Ensure that project_id is always considered in read_one

Only for the hotfix: Checkout pull request HEAD commit instead of merge commit

Author: GianlucaFicarelli

.github/workflows/run-tests.yml

@@ -11,14 +11,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - name: Install uv
-        uses: astral-sh/setup-uv@v5
+        uses: astral-sh/setup-uv@v7
         with:
           version: "latest"
           enable-cache: true
       - name: Setup python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version-file: "pyproject.toml"
       - name: Check requirements

app/queries/common.py

@@ -41,7 +41,7 @@ def router_read_one[T: BaseModel, I: Identifiable](
     id_: uuid.UUID,
     db: Session,
     db_model_class: type[I],
-    authorized_project_id: uuid.UUID | None,
+    user_context: UserContext | None,
     response_schema_class: SupportsModelValidate[T],
     apply_operations: ApplyOperations[I] | None,
 ) -> T:
@@ -51,19 +51,21 @@ def router_read_one[T: BaseModel, I: Identifiable](
         id_: id of the entity to read.
         db: database session.
         db_model_class: database model class.
-        authorized_project_id: id of the authorized project.
+        user_context: the user context with project id and user information.
         response_schema_class: Pydantic schema class for the returned data.
         apply_operations: transformer function that modifies the select query.
 
     Returns:
         the model data as a Pydantic model.
     """
     query = sa.select(db_model_class).where(db_model_class.id == id_)
-    if authorized_project_id and (
+    if user_context and (
         id_model_class := get_declaring_class(db_model_class, "authorized_project_id")
     ):
         query = constrain_to_accessible_entities(
-            query, authorized_project_id, db_model_class=id_model_class
+            query=query,
+            project_id=user_context.project_id,
+            db_model_class=id_model_class,
         )
     if apply_operations:
         query = apply_operations(query)

app/service/analysis_notebook_environment.py

@@ -51,7 +51,7 @@ def read_one(
         db=db,
         id_=id_,
         db_model_class=AnalysisNotebookEnvironment,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         response_schema_class=AnalysisNotebookEnvironmentRead,
         apply_operations=_load,
     )
@@ -65,7 +65,7 @@ def admin_read_one(
         db=db,
         id_=id_,
         db_model_class=AnalysisNotebookEnvironment,
-        authorized_project_id=None,
+        user_context=None,
         response_schema_class=AnalysisNotebookEnvironmentRead,
         apply_operations=_load,
     )

app/service/analysis_notebook_execution.py

@@ -56,7 +56,7 @@ def read_one(
         db=db,
         id_=id_,
         db_model_class=AnalysisNotebookExecution,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         response_schema_class=AnalysisNotebookExecutionRead,
         apply_operations=_load,
     )
@@ -70,7 +70,7 @@ def admin_read_one(
         db=db,
         id_=id_,
         db_model_class=AnalysisNotebookExecution,
-        authorized_project_id=None,
+        user_context=None,
         response_schema_class=AnalysisNotebookExecutionRead,
         apply_operations=_load,
     )

app/service/analysis_notebook_result.py

@@ -51,7 +51,7 @@ def read_one(
         db=db,
         id_=id_,
         db_model_class=AnalysisNotebookResult,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         response_schema_class=AnalysisNotebookResultRead,
         apply_operations=_load,
     )
@@ -65,7 +65,7 @@ def admin_read_one(
         db=db,
         id_=id_,
         db_model_class=AnalysisNotebookResult,
-        authorized_project_id=None,
+        user_context=None,
         response_schema_class=AnalysisNotebookResultRead,
         apply_operations=_load,
     )

app/service/analysis_notebook_template.py

@@ -51,7 +51,7 @@ def read_one(
         db=db,
         id_=id_,
         db_model_class=AnalysisNotebookTemplate,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         response_schema_class=AnalysisNotebookTemplateRead,
         apply_operations=_load,
     )
@@ -65,7 +65,7 @@ def admin_read_one(
         db=db,
         id_=id_,
         db_model_class=AnalysisNotebookTemplate,
-        authorized_project_id=None,
+        user_context=None,
         response_schema_class=AnalysisNotebookTemplateRead,
         apply_operations=_load,
     )

app/service/brain_atlas.py

@@ -52,7 +52,7 @@ def read_one(user_context: UserContextDep, atlas_id: uuid.UUID, db: SessionDep)
         id_=atlas_id,
         db=db,
         db_model_class=BrainAtlas,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         response_schema_class=BrainAtlasRead,
         apply_operations=_load_brain_atlas,
     )
@@ -63,7 +63,7 @@ def admin_read_one(db: SessionDep, atlas_id: uuid.UUID) -> BrainAtlasRead:
         id_=atlas_id,
         db=db,
         db_model_class=BrainAtlas,
-        authorized_project_id=None,
+        user_context=None,
         response_schema_class=BrainAtlasRead,
         apply_operations=_load_brain_atlas,
     )
@@ -102,7 +102,7 @@ def read_one_region(
         id_=atlas_region_id,
         db=db,
         db_model_class=BrainAtlasRegion,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         response_schema_class=BrainAtlasRegionRead,
         apply_operations=lambda select: select.filter(
             BrainAtlasRegion.brain_atlas_id == atlas_id

app/service/brain_region_hierarchy.py

@@ -50,7 +50,7 @@ def read_one(id_: uuid.UUID, db: SessionDep) -> BrainRegionHierarchyRead:
         id_=id_,
         db=db,
         db_model_class=BrainRegionHierarchy,
-        authorized_project_id=None,
+        user_context=None,
         response_schema_class=BrainRegionHierarchyRead,
         apply_operations=_load,
     )

app/service/calibration.py

@@ -54,7 +54,7 @@ def read_one(
         db=db,
         id_=id_,
         db_model_class=Calibration,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         response_schema_class=CalibrationRead,
         apply_operations=_load,
     )
@@ -68,7 +68,7 @@ def admin_read_one(
         db=db,
         id_=id_,
         db_model_class=Calibration,
-        authorized_project_id=None,
+        user_context=None,
         response_schema_class=CalibrationRead,
         apply_operations=_load,
     )

app/service/cell_composition.py

@@ -44,7 +44,7 @@ def read_one(
         db=db,
         id_=id_,
         db_model_class=CellComposition,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         response_schema_class=CellCompositionRead,
         apply_operations=_load,
     )
@@ -58,7 +58,7 @@ def admin_read_one(
         db=db,
         id_=id_,
         db_model_class=CellComposition,
-        authorized_project_id=None,
+        user_context=None,
         response_schema_class=CellCompositionRead,
         apply_operations=_load,
     )