Change repo filtering for users to use a user ID reference, rather than the username

While this means we need an additional query for initial lookup, it makes the *filtering* query (which is the heavy part) require far fewer joins, thus making it more efficient.

Also adds a new unit test to verify that our filter filters to the correct set of repositories.

data/model/_basequery.py

@@ -69,9 +69,9 @@ def _lookup_team_roles():
   return {role.name:role for role in TeamRole.select()}
 
 
-def filter_to_repos_for_user(query, username=None, namespace=None, repo_kind='image',
+def filter_to_repos_for_user(query, user_id=None, namespace=None, repo_kind='image',
                              include_public=True, start_id=None):
-  if not include_public and not username:
+  if not include_public and not user_id:
     return Repository.select().where(Repository.id == '-1')
 
   # Filter on the type of repository.
@@ -85,32 +85,28 @@ def filter_to_repos_for_user(query, username=None, namespace=None, repo_kind='im
   if start_id is not None:
     query = query.where(Repository.id >= start_id)
 
+  # Add a namespace filter if necessary.
+  if namespace:
+    query = query.where(Namespace.username == namespace)
+
   # Build a set of queries that, when unioned together, return the full set of visible repositories
   # for the filters specified.
   queries = []
 
-  where_clause = (True)
-  if namespace:
-    where_clause = (Namespace.username == namespace)
-
   if include_public:
     queries.append(query
                    .clone()
-                   .where(Repository.visibility == get_public_repo_visibility(), where_clause))
+                   .where(Repository.visibility == get_public_repo_visibility()))
 
-  if username:
-    UserThroughTeam = User.alias()
-    Org = User.alias()
+  if user_id is not None:
     AdminTeam = Team.alias()
     AdminTeamMember = TeamMember.alias()
-    AdminUser = User.alias()
 
     # Add repositories in which the user has permission.
     queries.append(query
                    .clone()
                    .switch(RepositoryPermission)
-                   .join(User)
-                   .where(User.username == username, where_clause))
+                   .where(RepositoryPermission.user == user_id))
 
     # Add repositories in which the user is a member of a team that has permission.
     queries.append(query
@@ -118,20 +114,16 @@ def filter_to_repos_for_user(query, username=None, namespace=None, repo_kind='im
                    .switch(RepositoryPermission)
                    .join(Team)
                    .join(TeamMember)
-                   .join(UserThroughTeam, on=(UserThroughTeam.id == TeamMember.user))
-                   .where(UserThroughTeam.username == username, where_clause))
+                   .where(TeamMember.user == user_id))
 
     # Add repositories under namespaces in which the user is the org admin.
     queries.append(query
                    .clone()
                    .switch(Repository)
-                   .join(Org, on=(Repository.namespace_user == Org.id))
-                   .join(AdminTeam, on=(Org.id == AdminTeam.organization))
-                   .where(AdminTeam.role == _lookup_team_role('admin'))
-                   .switch(AdminTeam)
+                   .join(AdminTeam, on=(Repository.namespace_user == AdminTeam.organization))
                    .join(AdminTeamMember, on=(AdminTeam.id == AdminTeamMember.team))
-                   .join(AdminUser, on=(AdminTeamMember.user == AdminUser.id))
-                   .where(AdminUser.username == username, where_clause))
+                   .where(AdminTeam.role == _lookup_team_role('admin'))
+                   .where(AdminTeamMember.user == user_id))
 
   return reduce(lambda l, r: l | r, queries)