Rework load options

src/api/authentication.py

@@ -78,7 +78,7 @@ def is_lecture_authenticated(lecture_id: int) -> bool:
     if is_moderator():
         return True
     lecture = database.query_one_or_none_and_expunge(
-        Lecture.select(False, True, load_course=True)
+        Lecture.select(is_mod=False, to_load=[LOAD_LECTURE_COURSE], visibility_check=True)
                .where(Lecture.id == lecture_id)
     )
     if lecture is None:
@@ -126,7 +126,7 @@ def authenticate_password(lecture_id: int, username: str, password: str):
     """
     
     lecture = database.query_one_or_none_and_expunge(
-        Lecture.select(False, True, load_course=True)
+        Lecture.select(is_mod=False, to_load=[LOAD_LECTURE_COURSE], visibility_check=True)
         .where(Lecture.id == lecture_id)
     )
     if lecture is None:
@@ -203,13 +203,13 @@ def authenticate_fsmpi(username: str, password: str) -> {}:
         raise ApiClientException(ERROR_AUTHENTICATION_FAILED)
     
     if api.live_config.is_readonly():
-        user_db = database.query_one_or_none_and_expunge(User.select(is_mod=True).where(User.handle == user_handle))
+        user_db = database.query_one_or_none_and_expunge(User.select(is_mod=True, to_load=[]).where(User.handle == user_handle))
         if user_db is None:
             raise ApiClientException(ERROR_AUTHENTICATION_NOT_AVAILABLE(
                 "Site is read-only and we can not create a new account for you in the database"))
     else:
         def _trans(session: SessionDb):
-            user_db = session.scalar(User.select(is_mod=True).where(User.handle == user_handle))
+            user_db = session.scalar(User.select(is_mod=True, to_load=[]).where(User.handle == user_handle))
             if user_db is None:
                 # TODO test new
                 user_db = User(handle=user_handle, name=given_name)

src/api/routes/courses.py

@@ -15,7 +15,7 @@ def api_route_courses():
     is_mod: bool = is_moderator()
     
     courses = database.query_all_and_expunge(
-        Course.select(is_mod, True)
+        Course.select(is_mod, to_load=[], visibility_check=True)
               .order_by(Course.id.asc())
     )
     return {"courses": {
@@ -40,7 +40,12 @@ def api_route_course(course_id: int = None, course_handle: str = None):
     include_lectures = "include_lectures" in request.args and request.args["include_lectures"] == "true"
     
     stmt = (
-        Course.select(is_mod, False, ignore_unlisted=True, load_lectures=include_lectures, load_chapters=True, load_media=True)
+        Course.select(is_mod, [
+            LOAD_COURSE_LECTURES if include_lectures else None,
+            LOAD_LECTURE_CHAPTERS,
+            LOAD_LECTURE_PUBLISH_MEDIA,
+            LOAD_PUBLISH_MEDIUM_TARGET_MEDIUM
+        ], visibility_check=False, ignore_unlisted=True)
     )
     
     if course_id:
@@ -75,10 +80,13 @@ def api_route_lecture(lecture_id: int):
     
     stmt = Lecture.select(
         is_mod,
-        False,
-        load_course=True,
-        load_chapters=True,
-        load_media=True
+        [
+            LOAD_LECTURE_COURSE,
+            LOAD_LECTURE_CHAPTERS,
+            LOAD_LECTURE_PUBLISH_MEDIA,
+            LOAD_PUBLISH_MEDIUM_TARGET_MEDIUM
+        ],
+        visibility_check=False,
     ).where(Lecture.id == lecture_id)
     
     lecture = database.query_one_or_none_and_expunge(stmt)
@@ -134,9 +142,11 @@ def api_route_lecture_chapter_suggestion(lecture_id: int):
         lecture = session.scalar(
             Lecture.select(
                         is_mod,
-                        False,
-                        load_course=True,
-                        load_chapters=True
+                        [
+                            LOAD_LECTURE_COURSE,
+                            LOAD_LECTURE_CHAPTERS,
+                        ],
+                        visibility_check=False,
                     )
                    .where(Lecture.id == lecture_id)
         )
@@ -204,10 +214,13 @@ def _execute_lecture_search(session: SessionDb, is_mod: bool, terms: list[str])
         [Lecture.title, Lecture.description, Lecture.speaker],
         Lecture.select(
                     is_mod,
-                    True,
-                    load_course=True,
-                    load_chapters=True,
-                    load_media=True
+                    [
+                        LOAD_LECTURE_COURSE,
+                        LOAD_LECTURE_CHAPTERS,
+                        LOAD_LECTURE_PUBLISH_MEDIA,
+                        LOAD_PUBLISH_MEDIUM_TARGET_MEDIUM
+                    ],
+                    visibility_check=True,
                 )
                .limit(30),
         [Lecture.time.desc()],
@@ -220,7 +233,7 @@ def _execute_course_search(session: SessionDb, is_mod: bool, terms: list[str]) -
         session,
         Course.id,
         [Course.full_name, Course.short_name, Course.handle, Course.organizer, Course.topic, Course.description],
-        Course.select(is_mod, True)
+        Course.select(is_mod, to_load=[], visibility_check=True)
               .limit(20),
         [Course.semester.desc()],
         terms

src/api/routes/job.py

@@ -29,7 +29,7 @@ def api_route_get_jobs():
     type: str or None = api_request_get_query_string("type", 100)
     
     def _trans(session: SessionDb):
-        query = Job.select(is_mod=True)
+        query = Job.select(is_mod=True, to_load=[])
         
         # TODO check status, type valid
         if status is not None:
@@ -76,7 +76,7 @@ def api_route_get_job_graph(job_id: int):
     
     def _trans(session: SessionDb):
         job = session.scalar(
-            Job.select(is_mod=True)
+            Job.select(is_mod=True, to_load=[])
             .where(Job.id == job_id)
             .options(orm.joinedload(Job.cause_user))
         )

src/api/routes/object_modifications.py

@@ -2,7 +2,8 @@ import math
 
 from flask import request
 
-from videoag_common.objects import API_CLASSES_BY_ID, ChangelogEntry, ChangelogModificationEntry
+from videoag_common.objects import API_CLASSES_BY_ID, ChangelogEntry, ChangelogModificationEntry, \
+    LOAD_CHANGELOG_ENTRY_USER
 from api.routes import *
 from api.authentication import _check_csrf_token
 
@@ -299,7 +300,7 @@ def api_route_object_management_changelog():
     field_id: str or None = api_request_get_query_string("field_id", 100, ID_STRING_PATTERN_NO_LENGTH, None)
     
     def _trans(session: SessionDb):
-        query = ChangelogEntry.select(is_mod=True, load_user=True)
+        query = ChangelogEntry.select(True, [LOAD_CHANGELOG_ENTRY_USER])
         
         if user_id is not None:
             query = query.where(ChangelogEntry.modifying_user_id == user_id)

src/api/routes/resources.py

 from flask import redirect
 
 from videoag_common.objects import *
+from api.authentication import is_authenticated
 from api.routes import *
 
 
@@ -8,12 +9,26 @@ from api.routes import *
            no_documentation=True)
 def api_route_access_target_medium(target_medium_id: int):
     is_mod = is_moderator()
-    medium = database.query_one_or_none_and_expunge(TargetMedium.select(is_mod=True).where(TargetMedium.id == target_medium_id))
+    medium = database.query_one_or_none_and_expunge(TargetMedium.select(
+        is_mod,
+        [
+            LOAD_TARGET_MEDIUM_PUBLISH_MEDIUM,
+            LOAD_TARGET_MEDIUM_LECTURE,
+            LOAD_PUBLISH_MEDIUM_LECTURE,
+            LOAD_LECTURE_COURSE
+        ],
+        visibility_check=False,
+    ).where(TargetMedium.id == target_medium_id))
     if medium is None:
         raise ApiClientException(ERROR_UNKNOWN_OBJECT)
     if not medium.has_access(is_mod=is_mod):
         raise ApiClientException(ERROR_UNAUTHORIZED)
     
+    lecture = medium.publish_medium.lecture
+    assert isinstance(lecture, Lecture)
+    if not is_authenticated(lecture.effective_view_permissions):
+        raise ApiClientException(ERROR_UNAUTHORIZED)
+    
     # TODO
     
     if isinstance(medium, ThumbnailTargetMedium):

src/api/routes/site.py

@@ -35,7 +35,7 @@ def api_route_status():
         try:
             announcements.extend(map(
                 lambda a: a.serialize(is_mod=is_mod),
-                database.query_all_and_expunge(Announcement.select(is_mod))
+                database.query_all_and_expunge(Announcement.select(is_mod, to_load=[]))
             ))
         except Exception:
             # We do NOT return status 'unavailable' because the status is the EXPECTED status. If there is an unexpected
@@ -68,10 +68,13 @@ def _db_execute_get_homepage(session: SessionDb, is_mod: bool):
     upcoming_lectures = session.scalars(
         Lecture.select(
             is_mod,
-            True,
-            load_course=True,
-            load_chapters=True,
-            load_media=True
+            [
+                LOAD_LECTURE_COURSE,
+                LOAD_LECTURE_CHAPTERS,
+                LOAD_LECTURE_PUBLISH_MEDIA,
+                LOAD_PUBLISH_MEDIUM_TARGET_MEDIUM
+            ],
+            visibility_check=True,
         )
         .where(Lecture.time >= upcoming_start, Lecture.time <= upcoming_end)
         .where(~Lecture.no_recording)
@@ -81,16 +84,19 @@ def _db_execute_get_homepage(session: SessionDb, is_mod: bool):
     latest_lectures = session.scalars(
         Lecture.select(
             is_mod,
-            True,
-            load_course=True,
-            load_chapters=True,
-            load_media=True
+            [
+                LOAD_LECTURE_COURSE,
+                LOAD_LECTURE_CHAPTERS,
+                LOAD_LECTURE_PUBLISH_MEDIA,
+                LOAD_PUBLISH_MEDIUM_TARGET_MEDIUM
+            ],
+            visibility_check=True,
         )
         .order_by(Lecture.publish_time.desc(), Lecture.id.asc())
         .limit(6)
     ).all()
     featured = session.scalars(
-        Featured.select(is_mod, load_course_lecture=True)
+        Featured.select(is_mod, [LOAD_FEATURED_COURSE_OR_LECTURE])
                 .order_by(Featured.display_priority.asc())
     ).all()
     session.expunge_all()

src/api/routes/user.py

@@ -42,7 +42,7 @@ api_register_non_stored_object("settings_entry", [
            ])
 @api_moderator_route()
 def api_route_users():
-    users = database.query_all_and_expunge(sql.select(User))
+    users = database.query_all_and_expunge(User.basic_select())
     return {
         "users": list(map(lambda u: u.serialize(is_mod=True), users))
     }
@@ -52,7 +52,7 @@ def api_route_users():
            response_object_id="settings")
 @api_moderator_route()
 def api_route_get_user_me_settings():
-    user = database.query_one_or_none_and_expunge(sql.select(User).where(User.id == get_user_id()))
+    user = database.query_one_or_none_and_expunge(User.basic_select().where(User.id == get_user_id()))
     if user is None:
         raise RuntimeError("No db user for moderator")  # pragma: no cover
     return _SETTINGS.to_json(user)
@@ -69,7 +69,7 @@ def api_route_patch_user_me_settings():
     updates_json = get_client_json(flask.request).get_object("updates")
     
     def _trans(session: SessionDb):
-        user = session.scalar(sql.select(User).where(User.id == get_user_id()))
+        user = session.scalar(User.basic_select().where(User.id == get_user_id()))
         if user is None:
             raise RuntimeError("No db user for moderator")  # pragma: no cover
         for entry_id in updates_json.keys():

backend_common_py @ 55260ba9

-Subproject commit 13f3e7890c92284456e8b06c7baf67dfb2c70e30
+Subproject commit 55260ba90a7264611d9621708b4144580a6e9049