remove accepted column from workspace_roles

atst/domain/authz.py

@@ -6,8 +6,7 @@ from atst.domain.exceptions import UnauthorizedError
 class Authorization(object):
     @classmethod
     def has_workspace_permission(cls, user, workspace, permission):
-        workspace_user = WorkspaceUsers.get(workspace.id, user.id)
-        return permission in workspace_user.permissions()
+        return permission in WorkspaceUsers.workspace_user_permissions(workspace, user)
 
     @classmethod
     def has_atat_permission(cls, user, permission):

atst/domain/invitations.py

@@ -43,6 +43,20 @@ class Invitations(object):
 
         return invite
 
+    @classmethod
+    def create_for_owner(cls, workspace, user):
+        invite = Invitation(
+            workspace=workspace,
+            inviter=user,
+            user=user,
+            status=InvitationStatus.ACCEPTED,
+            expiration_time=Invitations.current_expiration_time(),
+        )
+        db.session.add(invite)
+        db.session.commit()
+
+        return invite
+
     @classmethod
     def accept(cls, invite_id):
         invite = Invitations._get(invite_id)

atst/domain/workspace_users.py

@@ -4,6 +4,7 @@ from atst.database import db
 from atst.models.workspace_role import WorkspaceRole
 from atst.models.workspace_user import WorkspaceUser
 from atst.models.user import User
+from atst.models.invitation import Invitation, Status as InvitationStatus
 
 from .roles import Roles
 from .users import Users
@@ -30,6 +31,32 @@ class WorkspaceUsers(object):
 
         return WorkspaceUser(user, workspace_role)
 
+    @classmethod
+    def _get_active_workspace_role(cls, workspace_id, user_id):
+        try:
+            return (
+                db.session.query(WorkspaceRole)
+                .join(User)
+                .filter(User.id == user_id, WorkspaceRole.workspace_id == workspace_id)
+                .join(Invitation, WorkspaceRole.workspace_id == Invitation.workspace_id)
+                .filter(Invitation.user_id == WorkspaceRole.user_id)
+                .filter(Invitation.status == InvitationStatus.ACCEPTED)
+                .one()
+            )
+        except NoResultFound:
+            return None
+
+    @classmethod
+    def workspace_user_permissions(cls, workspace, user):
+        workspace_role = WorkspaceUsers._get_active_workspace_role(
+            workspace.id, user.id
+        )
+        atat_permissions = set(user.atat_role.permissions)
+        workspace_permissions = (
+            [] if workspace_role is None else workspace_role.role.permissions
+        )
+        return set(workspace_permissions).union(atat_permissions)
+
     @classmethod
     def _get_workspace_role(cls, user, workspace_id):
         try:
@@ -63,7 +90,7 @@ class WorkspaceUsers(object):
             new_workspace_role.role = role
         except NoResultFound:
             new_workspace_role = WorkspaceRole(
-                user=user, role_id=role.id, workspace_id=workspace_id, accepted=False
+                user=user, role_id=role.id, workspace_id=workspace_id
             )
 
         user.workspace_roles.append(new_workspace_role)

atst/domain/workspaces/query.py

@@ -5,6 +5,7 @@ from atst.domain.common import Query
 from atst.domain.exceptions import NotFoundError
 from atst.models.workspace import Workspace
 from atst.models.workspace_role import WorkspaceRole
+from atst.models.invitation import Invitation, Status as InvitationStatus
 
 
 class WorkspacesQuery(Query):
@@ -24,8 +25,10 @@ class WorkspacesQuery(Query):
         return (
             db.session.query(Workspace)
             .join(WorkspaceRole)
+            .join(Invitation)
             .filter(WorkspaceRole.user == user)
-            .filter(WorkspaceRole.accepted == True)
+            .filter(Invitation.user == user)
+            .filter(Invitation.status == InvitationStatus.ACCEPTED)
             .all()
         )
 

atst/domain/workspaces/workspaces.py

@@ -3,6 +3,7 @@ from atst.domain.authz import Authorization
 from atst.models.permissions import Permissions
 from atst.domain.users import Users
 from atst.domain.workspace_users import WorkspaceUsers
+from atst.domain.invitations import Invitations
 
 from .query import WorkspacesQuery
 from .scopes import ScopedWorkspace
@@ -13,9 +14,8 @@ class Workspaces(object):
     def create(cls, request, name=None):
         name = name or request.displayname
         workspace = WorkspacesQuery.create(request=request, name=name)
-        Workspaces._create_workspace_role(
-            request.creator, workspace, "owner", accepted=True
-        )
+        Workspaces._create_workspace_role(request.creator, workspace, "owner")
+        Invitations.create_for_owner(workspace, request.creator)
         WorkspacesQuery.add_and_commit(workspace)
         return workspace
 
@@ -109,11 +109,9 @@ class Workspaces(object):
         return WorkspaceUsers.update_role(member, workspace.id, role_name)
 
     @classmethod
-    def _create_workspace_role(cls, user, workspace, role_name, accepted=False):
+    def _create_workspace_role(cls, user, workspace, role_name):
         role = Roles.get(role_name)
-        workspace_role = WorkspacesQuery.create_workspace_role(
-            user, role, workspace, accepted=accepted
-        )
+        workspace_role = WorkspacesQuery.create_workspace_role(user, role, workspace)
         WorkspacesQuery.add_and_commit(workspace_role)
         return workspace_role
 
@@ -123,11 +121,3 @@ class Workspaces(object):
             workspace.name = new_data["name"]
 
         WorkspacesQuery.add_and_commit(workspace)
-
-    @classmethod
-    def accept_workspace_role(cls, user, workspace):
-        workspace_role = WorkspacesQuery.get_role_for_workspace_and_user(
-            workspace, user
-        )
-        workspace_role.accepted = True
-        WorkspacesQuery.add_and_commit(workspace_role)