feat: default iam groups on org create

Root user is given the `Default Users` and `Root User` permission groups on org creation.

src/iam/service.py

@@ -8,12 +8,14 @@ Exports:
 from typing import Annotated
 from datetime import datetime, timedelta, timezone
 
-from src.iam.schemas import IAMCAoRRequest
 from src.service.models import Service
 from src.database import db_dependency
 from src.exceptions import UnauthorizedException
 from src.utils import send_email, generate_jwt
 
+from src.iam.schemas import IAMCAoRRequest
+from src.iam.models import Group
+
 
 from fastapi import Request, Depends
 
@@ -64,3 +66,49 @@ async def send_user_group_invitation(
 		subject=subject,
 		body=body,
 	)
+
+
+async def create_default_user_group(db: db_dependency, org_model):
+	new_group = Group(name="Default Users", org_id=org_model.id)
+	db.add(new_group)
+	db.flush()
+	# Grant default permissions here
+	db.flush()
+	return new_group
+
+
+async def assign_default_user_group(db: db_dependency, org_model, user_model):
+	group_model = None
+	for group in org_model.group_rel:
+		if group.name == "Default Users":
+			group_model = group
+			break
+
+	if group_model is None:
+		group_model = await create_default_user_group(db=db, org_model=org_model)
+
+	user_model.group_rel.append(group_model)
+	db.flush()
+
+
+async def create_default_root_group(db: db_dependency, org_model):
+	new_group = Group(name="Root User", org_id=org_model.id)
+	db.add(new_group)
+	db.flush()
+	# Grant default permissions here
+	db.flush()
+	return new_group
+
+
+async def assign_default_root_group(db: db_dependency, org_model, user_model):
+	group_model = None
+	for group in org_model.group_rel:
+		if group.name == "Root User":
+			group_model = group
+			break
+
+	if group_model is None:
+		group_model = await create_default_root_group(db=db, org_model=org_model)
+
+	user_model.group_rel.append(group_model)
+	db.flush()