Move nodegroup filtering closer to serialization

archesproject · Jun 12, 2024 · 9334930 · jacobtylerwalls · Jun 12, 2024 · 9334930
1 parent 249ae8a
commit 9334930
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 28 deletions.
diff --git a/arches/app/models/models.py b/arches/app/models/models.py
@@ -2213,7 +2213,7 @@ def clean_fields(self, exclude=None):
                 sep=" ", timespec="seconds"
             )
 
-    def serialize(self, depth_map=None, flat=False):
+    def serialize(self, depth_map=None, flat=False, user=None):
         if depth_map is None:
             depth_map = defaultdict(int)
         data = {
@@ -2257,10 +2257,7 @@ def serialize(self, depth_map=None, flat=False):
                     "graph_id": node.graph_id,
                     "graph_name": str(node.graph.name),
                 }
-                for node in Node.with_controlled_list.filter(
-                    controlled_list=self.pk,
-                    source_identifier=None,
-                ).select_related("graph")
+                for node in self.find_nodes_using_list(user).select_related("graph")
             ]
         return data
 
@@ -2280,8 +2277,20 @@ def bulk_update_item_sortorders(self, sortorder_map):
 
         ControlledListItem.objects.bulk_update(reordered_items, fields=["sortorder"])
 
-    def find_nodes_using_list(self):
-        return Node.with_controlled_list.filter(controlled_list=self.pk)
+    def find_nodes_using_list(self, user=None):
+        from arches.app.utils.permission_backend import get_nodegroups_by_perm
+
+        qs = Node.with_controlled_list.filter(
+            controlled_list=self.pk, source_identifier=None
+        )
+
+        if user:
+            permitted_nodegroups = [
+                ng.pk for ng in get_nodegroups_by_perm(user, "read_nodegroup")
+            ]
+            qs = qs.filter(nodegroup_id__in=permitted_nodegroups)
+
+        return qs
 
 
 class ControlledListItem(models.Model):

diff --git a/arches/app/views/api/controlled_lists.py b/arches/app/views/api/controlled_lists.py
@@ -22,7 +22,6 @@
 from arches.app.models.utils import field_names
 from arches.app.utils.betterJSONSerializer import JSONDeserializer
 from arches.app.utils.decorators import group_required
-from arches.app.utils.permission_backend import get_nodegroups_by_perm
 from arches.app.utils.response import JSONErrorResponse, JSONResponse
 from arches.app.utils.string_utils import str_to_bool
 
@@ -154,13 +153,12 @@ def get(self, request):
             .order_by("name")
             .prefetch_related(*prefetch_terms(request))
         )
+        flat = str_to_bool(request.GET.get("flat", "false"))
         serialized_lists = [
-            obj.serialize(flat=str_to_bool(request.GET.get("flat", "false")))
-            for obj in lists
+            obj.serialize(flat=flat, user=request.user) for obj in lists
         ]
-        filtered = self.filter_permitted_nodegroups(serialized_lists, request)
 
-        return JSONResponse({"controlled_lists": filtered})
+        return JSONResponse({"controlled_lists": serialized_lists})
 
     @staticmethod
     def node_subquery(node_field: str = "pk"):
@@ -173,19 +171,6 @@ def node_subquery(node_field: str = "pk"):
             .values(node_field)
         )
 
-    def filter_permitted_nodegroups(self, serialized_lists, request):
-        permitted_nodegroups = [
-            ng.pk for ng in get_nodegroups_by_perm(request.user, "read_nodegroup")
-        ]
-
-        for lst in serialized_lists:
-            lst["nodes"] = [
-                node_dict
-                for node_dict in lst["nodes"]
-                if node_dict["nodegroup_id"] in permitted_nodegroups
-            ]
-        return serialized_lists
-
 
 @method_decorator(
     group_required("RDM Administrator", raise_exception=True), name="dispatch"
@@ -194,15 +179,14 @@ class ControlledListView(View):
     def get(self, request, **kwargs):
         """Returns either a flat representation (?flat=true) or a tree (default)."""
         list_id = kwargs.get("id")
+        flat = str_to_bool(request.GET.get("flat", "false"))
         try:
             lst = ControlledList.objects.prefetch_related(*prefetch_terms(request)).get(
                 pk=list_id
             )
         except ControlledList.DoesNotExist:
             return JSONErrorResponse(status=HTTPStatus.NOT_FOUND)
-        return JSONResponse(
-            lst.serialize(flat=str_to_bool(request.GET.get("flat", "false")))
-        )
+        return JSONResponse(lst.serialize(flat=flat, user=request.user))
 
     def add_new_list(self, name):
         lst = ControlledList(name=name)