Draft: Resolve "Make permission checks for absences and personal notes list on statistics page efficient"

Closes #350

aleksis/apps/alsijil/schema/__init__.py

 from datetime import datetime
 
-from django.db.models import BooleanField, ExpressionWrapper, Q
+from django.db.models import BooleanField, ExpressionWrapper, F, Q, Value
 
 import graphene
 import graphene_django_optimizer
@@ -308,13 +308,71 @@ class Query(graphene.ObjectType):
         if not info.context.user.has_perm("alsijil.view_person_statistics_rule", person):
             return []
         school_term = get_active_school_term(info.context)
+        global_perm = info.context.user.has_perm("alsijil.change_participationstatus")
         return graphene_django_optimizer.query(
             ParticipationStatus.objects.filter(
                 Q(absence_reason__isnull=False) | Q(tardiness__isnull=False),
                 person=person,
                 datetime_start__date__gte=school_term.date_start,
                 datetime_end__date__lte=school_term.date_end,
-            ).order_by("-related_documentation__datetime_start"),
+            )
+            .annotate(
+                can_edit=ExpressionWrapper(
+                    Value(global_perm)
+                    or ExpressionWrapper(
+                        Q(related_documentation__isnull=False)
+                        & (
+                            Q(related_documentation__amends__isnull=False)
+                            | Q(related_documentation__amends__cancelled=False)
+                        )
+                        & (
+                            Q(related_documentation__teachers__contains=info.context.user.person)
+                            | (
+                                Q(related_documentation__amends__teachers__isnull=False)
+                                & Q(
+                                    related_documentation__amends__teachers__contains=info.context.user.person
+                                )
+                            )
+                            | (
+                                Q(related_documentation__amends__amends__teachers__isnull=False)
+                                & Q(
+                                    related_documentation__amends__amends__teachers__contains=info.context.user.person
+                                )
+                            )
+                            | (
+                                (
+                                    Q(related_documentation__amends__isnull=False)
+                                    & (
+                                        Q(
+                                            related_documentation__amends__groups__owners__contains=info.context.user.person
+                                        )
+                                        | Q(
+                                            related_documentation__amends__groups__parent_groups__owners__contains=info.context.user.person
+                                        )
+                                    )
+                                )
+                                | (
+                                    Q(related_documentation__amends__amends__isnull=False)
+                                    & (
+                                        Q(
+                                            related_documentation__amends__amends__groups__owners__contains=info.context.user.person
+                                        )
+                                        | Q(
+                                            related_documentation__amends__amends__groups__parent_groups__owners__contains=info.context.user.person
+                                        )
+                                    )
+                                )
+                            )
+                        ),
+                        output_field=BooleanField(),
+                    ),
+                    output_field=BooleanField(),
+                ),
+            )
+            .annotate(
+                can_delete=F("can_edit"),
+            )
+            .order_by("-related_documentation__datetime_start"),
             info,
         )
 
@@ -324,6 +382,7 @@ class Query(graphene.ObjectType):
         if not info.context.user.has_perm("alsijil.view_person_statistics_rule", person):
             return []
         school_term = get_active_school_term(info.context)
+        global_perm = info.context.user.has_perm("alsijil.change_newpersonalnote")
         return graphene_django_optimizer.query(
             NewPersonalNote.objects.filter(
                 person=person,
@@ -331,7 +390,64 @@ class Query(graphene.ObjectType):
                     datetime_start__date__gte=school_term.date_start,
                     datetime_end__date__lte=school_term.date_end,
                 ),
-            ).order_by("-documentation__datetime_start"),
+            )
+            .annotate(
+                can_edit=ExpressionWrapper(
+                    Value(global_perm)
+                    or ExpressionWrapper(
+                        Q(documentation__isnull=False)
+                        & (
+                            Q(documentation__amends__isnull=False)
+                            | Q(documentation__amends__cancelled=False)
+                        )
+                        & (
+                            Q(documentation__teachers__contains=info.context.user.person)
+                            | (
+                                Q(documentation__amends__teachers__isnull=False)
+                                & Q(
+                                    documentation__amends__teachers__contains=info.context.user.person
+                                )
+                            )
+                            | (
+                                Q(documentation__amends__amends__teachers__isnull=False)
+                                & Q(
+                                    documentation__amends__amends__teachers__contains=info.context.user.person
+                                )
+                            )
+                            | (
+                                (
+                                    Q(documentation__amends__isnull=False)
+                                    & (
+                                        Q(
+                                            documentation__amends__groups__owners__contains=info.context.user.person
+                                        )
+                                        | Q(
+                                            documentation__amends__groups__parent_groups__owners__contains=info.context.user.person
+                                        )
+                                    )
+                                )
+                                | (
+                                    Q(documentation__amends__amends__isnull=False)
+                                    & (
+                                        Q(
+                                            documentation__amends__amends__groups__owners__contains=info.context.user.person
+                                        )
+                                        | Q(
+                                            documentation__amends__amends__groups__parent_groups__owners__contains=info.context.user.person
+                                        )
+                                    )
+                                )
+                            )
+                        ),
+                        output_field=BooleanField(),
+                    ),
+                    output_field=BooleanField(),
+                ),
+            )
+            .annotate(
+                can_delete=F("can_edit"),
+            )
+            .order_by("-documentation__datetime_start"),
             info,
         )