From c915259c0629ccd66469ee9addd5a6145f75c663 Mon Sep 17 00:00:00 2001
From: Bogdan Petrea <bogdanpetrea@pm.me>
Date: Mon, 18 Mar 2024 16:47:09 +0200
Subject: [PATCH] Rename some funcs and attributes

---
 CHANGELOG.MD                                  |  4 ++
 django_woah/authorization/conditions.py       |  2 +-
 django_woah/authorization/scheme.py           |  6 +--
 django_woah/models.py                         | 45 +++++++++++++++----
 .../issue_tracker/base_app/pytest_fixtures.py |  6 +--
 .../base_app/test_api_accounts.py             |  4 +-
 6 files changed, 49 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.MD b/CHANGELOG.MD
index 86528fb..e7d0b71 100644
--- a/CHANGELOG.MD
+++ b/CHANGELOG.MD
@@ -11,9 +11,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add uniqueness checks for PermEnum values
 - Provide a DRF AuthorizationModelViewSet class for convenience
 - Add initial support for simple DRF Views (non-Viewset)
+- Added `get_root_membership` `get_single_user_user_group`, and `get_root_user_group` helper funcs.
 
 ### Changed
 - Lax some in-code assumptions to allow using non-Model classes
+- Renamed `ModelAuthorizationScheme`s `direct_authorization_is_allowed` to `allow_directly_assigned_perms`. **Breaking Change**
+- Renamed `get_or_create_root_user_group_for_account` helper func to `get_or_create_root_user_group`. **Breaking Change**
+- Renamed `get_or_create_team_user_group_for_account` helper func to `get_or_create_team_user_group`. **Breaking Change**
 
 ### Fixed
 - Fix case of None-value in the relation traversal in HasRootMembership
diff --git a/django_woah/authorization/conditions.py b/django_woah/authorization/conditions.py
index 04d754a..3816264 100644
--- a/django_woah/authorization/conditions.py
+++ b/django_woah/authorization/conditions.py
@@ -15,7 +15,7 @@
 import enum
 
 from django.core.exceptions import FieldDoesNotExist
-from django.db.models import Q, Field, ManyToManyField
+from django.db.models import Q, Field
 from functools import reduce
 from typing import Optional, Callable
 
diff --git a/django_woah/authorization/scheme.py b/django_woah/authorization/scheme.py
index f15b090..816e31c 100644
--- a/django_woah/authorization/scheme.py
+++ b/django_woah/authorization/scheme.py
@@ -39,7 +39,7 @@ class ModelAuthorizationScheme(AuthorizationScheme):
     model: type[Model]
     Perms: PermEnum
     Roles: PermEnum
-    direct_authorization_is_allowed = True
+    allow_directly_assigned_perms = True
 
     def __init__(self):
         auth_solver: "AuthorizationSolver"  # noqa: F842
@@ -106,7 +106,7 @@ def get_resources_q_from_directly_assigned_perms(
         #  So maybe using Context here as well and considering context.resource.pks, or somehow
         #  restricting to certain PKs could be the solution.
 
-        if not self.direct_authorization_is_allowed:
+        if not self.allow_directly_assigned_perms:
             return None
 
         owner_based_q = None
@@ -229,7 +229,7 @@ def get_assigned_perms_q(self, context: Context) -> Optional[Q]:
         return q
 
     def get_directly_assigned_perms_q(self, context: Context) -> Optional[Q]:
-        if not self.direct_authorization_is_allowed:
+        if not self.allow_directly_assigned_perms:
             return None
 
         q = Q(
diff --git a/django_woah/models.py b/django_woah/models.py
index e59640a..848efd7 100644
--- a/django_woah/models.py
+++ b/django_woah/models.py
@@ -11,6 +11,7 @@
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
+from typing import Optional
 
 import uuid6
 
@@ -264,26 +265,49 @@ def clean(self):
         self.root_user_group = root_user_group
 
 
-def get_or_create_root_user_group_for_account(account) -> UserGroup:
+def get_root_user_group(owner) -> UserGroup:
+    return UserGroup.objects.get(
+        kind=UserGroupKind.ROOT,
+        owner=owner,
+        related_user=owner,
+    )
+
+
+def get_single_user_user_group(related_to_user, owned_by_account) -> UserGroup:
+    return related_to_user.related_user_groups.get(owner=owned_by_account)
+
+
+def get_or_create_root_user_group(owner) -> UserGroup:
     return UserGroup.objects.get_or_create(
         kind=UserGroupKind.ROOT,
-        owner=account,
-        related_user=account,
+        owner=owner,
+        related_user=owner,
     )[0]
 
 
-def get_or_create_team_user_group_for_account(account, name) -> UserGroup:
-    root = UserGroup.objects.get(owner=account, kind=UserGroupKind.ROOT)
+def get_or_create_team_user_group(owner, name: str) -> UserGroup:
+    root = get_root_user_group(owner)
 
     return UserGroup.objects.get_or_create(
         name=name,
         kind=UserGroupKind.TEAM,
-        owner=account,
+        owner=owner,
         root=root,
         parent=root,
     )[0]
 
 
+def get_root_membership(user, account) -> Optional[Membership]:
+    try:
+        return Membership.objects.get(
+            user=user,
+            user_group__owner=account,
+            user_group__kind=UserGroupKind.ROOT,
+        )
+    except Membership.DoesNotExist:
+        return None
+
+
 @transaction.atomic
 def add_user_to_user_group(
     user, user_group: UserGroup, is_outside_collaborator=False
@@ -327,7 +351,10 @@ def add_user_to_user_group(
     return resulted_membership, resulted_user_group
 
 
-def assign_perm(perm, to_user, on_account):
-    AssignedPerm.objects.create(
-        user_group=to_user.related_user_groups.get(owner=on_account), perm=perm
+def assign_perm(perm, to_user, on_account) -> AssignedPerm:
+    return AssignedPerm.objects.create(
+        user_group=get_single_user_user_group(
+            related_to_user=to_user, owned_by_account=on_account
+        ),
+        perm=perm,
     )
diff --git a/examples/issue_tracker/base_app/pytest_fixtures.py b/examples/issue_tracker/base_app/pytest_fixtures.py
index 957e084..f697043 100644
--- a/examples/issue_tracker/base_app/pytest_fixtures.py
+++ b/examples/issue_tracker/base_app/pytest_fixtures.py
@@ -8,7 +8,7 @@
 from rest_framework.test import APIClient
 
 from django_woah.models import (
-    get_or_create_root_user_group_for_account,
+    get_or_create_root_user_group,
     add_user_to_user_group,
 )
 from .models import Account
@@ -74,7 +74,7 @@ def organization(account):
         is_organization=True,
     )
 
-    root_org_user_group = get_or_create_root_user_group_for_account(org)
+    root_org_user_group = get_or_create_root_user_group(org)
     add_user_to_user_group(user=account, user_group=root_org_user_group)
 
     return org
@@ -88,7 +88,7 @@ def unrelated_organization(unrelated_account):
         is_organization=True,
     )
 
-    root_org_user_group = get_or_create_root_user_group_for_account(org)
+    root_org_user_group = get_or_create_root_user_group(org)
     add_user_to_user_group(user=unrelated_account, user_group=root_org_user_group)
 
     return org
diff --git a/examples/issue_tracker/base_app/test_api_accounts.py b/examples/issue_tracker/base_app/test_api_accounts.py
index ec94bc8..2bde795 100644
--- a/examples/issue_tracker/base_app/test_api_accounts.py
+++ b/examples/issue_tracker/base_app/test_api_accounts.py
@@ -6,7 +6,7 @@
     Membership,
     UserGroup,
     AssignedPerm,
-    get_or_create_root_user_group_for_account,
+    get_or_create_root_user_group,
 )
 from .authorization import (
     AccountAuthorizationScheme,
@@ -35,7 +35,7 @@ def test_list_accounts_with_no_access_to_organization(
     unrelated_account.is_organization = True
     unrelated_account.save()
 
-    get_or_create_root_user_group_for_account(unrelated_account)
+    get_or_create_root_user_group(unrelated_account)
 
     response = api_client.get(reverse_lazy("account-list"))