from api.users.models import *

def has_authorization(*, user, code: str, team=None) -> bool:
    if not user.is_authenticated:
        return False

    qs = Authorization.objects.filter(code=code)

    memberships = UserTeamRole.objects.filter(user=user)

    if team is not None:
        memberships = memberships.filter(team=team)

    return qs.filter(roleauthorization__role__teammembership__in=memberships).exists()


class NotAuthorized(Exception):
    pass

def require_authorization(*, user, code: str, team=None):
    if not has_authorization(user=user, code=code, team=team):
        raise NotAuthorized(f"Missing authorization: {code}")