@@ -119,7 +119,51 @@ def get_all_users(self):
119119 return items
120120
121121
122- def update_user (self , account_id , active = True , role = None ):
122+ def update_user (self , account_id , active = None , role = None ):
123+ # Update a user's active status or role via SCIM API using PATCH
124+ # PATCH is used instead of PUT to preserve existing fields like externalId
125+ # Role changes require an admin setting to allow SCIM to modify user roles
126+ # `role` can be one of the following: Registered, Moderator, Admin
127+ # if another role is passed, it will be ignored (and still report HTTP 200)
128+ # `active` can be True or False
129+
130+ valid_roles = ["Registered" , "Moderator" , "Admin" ]
131+
132+ scim_url = f"{ self .scim_url } { account_id }
133+
134+ # Build the PATCH payload according to SCIM 2.0 specification
135+ operations = []
136+
137+ if active is not None :
138+ operations .append ({
139+ "op" : "replace" ,
140+ "path" : "active" ,
141+ "value" : active
142+ })
143+
144+ if role is not None :
145+ if role in valid_roles :
146+ operations .append ({
147+ "op" : "replace" ,
148+ "path" : "userType" ,
149+ "value" : role
150+ })
151+ else :
152+ print (f"Invalid role: { role } { valid_roles } )
153+ return
154+
155+ payload = {
156+ "schemas" : ["urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
157+ "Operations" : operations
158+ }
159+
160+ # Add User-Agent to headers
161+ headers = self .headers .copy ()
162+ headers [
'User-Agent' ]
= 'so4t_scim_user_deletion/1.0 (http://your-app-url.com; [email protected] )' 163+ headers ['Content-Type' ] = 'application/scim+json'
164+
165+ response = self .session .patch (scim_url , headers = headers , json = payload , proxies = self .proxies )
166+
123167 # If no value is set for `active`, the user account will be deactivated
124168
125169 scim_user_url = f"{ self .scim_url } { account_id }
0 commit comments