refactor(data): optimize item fetching logic in GET request handler

fulleni · fulleni · commit 13c1219c9d32 · 2025-08-08T10:21:45.000+01:00
- Remove inline userIdForRepoCall logic and move to a more concise version
- Implement a check for pre-fetched items to avoid redundant database calls
- Simplify model fetching logic with a more compact switch case structure
- Update comments to reflect the current logic flow and responsibilities
diff --git a/routes/api/v1/data/[id]/index.dart b/routes/api/v1/data/[id]/index.dart
@@ -75,92 +75,63 @@ Future<Response> _handleGet(
   User authenticatedUser,
   PermissionService permissionService,
 ) async {
-  // Authorization check is handled by authorizationMiddleware before this.
-  // This handler only needs to perform the ownership check if required.
+  // Authorization and ownership checks are handled by middleware before this.
+  // This handler's job is to fetch and return the data.
 
   dynamic item;
 
-  // Determine userId for repository call based on ModelConfig (for data scoping)
-  String? userIdForRepoCall;
-  // If the model is user-owned, pass the authenticated user's ID to the repository
-  // for filtering. Otherwise, pass null.
-  // Note: This is for data *scoping* by the repository, not the permission check.
-  // We infer user-owned based on the presence of getOwnerId function.
-  if (modelConfig.getOwnerId != null &&
-      !permissionService.isAdmin(authenticatedUser)) {
-    userIdForRepoCall = authenticatedUser.id;
-  } else {
-    userIdForRepoCall = null;
-  }
-
-  // Repository exceptions (like NotFoundException) will propagate up to the
-  // main onRequest try/catch (which is now removed, so they go to errorHandler).
-  switch (modelName) {
-    case 'headline':
-      final repo = context.read<DataRepository<Headline>>();
-      item = await repo.read(id: id, userId: userIdForRepoCall);
-    case 'topic':
-      final repo = context.read<DataRepository<Topic>>();
-      item = await repo.read(id: id, userId: userIdForRepoCall);
-    case 'source':
-      final repo = context.read<DataRepository<Source>>();
-      item = await repo.read(id: id, userId: userIdForRepoCall);
-    case 'country':
-      final repo = context.read<DataRepository<Country>>();
-      item = await repo.read(id: id, userId: userIdForRepoCall);
-    case 'language':
-      final repo = context.read<DataRepository<Language>>();
-      item = await repo.read(id: id, userId: userIdForRepoCall);
-    case 'user': // Handle User model specifically if needed, or rely on generic
-      final repo = context.read<DataRepository<User>>();
-      item = await repo.read(id: id, userId: userIdForRepoCall);
-    case 'user_app_settings': // New case for UserAppSettings
-      final repo = context.read<DataRepository<UserAppSettings>>();
-      item = await repo.read(id: id, userId: userIdForRepoCall);
-    case 'user_content_preferences': // New case for UserContentPreferences
-      final repo = context.read<DataRepository<UserContentPreferences>>();
-      item = await repo.read(id: id, userId: userIdForRepoCall);
-    case 'remote_config': // New case for RemoteConfig (read by admin)
-      final repo = context.read<DataRepository<RemoteConfig>>();
-      item = await repo.read(
-        id: id,
-        userId: userIdForRepoCall,
-      ); // userId should be null for AppConfig
-    case 'dashboard_summary':
-      final service = context.read<DashboardSummaryService>();
-      item = await service.getSummary();
-    default:
-      // This case should ideally be caught by middleware, but added for safety
-      // Throw an exception to be caught by the errorHandler
-      throw OperationFailedException(
-        'Unsupported model type "$modelName" reached handler.',
-      );
-  }
+  // Check if the ownership middleware already fetched the item for a check.
+  // This avoids a redundant database call.
+  final fetchedItem = context.read<FetchedItem<dynamic>?>();
 
-  // --- Handler-Level Ownership Check (for GET item) ---
-  // This check is needed if the ModelConfig for GET item requires ownership
-  // AND the user is NOT an admin (admins can bypass ownership checks).
-  if (modelConfig.getItemPermission.requiresOwnershipCheck &&
-      !permissionService.isAdmin(authenticatedUser)) {
-    // Ensure getOwnerId is provided for models requiring ownership check
-    if (modelConfig.getOwnerId == null) {
-      _logger.severe(
-        'Configuration Error: Model "$modelName" requires '
-        'ownership check for GET item but getOwnerId is not provided.',
-      );
-      // Throw an exception to be caught by the errorHandler
-      throw const OperationFailedException(
-        'Internal Server Error: Model configuration error.',
-      );
-    }
-
-    final itemOwnerId = modelConfig.getOwnerId!(item);
-    if (itemOwnerId != authenticatedUser.id) {
-      // If the authenticated user is not the owner, deny access.
-      // Throw ForbiddenException to be caught by the errorHandler
-      throw const ForbiddenException(
-        'You do not have permission to access this specific item.',
-      );
+  if (fetchedItem != null) {
+    // If the item was pre-fetched by the middleware, use it directly.
+    item = fetchedItem.data;
+  } else {
+    // If no ownership check was required (e.g., for an admin or public
+    // resource), the item was not pre-fetched, so we fetch it now.
+    final userIdForRepoCall =
+        (modelConfig.getOwnerId != null &&
+            !permissionService.isAdmin(authenticatedUser))
+        ? authenticatedUser.id
+        : null;
+
+    // Repository exceptions (like NotFoundException) will propagate up.
+    switch (modelName) {
+      case 'headline':
+        final repo = context.read<DataRepository<Headline>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'topic':
+        final repo = context.read<DataRepository<Topic>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'source':
+        final repo = context.read<DataRepository<Source>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'country':
+        final repo = context.read<DataRepository<Country>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'language':
+        final repo = context.read<DataRepository<Language>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'user':
+        final repo = context.read<DataRepository<User>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'user_app_settings':
+        final repo = context.read<DataRepository<UserAppSettings>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'user_content_preferences':
+        final repo = context.read<DataRepository<UserContentPreferences>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'remote_config':
+        final repo = context.read<DataRepository<RemoteConfig>>();
+        item = await repo.read(id: id, userId: userIdForRepoCall);
+      case 'dashboard_summary':
+        final service = context.read<DashboardSummaryService>();
+        item = await service.getSummary();
+      default:
+        throw OperationFailedException(
+          'Unsupported model type "$modelName" reached handler.',
+        );
     }
   }
 
