openbraininstitute · eleftherioszisis · May 22, 2026 · May 22, 2026
diff --git a/app/queries/common.py b/app/queries/common.py
@@ -7,7 +7,7 @@
 from sqlalchemy.sql import operators
 
 from app.db.auth import (
-    constrain_to_readable_entities_by_project,
+    constrain_to_readable_entities_by_context,
     constrain_to_writable_entities,
 )
 from app.db.model import Activity, Identifiable
@@ -69,9 +69,9 @@ def router_read_one[T: BaseModel, I: Identifiable](
     if user_context and (
         id_model_class := get_declaring_class(db_model_class, "authorized_project_id")
     ):
-        query = constrain_to_readable_entities_by_project(
+        query = constrain_to_readable_entities_by_context(
             query=query,
-            project_id=user_context.project_id,
+            user_context=user_context,
             db_model_class=id_model_class,
         )
     if apply_operations:
@@ -269,7 +269,7 @@ def router_read_many[T: BaseModel, I: Identifiable](  # noqa: PLR0913
     *,
     db: Session,
     db_model_class: type[I],
-    authorized_project_id: uuid.UUID | None,
+    user_context: UserContext | None,
     with_search: Search[I] | None,
     with_in_brain_region: InBrainRegionQuery | None,
     facets: WithFacets | None,
@@ -289,7 +289,7 @@ def router_read_many[T: BaseModel, I: Identifiable](  # noqa: PLR0913
     Args:
         db: database session.
         db_model_class: database model class.
-        authorized_project_id: project id for filtering the resources.
+        user_context: user context for filtering readable resources.
         with_search: search query (str).
         with_in_brain_region: enable family queries based on BrainRegion
         facets: facet query (bool).
@@ -311,12 +311,14 @@ def router_read_many[T: BaseModel, I: Identifiable](  # noqa: PLR0913
     """
     filter_query = sa.select(db_model_class)
 
-    if check_authorized_project and (
-        id_model_class := get_declaring_class(db_model_class, "authorized_project_id")
+    if (
+        user_context
+        and check_authorized_project
+        and (id_model_class := get_declaring_class(db_model_class, "authorized_project_id"))
     ):
-        filter_query = constrain_to_readable_entities_by_project(
+        filter_query = constrain_to_readable_entities_by_context(
             query=filter_query,
-            project_id=authorized_project_id,
+            user_context=user_context,
             db_model_class=id_model_class,
         )
 

diff --git a/app/queries/entity.py b/app/queries/entity.py
@@ -13,50 +13,50 @@
 from app.schemas.auth import UserContext
 
 
-def get_accessible_entity[T: Entity](
+def get_readable_entity_by_project[T: Entity](
     db: Session,
     db_model_class: type[T],
     entity_id: uuid.UUID,
-    user_context: UserContext,
+    project_id: uuid.UUID,
 ) -> T:
     """Return a specific entity by type and id, readable by the given project.
 
     Args:
         db: db session.
         db_model_class: Entity subclass.
         entity_id: id of the entity.
-        user_context: UserContext
+        project_id: The project id
 
     Returns:
         the selected entity if it's public or owned by project_id,
         or raises NoResultFound if the entity doesn't exist, or it's forbidden.
     """
     query = sa.select(db_model_class).where(db_model_class.id == entity_id)
-    query = constrain_to_readable_entities_by_context(query=query, user_context=user_context)
+    query = constrain_to_readable_entities_by_project(query=query, project_id=project_id)
     with ensure_result(f"Entity {db_model_class.__name__} {entity_id} not found or forbidden"):
         return db.execute(query).scalar_one()
 
 
-def get_readable_entity[T: Entity](
+def get_readable_entity_by_context[T: Entity](
     db: Session,
     db_model_class: type[T],
+    user_context: UserContext,
     entity_id: uuid.UUID,
-    project_id: uuid.UUID | None,
 ) -> T:
     """Return a specific entity by type and id, readable by the given project.
 
     Args:
         db: db session.
         db_model_class: Entity subclass.
         entity_id: id of the entity.
-        project_id: optional project id owning the entity.
+        user_context: The user context
 
     Returns:
         the selected entity if it's public or owned by project_id,
         or raises NoResultFound if the entity doesn't exist, or it's forbidden.
     """
     query = sa.select(db_model_class).where(db_model_class.id == entity_id)
-    query = constrain_to_readable_entities_by_project(query=query, project_id=project_id)
+    query = constrain_to_readable_entities_by_context(query=query, user_context=user_context)
     with ensure_result(f"Entity {db_model_class.__name__} {entity_id} not found or forbidden"):
         return db.execute(query).scalar_one()
 

diff --git a/app/service/admin.py b/app/service/admin.py
@@ -69,7 +69,7 @@ def get_entity_assets(
     return router_read_many(
         db=repos.db,
         db_model_class=db_model_class,
-        authorized_project_id=None,
+        user_context=None,
         with_search=None,
         with_in_brain_region=None,
         facets=None,

diff --git a/app/service/analysis_notebook_environment.py b/app/service/analysis_notebook_environment.py
@@ -172,7 +172,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=AnalysisNotebookEnvironmentRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/analysis_notebook_execution.py b/app/service/analysis_notebook_execution.py
@@ -141,7 +141,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=AnalysisNotebookExecutionRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/analysis_notebook_result.py b/app/service/analysis_notebook_result.py
@@ -170,7 +170,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=AnalysisNotebookResultRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/analysis_notebook_template.py b/app/service/analysis_notebook_template.py
@@ -173,7 +173,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=AnalysisNotebookTemplateRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/asset.py b/app/service/asset.py
@@ -66,7 +66,7 @@ def get_entity_assets(
     """Return the list of assets associated with a specific entity."""
     db_model_class = Asset
     entity_type = entity_route_to_type(entity_route)
-    _ = entity_service.get_readable_entity(
+    _ = entity_service.get_readable_entity_by_context(
         repos,
         user_context=user_context,
         entity_type=entity_type,
@@ -81,7 +81,7 @@ def get_entity_assets(
     return router_read_many(
         db=repos.db,
         db_model_class=db_model_class,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         with_search=None,
         with_in_brain_region=None,
         facets=None,
@@ -104,7 +104,7 @@ def get_entity_asset(
     asset_id: uuid.UUID,
 ) -> AssetRead:
     """Return an asset associated with a specific entity."""
-    _ = entity_service.get_readable_entity(
+    _ = entity_service.get_readable_entity_by_context(
         repos,
         user_context=user_context,
         entity_type=entity_type,

diff --git a/app/service/brain_atlas.py b/app/service/brain_atlas.py
@@ -62,7 +62,7 @@ def _read_many(
     return app.queries.common.router_read_many(
         db=db,
         db_model_class=BrainAtlas,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         with_search=None,
         with_in_brain_region=None,
         facets=None,
@@ -204,7 +204,7 @@ def read_many_region(
     return app.queries.common.router_read_many(
         db=db,
         db_model_class=BrainAtlasRegion,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         with_search=None,
         with_in_brain_region=None,
         facets=None,

diff --git a/app/service/brain_atlas_region.py b/app/service/brain_atlas_region.py
@@ -172,7 +172,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=BrainAtlasRegionRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/brain_region.py b/app/service/brain_region.py
@@ -56,7 +56,7 @@ def read_many(
     return app.queries.common.router_read_many(
         db=db,
         db_model_class=db_model_class,
-        authorized_project_id=None,
+        user_context=None,
         with_search=None,
         with_in_brain_region=None,
         facets=None,

diff --git a/app/service/brain_region_hierarchy.py b/app/service/brain_region_hierarchy.py
@@ -57,7 +57,7 @@ def read_many(
     return app.queries.common.router_read_many(
         db=db,
         db_model_class=db_model_class,
-        authorized_project_id=None,
+        user_context=None,
         with_search=None,
         with_in_brain_region=None,
         facets=facets,

diff --git a/app/service/calibration.py b/app/service/calibration.py
@@ -139,7 +139,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=CalibrationRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/cell_composition.py b/app/service/cell_composition.py
@@ -179,7 +179,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=CellCompositionRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         name_to_facet_query_params=name_to_facet_query_params,
         check_authorized_project=check_authorized_project,

diff --git a/app/service/cell_morphology.py b/app/service/cell_morphology.py
@@ -229,7 +229,7 @@ def _read_many(
     return router_read_many(
         db=db,
         db_model_class=CellMorphology,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         with_search=with_search,
         with_in_brain_region=in_brain_region,
         facets=with_facets,

diff --git a/app/service/cell_morphology_protocol.py b/app/service/cell_morphology_protocol.py
@@ -133,7 +133,7 @@ def _read_many(
     return router_read_many(
         db=db,
         db_model_class=CellMorphologyProtocol,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         with_search=None,
         with_in_brain_region=None,
         facets=with_facets,

diff --git a/app/service/circuit.py b/app/service/circuit.py
@@ -197,7 +197,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=CircuitRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/circuit_extraction_campaign.py b/app/service/circuit_extraction_campaign.py
@@ -174,7 +174,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=CircuitExtractionCampaignRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/circuit_extraction_config.py b/app/service/circuit_extraction_config.py
@@ -180,7 +180,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=CircuitExtractionConfigRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/circuit_extraction_config_generation.py b/app/service/circuit_extraction_config_generation.py
@@ -136,7 +136,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=CircuitExtractionConfigGenerationRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/circuit_extraction_execution.py b/app/service/circuit_extraction_execution.py
@@ -139,7 +139,7 @@ def _read_many(
         aliases=aliases,
         pagination_request=pagination_request,
         response_schema_class=CircuitExtractionExecutionRead,
-        authorized_project_id=user_context.project_id,
+        user_context=user_context,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )

diff --git a/app/service/consortium.py b/app/service/consortium.py
@@ -53,7 +53,7 @@ def read_many(
     return app.queries.common.router_read_many(
         db=db,
         db_model_class=Consortium,
-        authorized_project_id=None,
+        user_context=None,
         with_search=None,
         with_in_brain_region=None,
         facets=None,

diff --git a/app/service/contribution.py b/app/service/contribution.py
@@ -8,7 +8,7 @@
 import app.queries.common
 from app.db.auth import (
     constrain_entity_query_to_project,
-    constrain_to_readable_entities_by_project,
+    constrain_to_readable_entities_by_context,
     constrain_to_writable_entities,
 )
 from app.db.model import Agent, Contribution, Entity, Person
@@ -79,8 +79,8 @@ def _read_many(
         aliases=aliases,
     )
     if check_authorized_project:
-        filter_query = lambda q: constrain_to_readable_entities_by_project(
-            query=_load(q), project_id=user_context.project_id
+        filter_query = lambda q: constrain_to_readable_entities_by_context(
+            query=_load(q), user_context=user_context
         )
     else:
         filter_query = _load
@@ -98,7 +98,7 @@ def _read_many(
         response_schema_class=ContributionRead,
         name_to_facet_query_params=name_to_facet_query_params,
         filter_model=filter_model,
-        authorized_project_id=user_context.project_id,
+        user_context=None,
         filter_joins=filter_joins,
         check_authorized_project=check_authorized_project,
     )
@@ -145,8 +145,8 @@ def read_one(
         db_model_class=Contribution,
         user_context=None,
         response_schema_class=ContributionRead,
-        apply_operations=lambda q: constrain_to_readable_entities_by_project(
-            query=_load(q), project_id=user_context.project_id
+        apply_operations=lambda q: constrain_to_readable_entities_by_context(
+            query=_load(q), user_context=user_context
         ),
     )