From de677294c6f685ed9dd5ceedeb7d5ac853af7d0f Mon Sep 17 00:00:00 2001
From: wh1te909 <dcparsi@gmail.com>
Date: Tue, 23 Aug 2022 00:54:07 +0000
Subject: [PATCH] refactor

---
 api/tacticalrmm/accounts/utils.py | 18 ++++++++++++++++++
 api/tacticalrmm/accounts/views.py | 21 +++++----------------
 2 files changed, 23 insertions(+), 16 deletions(-)
 create mode 100644 api/tacticalrmm/accounts/utils.py

diff --git a/api/tacticalrmm/accounts/utils.py b/api/tacticalrmm/accounts/utils.py
new file mode 100644
index 00000000..e87b786f
--- /dev/null
+++ b/api/tacticalrmm/accounts/utils.py
@@ -0,0 +1,18 @@
+from typing import TYPE_CHECKING
+from django.conf import settings
+
+if TYPE_CHECKING:
+    from django.http import HttpRequest
+    from accounts.models import User
+
+
+def is_root_user(*, request: "HttpRequest", user: "User") -> bool:
+    root = (
+        hasattr(settings, "ROOT_USER")
+        and request.user != user
+        and user.username == settings.ROOT_USER
+    )
+    demo = (
+        getattr(settings, "DEMO", False) and request.user.username == settings.ROOT_USER
+    )
+    return root or demo
diff --git a/api/tacticalrmm/accounts/views.py b/api/tacticalrmm/accounts/views.py
index 9cb6d067..5d9394e5 100644
--- a/api/tacticalrmm/accounts/views.py
+++ b/api/tacticalrmm/accounts/views.py
@@ -22,18 +22,7 @@ from .serializers import (
     UserSerializer,
     UserUISerializer,
 )
-
-
-def _is_root_user(request, user) -> bool:
-    root = (
-        hasattr(settings, "ROOT_USER")
-        and request.user != user
-        and user.username == settings.ROOT_USER
-    )
-    demo = (
-        getattr(settings, "DEMO", False) and request.user.username == settings.ROOT_USER
-    )
-    return root or demo
+from accounts.utils import is_root_user
 
 
 class CheckCreds(KnoxLoginView):
@@ -159,7 +148,7 @@ class GetUpdateDeleteUser(APIView):
     def put(self, request, pk):
         user = get_object_or_404(User, pk=pk)
 
-        if _is_root_user(request, user):
+        if is_root_user(request=request, user=user):
             return notify_error("The root user cannot be modified from the UI")
 
         serializer = UserSerializer(instance=user, data=request.data, partial=True)
@@ -170,7 +159,7 @@ class GetUpdateDeleteUser(APIView):
 
     def delete(self, request, pk):
         user = get_object_or_404(User, pk=pk)
-        if _is_root_user(request, user):
+        if is_root_user(request=request, user=user):
             return notify_error("The root user cannot be deleted from the UI")
 
         user.delete()
@@ -183,7 +172,7 @@ class UserActions(APIView):
     # reset password
     def post(self, request):
         user = get_object_or_404(User, pk=request.data["id"])
-        if _is_root_user(request, user):
+        if is_root_user(request=request, user=user):
             return notify_error("The root user cannot be modified from the UI")
 
         user.set_password(request.data["password"])
@@ -194,7 +183,7 @@ class UserActions(APIView):
     # reset two factor token
     def put(self, request):
         user = get_object_or_404(User, pk=request.data["id"])
-        if _is_root_user(request, user):
+        if is_root_user(request=request, user=user):
             return notify_error("The root user cannot be modified from the UI")
 
         user.totp_key = ""