}/{entity_id}"
+        )
diff --git a/test/fixtures/iam_users_myusername_permissions_account.json b/test/fixtures/iam_users_myusername_permissions_account.json
@@ -0,0 +1,8 @@
+[
+    "list_events",
+    "list_entities",
+    "view_account_settings",
+    "view_invoice_item",
+    "cancel_account",
+    "create_vpc"
+]
diff --git a/test/fixtures/iam_users_myusername_permissions_linode_1.json b/test/fixtures/iam_users_myusername_permissions_linode_1.json
@@ -0,0 +1,8 @@
+[
+    "generate_linode_lish_token_remote",
+    "rebuild_linode",
+    "shutdown_linode",
+    "create_linode_config_profile",
+    "rescue_linode",
+    "list_linode_volumes"
+]
diff --git a/test/integration/models/iam/iam_test.py b/test/integration/models/iam/iam_test.py
@@ -58,3 +58,35 @@ def test_list_entities(test_linode_client):
         assert hasattr(entity, "type")
     else:
         pytest.skip("No entities found in IAM response.")
+
+
+def test_get_account_permissions(test_linode_client):
+    client = test_linode_client
+    username = client.profile().username
+
+    account_permissions = client.iam.account_permissions_get(username)
+
+    if len(account_permissions) > 0:
+        assert len(account_permissions) > 0
+    else:
+        pytest.skip("No account permissions found for the user.")
+
+
+def test_get_entity_permissions(test_linode_client):
+    client = test_linode_client
+    username = client.profile().username
+
+    entities = client.iam.entities()
+    if len(entities) > 0:
+        entity = entities[0]
+        entity_permissions = client.iam.entity_permissions_get(
+            username, entity.type, entity.id
+        )
+        if len(entity_permissions) > 0:
+            assert len(entity_permissions) > 0
+        else:
+            pytest.skip(
+                "No entity permissions found for the user and chosen entity."
+            )
+    else:
+        pytest.skip("No entities found in IAM response.")
diff --git a/test/unit/groups/iam_test.py b/test/unit/groups/iam_test.py
@@ -240,3 +240,40 @@ def test_role_permissions_user_set(self):
         self.assertEqual(
             m.call_data["entity_access"][1]["roles"], ["firewall_admin"]
         )
+
+    def test_account_permissions_get(self):
+        """
+        Test that account permissions can be properly retrieved for a user
+        """
+        permissions_account = self.client.iam.account_permissions_get(
+            "myusername"
+        )
+
+        # Add assertions based on your fixture data
+        self.assertEqual(len(permissions_account), 6)
+        self.assertEqual(permissions_account[0], "list_events")
+        self.assertEqual(permissions_account[1], "list_entities")
+        self.assertEqual(permissions_account[2], "view_account_settings")
+        self.assertEqual(permissions_account[3], "view_invoice_item")
+        self.assertEqual(permissions_account[4], "cancel_account")
+        self.assertEqual(permissions_account[5], "create_vpc")
+
+    def test_entity_permissions_get(self):
+        """
+        Test that entity permissions can be properly retrieved for a user
+        and given entity type and id
+        """
+        permissions_entity = self.client.iam.entity_permissions_get(
+            "myusername", "linode", 1
+        )
+
+        # Add assertions based on your fixture data
+        self.assertEqual(len(permissions_entity), 6)
+        self.assertEqual(
+            permissions_entity[0], "generate_linode_lish_token_remote"
+        )
+        self.assertEqual(permissions_entity[1], "rebuild_linode")
+        self.assertEqual(permissions_entity[2], "shutdown_linode")
+        self.assertEqual(permissions_entity[3], "create_linode_config_profile")
+        self.assertEqual(permissions_entity[4], "rescue_linode")
+        self.assertEqual(permissions_entity[5], "list_linode_volumes")
