Move org user role to constants file

apps/alerts/api.py

@@ -4,7 +4,7 @@ from django.shortcuts import aget_object_or_404
 from ninja import Router
 from ninja.pagination import paginate
 
-from apps.organizations_ext.models import OrganizationUserRole
+from apps.organizations_ext.constants import OrganizationUserRole
 from apps.projects.models import Project
 from glitchtip.api.authentication import AuthHttpRequest
 from glitchtip.api.permissions import has_permission

apps/alerts/tests/test_api.py

@@ -2,7 +2,7 @@ from django.test import TestCase
 from django.urls import reverse
 from model_bakery import baker
 
-from apps.organizations_ext.models import OrganizationUserRole
+from apps.organizations_ext.constants import OrganizationUserRole
 from glitchtip.test_utils.test_case import GlitchTipTestCaseMixin
 
 from ..models import ProjectAlert

apps/alerts/tests/test_api_permissions.py

@@ -1,7 +1,7 @@
 from django.urls import reverse
 from model_bakery import baker
 
-from apps.organizations_ext.models import OrganizationUserRole
+from apps.organizations_ext.constants import OrganizationUserRole
 from glitchtip.test_utils.test_case import APIPermissionTestCase
 
 

apps/alerts/tests/test_tasks.py

@@ -8,7 +8,7 @@ from freezegun import freeze_time
 from model_bakery import baker
 
 from apps.issue_events.models import EventStatus, Issue
-from apps.organizations_ext.models import OrganizationUserRole
+from apps.organizations_ext.constants import OrganizationUserRole
 from apps.projects.models import ProjectAlertStatus
 from glitchtip.test_utils.test_case import GlitchTipTestCase
 

apps/djstripe_ext/api.py

@@ -10,7 +10,8 @@ from ninja import Router
 from ninja.errors import HttpError
 from ninja.pagination import paginate
 
-from apps.organizations_ext.models import Organization, OrganizationUserRole
+from apps.organizations_ext.constants import OrganizationUserRole
+from apps.organizations_ext.models import Organization
 from glitchtip.api.authentication import AuthHttpRequest
 
 from .schema import (

apps/event_ingest/tests/utils.py

@@ -4,7 +4,7 @@ from typing import Union
 from django.test import TestCase
 from model_bakery import baker
 
-from apps.organizations_ext.models import OrganizationUserRole
+from apps.organizations_ext.constants import OrganizationUserRole
 from glitchtip.test_utils.test_case import GlitchTipTestCaseMixin
 
 from ..process_event import process_issue_events

apps/importer/api.py

@@ -1,7 +1,8 @@
 from django.shortcuts import aget_object_or_404
 from ninja import Router
 
-from apps.organizations_ext.models import Organization, OrganizationUserRole
+from apps.organizations_ext.constants import OrganizationUserRole
+from apps.organizations_ext.models import Organization
 from glitchtip.api.authentication import AuthHttpRequest
 from glitchtip.api.permissions import has_permission
 

apps/importer/importer.py

@@ -4,7 +4,8 @@ from asgiref.sync import sync_to_async
 from django.db.models import Q
 from django.urls import reverse
 
-from apps.organizations_ext.models import OrganizationUser, OrganizationUserRole
+from apps.organizations_ext.constants import OrganizationUserRole
+from apps.organizations_ext.models import OrganizationUser
 from apps.organizations_ext.resources import (
     OrganizationResource,
     OrganizationUserResource,

apps/organizations_ext/api.py

@@ -15,13 +15,9 @@ from apps.users.utils import ais_user_registration_open
 from glitchtip.api.authentication import AuthHttpRequest
 from glitchtip.api.permissions import has_permission
 
+from .constants import OrganizationUserRole
 from .invitation_backend import InvitationTokenGenerator
-from .models import (
-    Organization,
-    OrganizationOwner,
-    OrganizationUser,
-    OrganizationUserRole,
-)
+from .models import Organization, OrganizationOwner, OrganizationUser
 from .queryset_utils import get_organization_users_queryset, get_organizations_queryset
 from .schema import (
     AcceptInviteIn,

apps/organizations_ext/constants.py

@@ -0,0 +1,115 @@
+from django.db import models
+
+# Defines which scopes belong to which role
+# Credit to sentry/conf/server.py
+ROLES = (
+    {
+        "id": "member",
+        "name": "Member",
+        "desc": "Members can view and act on events, as well as view most other data within the organization.",
+        "scopes": set(
+            [
+                "event:read",
+                "event:write",
+                "event:admin",
+                "project:releases",
+                "project:read",
+                "org:read",
+                "member:read",
+                "team:read",
+            ]
+        ),
+    },
+    {
+        "id": "admin",
+        "name": "Admin",
+        "desc": "Admin privileges on any teams of which they're a member. They can create new teams and projects, as well as remove teams and projects which they already hold membership on (or all teams, if open membership is on). Additionally, they can manage memberships of teams that they are members of.",
+        "scopes": set(
+            [
+                "event:read",
+                "event:write",
+                "event:admin",
+                "org:read",
+                "member:read",
+                "project:read",
+                "project:write",
+                "project:admin",
+                "project:releases",
+                "team:read",
+                "team:write",
+                "team:admin",
+                "org:integrations",
+            ]
+        ),
+    },
+    {
+        "id": "manager",
+        "name": "Manager",
+        "desc": "Gains admin access on all teams as well as the ability to add and remove members.",
+        "is_global": True,
+        "scopes": set(
+            [
+                "event:read",
+                "event:write",
+                "event:admin",
+                "member:read",
+                "member:write",
+                "member:admin",
+                "project:read",
+                "project:write",
+                "project:admin",
+                "project:releases",
+                "team:read",
+                "team:write",
+                "team:admin",
+                "org:read",
+                "org:write",
+                "org:integrations",
+            ]
+        ),
+    },
+    {
+        "id": "owner",
+        "name": "Organization Owner",
+        "desc": "Unrestricted access to the organization, its data, and its settings. Can add, modify, and delete projects and members, as well as make billing and plan changes.",
+        "is_global": True,
+        "scopes": set(
+            [
+                "org:read",
+                "org:write",
+                "org:admin",
+                "org:integrations",
+                "member:read",
+                "member:write",
+                "member:admin",
+                "team:read",
+                "team:write",
+                "team:admin",
+                "project:read",
+                "project:write",
+                "project:admin",
+                "project:releases",
+                "event:read",
+                "event:write",
+                "event:admin",
+            ]
+        ),
+    },
+)
+
+
+class OrganizationUserRole(models.IntegerChoices):
+    MEMBER = 0, "Member"
+    ADMIN = 1, "Admin"
+    MANAGER = 2, "Manager"
+    OWNER = 3, "Owner"  # Many users can be owner but only one primary owner
+
+    @classmethod
+    def from_string(cls, string: str):
+        for status in cls:
+            if status.label.lower() == string.lower():
+                return status
+
+    @classmethod
+    def get_role(cls, role: int):
+        return ROLES[role]