From 87af89db0521b5b4f8332670cdc0d1d1178b94cd Mon Sep 17 00:00:00 2001
From: Sage Abdullah <sage.abdullah@torchbox.com>
Date: Thu, 8 Jun 2023 15:00:20 +0100
Subject: [PATCH] Move get_explorable_root_page logic to PagePermissionPolicy

---
 wagtail/admin/navigation.py                 | 22 +++------------------
 wagtail/admin/tests/pages/test_edit_page.py |  2 +-
 wagtail/images/tests/test_admin_views.py    |  8 ++++----
 wagtail/permission_policies/pages.py        | 22 +++++++++++++++++++++
 4 files changed, 30 insertions(+), 24 deletions(-)

diff --git a/wagtail/admin/navigation.py b/wagtail/admin/navigation.py
index bbc47927b5..66dee94c1d 100644
--- a/wagtail/admin/navigation.py
+++ b/wagtail/admin/navigation.py
@@ -1,30 +1,14 @@
 from django.conf import settings
 
-from wagtail.models import Page
+from wagtail.permission_policies.pages import PagePermissionPolicy
 
 
 def get_pages_with_direct_explore_permission(user):
-    # Get all pages that the user has direct add/edit/publish/lock permission on
-    if user.is_superuser:
-        # superuser has implicit permission on the root node
-        return Page.objects.filter(depth=1)
-    else:
-        return Page.objects.filter(
-            group_permissions__group__in=user.groups.all(),
-            group_permissions__permission_type__in=["add", "edit", "publish", "lock"],
-        )
+    return PagePermissionPolicy().instances_with_direct_explore_permission(user)
 
 
 def get_explorable_root_page(user):
-    # Get the highest common explorable ancestor for the given user. If the user
-    # has no permissions over any pages, this method will return None.
-    pages = get_pages_with_direct_explore_permission(user)
-    try:
-        root_page = pages.first_common_ancestor(include_self=True, strict=True)
-    except Page.DoesNotExist:
-        root_page = None
-
-    return root_page
+    return PagePermissionPolicy().explorable_root_instance(user)
 
 
 def get_site_for_user(user):
diff --git a/wagtail/admin/tests/pages/test_edit_page.py b/wagtail/admin/tests/pages/test_edit_page.py
index 31d0c3df6d..18b2aa984b 100644
--- a/wagtail/admin/tests/pages/test_edit_page.py
+++ b/wagtail/admin/tests/pages/test_edit_page.py
@@ -1876,7 +1876,7 @@ class TestPageEdit(WagtailTestUtils, TestCase):
         # as when running it within the full test suite
         self.client.get(reverse("wagtailadmin_pages:edit", args=(self.event_page.id,)))
 
-        with self.assertNumQueries(41):
+        with self.assertNumQueries(39):
             self.client.get(
                 reverse("wagtailadmin_pages:edit", args=(self.event_page.id,))
             )
diff --git a/wagtail/images/tests/test_admin_views.py b/wagtail/images/tests/test_admin_views.py
index 578446f5d8..febf9d5a57 100644
--- a/wagtail/images/tests/test_admin_views.py
+++ b/wagtail/images/tests/test_admin_views.py
@@ -316,7 +316,7 @@ class TestImageIndexView(WagtailTestUtils, TestCase):
         self.get()
 
         # Initial number of queries.
-        with self.assertNumQueries(15):
+        with self.assertNumQueries(14):
             self.get()
 
         # Add 5 images.
@@ -326,11 +326,11 @@ class TestImageIndexView(WagtailTestUtils, TestCase):
                 file=get_test_image_file(size=(1, 1)),
             )
 
-        with self.assertNumQueries(35):
-            # The renditions needed don't exist yet. We have 20 = 5 * 4 + 2 additional queries.
+        with self.assertNumQueries(34):
+            # The renditions needed don't exist yet. We have 20 = 5 * 4 additional queries.
             self.get()
 
-        with self.assertNumQueries(15):
+        with self.assertNumQueries(14):
             # No extra additional queries since renditions exist and are saved in
             # the prefetched objects cache.
             self.get()
diff --git a/wagtail/permission_policies/pages.py b/wagtail/permission_policies/pages.py
index 757ee4070f..01c53819d3 100644
--- a/wagtail/permission_policies/pages.py
+++ b/wagtail/permission_policies/pages.py
@@ -144,3 +144,25 @@ class PagePermissionPolicy(BasePermissionPolicy):
         return self.users_with_any_permission_for_instance(
             {action}, instance, include_superusers
         )
+
+    def instances_with_direct_explore_permission(self, user):
+        # Get all pages that the user has direct add/edit/publish/lock permission on
+        if user.is_superuser:
+            # superuser has implicit permission on the root node
+            return Page.objects.filter(depth=1)
+        else:
+            return [
+                perm.page
+                for perm in self.get_cached_permissions_for_user(user)
+                if perm.permission_type in {"add", "edit", "publish", "lock"}
+            ]
+
+    def explorable_root_instance(self, user):
+        pages = self.instances_with_direct_explore_permission(user)
+        try:
+            root_page = Page.objects.first_common_ancestor_of(
+                pages, include_self=True, strict=True
+            )
+        except Page.DoesNotExist:
+            root_page = None
+        return root_page