Merge remote-tracking branch 'upstream/main' into upstream_main

Rub21 · Rub21 · commit 1bd58e105287 · 2025-04-28T15:49:17.000-05:00
diff --git a/osmchadjango/changeset/serializers.py b/osmchadjango/changeset/serializers.py
@@ -56,18 +56,17 @@ class ChangesetSerializer(ChangesetSerializerToStaff):
     tags = SerializerMethodField()
 
     def get_reasons(self, obj):
-        return BasicSuspicionReasonsSerializer(
-            obj.reasons.filter(is_visible=True),
-            many=True,
-            read_only=True
-            ).data
+        # Using obj.reasons.filter() would generate a new query, which in the context
+        # of ChangesetListAPIView would waste the prefetching we've done and cause
+        # N+1 total queries. To avoid this, we instead filter the reasons in Python.
+        visible_reasons = [reason for reason in obj.reasons.all() if reason.is_visible]
+        return BasicSuspicionReasonsSerializer(visible_reasons, many=True, read_only=True).data
 
     def get_tags(self, obj):
-        return BasicTagSerializer(
-            obj.tags.filter(is_visible=True),
-            many=True,
-            read_only=True
-            ).data
+        # Filter the tags in Python rather than using obj.tags.filter() which would
+        # generate a new query (see above)
+        visible_tags = [tag for tag in obj.tags.all() if tag.is_visible]
+        return BasicTagSerializer(visible_tags, many=True, read_only=True).data
 
 
 class UserWhitelistSerializer(ModelSerializer):
diff --git a/osmchadjango/changeset/tests/test_changeset_views.py b/osmchadjango/changeset/tests/test_changeset_views.py
@@ -759,7 +759,7 @@ def test_set_good_changeset_unlogged(self):
         self.assertIsNone(self.changeset.check_date)
 
     def test_set_harmful_changeset_not_allowed(self):
-        """User can't mark his own changeset as harmful."""
+        """User can't mark their own changeset as harmful."""
         self.client.login(username=self.user.username, password='password')
         response = self.client.put(
             reverse('changeset:set-harmful', args=[self.changeset])
@@ -772,7 +772,7 @@ def test_set_harmful_changeset_not_allowed(self):
         self.assertIsNone(self.changeset.check_date)
 
     def test_set_good_changeset_not_allowed(self):
-        """User can't mark his own changeset as good."""
+        """User can't mark their own changeset as good."""
         self.client.login(username=self.user.username, password='password')
         response = self.client.put(
             reverse('changeset:set-good', args=[self.changeset])
diff --git a/osmchadjango/changeset/views.py b/osmchadjango/changeset/views.py
@@ -247,7 +247,7 @@ def add_reviewed_feature(self, type, id, harmful):
 
         if changeset.uid in self.request.user.social_auth.values_list('uid', flat=True):
             return Response(
-                {'detail': 'User can not check features on his own changeset.'},
+                {'detail': 'User can not check features on their own changeset.'},
                 status=status.HTTP_403_FORBIDDEN
                 )
 
@@ -279,7 +279,7 @@ def remove_harmful_feature(self, request, pk, type, id):
 
             if changeset.uid in self.request.user.social_auth.values_list('uid', flat=True):
                 return Response(
-                    {'detail': 'User can not check features on his own changeset.'},
+                    {'detail': 'User can not check features on their own changeset.'},
                     status=status.HTTP_403_FORBIDDEN
                     )
 
@@ -343,7 +343,7 @@ def set_harmful(self, request, pk):
                 )
         if changeset.uid in request.user.social_auth.values_list('uid', flat=True):
             return Response(
-                {'detail': 'User can not check his own changeset.'},
+                {'detail': 'User can not check their own changeset.'},
                 status=status.HTTP_403_FORBIDDEN
                 )
         if request.data:
@@ -372,7 +372,7 @@ def set_good(self, request, pk):
                 )
         if changeset.uid in request.user.social_auth.values_list('uid', flat=True):
             return Response(
-                {'detail': 'User can not check his own changeset.'},
+                {'detail': 'User can not check their own changeset.'},
                 status=status.HTTP_403_FORBIDDEN
                 )
         if request.data:
@@ -440,7 +440,7 @@ def add_tag(self, request, pk, tag_pk):
 
         if changeset.uid in request.user.social_auth.values_list('uid', flat=True):
             return Response(
-                {'detail': 'User can not add tags to his own changeset.'},
+                {'detail': 'User can not add tags to their own changeset.'},
                 status=status.HTTP_403_FORBIDDEN
                 )
         if changeset.checked and (
@@ -468,7 +468,7 @@ def remove_tag(self, request, pk, tag_pk):
 
         if changeset.uid in request.user.social_auth.values_list('uid', flat=True):
             return Response(
-                {'detail': 'User can not remove tags from his own changeset.'},
+                {'detail': 'User can not remove tags from their own changeset.'},
                 status=status.HTTP_403_FORBIDDEN
                 )
         if changeset.checked and (
@@ -698,6 +698,7 @@ def filter_primary_tags(feature):
 class SetChangesetTagChangesAPIView(ModelViewSet):
     queryset = Changeset.objects.all()
     permission_classes = (IsAdminUser,)
+    throttle_classes = [] # do not rate limit the tag changes endpoint
     # The serializer is not used in this view. It's here only to avoid errors
     # in docs schema generation.
     serializer_class = ChangesetStatsSerializer
diff --git a/osmchadjango/supervise/views.py b/osmchadjango/supervise/views.py
@@ -119,7 +119,6 @@ class AOIListChangesetsFeedView(Feed):
     """
 
     def get_object(self, request, pk):
-        self.feed_id = pk
         return AreaOfInterest.objects.get(pk=pk)
 
     def title(self, obj):
@@ -131,7 +130,16 @@ def link(self, obj):
         return reverse('supervise:aoi-detail', args=[obj.id])
 
     def items(self, obj):
-        return obj.changesets()[:50]
+        items = obj.changesets()[:50]
+        # HACK: we want the <link> for each feed <item> to contain both the
+        # changeset ID and the AOI ID, but only the changeset is available in
+        # item_link() (passed in as the 'item' argument). As a workaround we'll
+        # attach the AOI ID to each changeset object. Storing the AOI ID on
+        # 'self' is tempting, but not thread-safe, since a single instance of
+        # the Feed class is used to serve all feed requests.
+        for item in items:
+            item.aoi_id = obj.id
+        return items
 
     def item_title(self, item):
         return 'Changeset {} by {}'.format(item.id, item.user)
@@ -140,7 +148,9 @@ def item_geometry(self, item):
         return item.bbox
 
     def item_link(self, item):
-        return "{}/changesets/{}/?aoi={}".format(settings.OSMCHA_URL, item.id, self.feed_id)
+        # item.aoi_id is obj.id, i.e. the UUID (pk) from the request URL,
+        # as set by us in items(self, obj) above.
+        return "{}/changesets/{}/?aoi={}".format(settings.OSMCHA_URL, item.id, item.aoi_id)
 
     def item_pubdate(self, item):
         return item.date
