Simplify permission checks for timetable sources

aleksis/apps/chronos/util/chronos_helpers.py

 from datetime import date, datetime, timedelta
 from typing import TYPE_CHECKING, Optional
 
-from django.db.models import Count, Q
+from django.db.models import Q
 
-from guardian.core import ObjectPermissionChecker
+from guardian.shortcuts import get_objects_for_user
 
 from aleksis.core.models import Announcement, Group, Person, Room
 from aleksis.core.util.core_helpers import get_site_preferences
@@ -19,24 +19,14 @@ if TYPE_CHECKING:
 
 def get_teachers(user: "User"):
     """Get the teachers whose timetables are allowed to be seen by current user."""
-    checker = ObjectPermissionChecker(user)
 
-    teachers = (
-        Person.objects.annotate(lessons_count=Count("lesson_events_as_teacher"))
-        .filter(lessons_count__gt=0)
-        .order_by("short_name", "last_name")
-    )
+    teachers = Person.objects.all().order_by("short_name", "last_name")
 
     if not check_global_permission(user, "chronos.view_all_person_timetables"):
-        checker.prefetch_perms(teachers)
-
-        wanted_teachers = set()
-
-        for teacher in teachers:
-            if checker.has_perm("core.view_person_timetable", teacher):
-                wanted_teachers.add(teacher.pk)
-
-        teachers = teachers.filter(Q(pk=user.person.pk) | Q(pk__in=wanted_teachers))
+        teachers.filter(
+            Q(pk=user.person.pk)
+            | Q(pk__in=get_objects_for_user(user, "core.view_person_timetable", teachers))
+        )
 
     teachers = teachers.distinct()
 
@@ -45,16 +35,8 @@ def get_teachers(user: "User"):
 
 def get_groups(user: "User"):
     """Get the groups whose timetables are allowed to be seen by current user."""
-    checker = ObjectPermissionChecker(user)
 
-    groups = (
-        Group.objects.for_current_school_term_or_all()
-        .annotate(
-            lessons_count=Count("lesson_events"),
-            child_lessons_count=Count("child_groups__lesson_events"),
-        )
-        .filter(Q(lessons_count__gt=0) | Q(child_lessons_count__gt=0))
-    )
+    groups = Group.objects.for_current_school_term_or_all()
 
     group_types = get_site_preferences()["chronos__group_types_timetables"]
 
@@ -64,19 +46,14 @@ def get_groups(user: "User"):
     groups = groups.order_by("short_name", "name")
 
     if not check_global_permission(user, "chronos.view_all_group_timetables"):
-        checker.prefetch_perms(groups)
-
-        wanted_classes = set()
+        if user.person.primary_group:
+            return groups.filter(pk=user.person.primary_group.pk)
 
-        for _class in groups:
-            if checker.has_perm("core.view_group_timetable", _class):
-                wanted_classes.add(_class.pk)
+        wanted_groups = get_objects_for_user(user, "core.view_group_timetable", groups)
 
         groups = groups.filter(
-            Q(pk__in=wanted_classes) | Q(members=user.person) | Q(owners=user.person)
+            Q(pk__in=wanted_groups) | Q(members=user.person) | Q(owners=user.person)
         )
-        if user.person.primary_group:
-            groups = groups.filter(Q(pk=user.person.primary_group.pk))
 
     groups = groups.distinct()
 
@@ -85,24 +62,11 @@ def get_groups(user: "User"):
 
 def get_rooms(user: "User"):
     """Get the rooms whose timetables are allowed to be seen by current user."""
-    checker = ObjectPermissionChecker(user)
 
-    rooms = (
-        Room.objects.annotate(lessons_count=Count("lesson_events"))
-        .filter(lessons_count__gt=0)
-        .order_by("short_name", "name")
-    )
+    rooms = Room.objects.all().order_by("short_name", "name")
 
     if not check_global_permission(user, "chronos.view_all_room_timetables"):
-        checker.prefetch_perms(rooms)
-
-        wanted_rooms = set()
-
-        for room in rooms:
-            if checker.has_perm("core.view_room_timetable", room):
-                wanted_rooms.add(room.pk)
-
-        rooms = rooms.filter(Q(pk__in=wanted_rooms))
+        rooms = get_objects_for_user(user, "core.view_room_timetable", rooms)
 
     rooms = rooms.distinct()