0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-01-07 00:50:23 -05:00

Simplify control flow

This commit is contained in:
Matthias Rupp 2022-12-01 17:28:26 +01:00
parent 38cfdea855
commit 7bc3cbf687

View file

@ -644,24 +644,30 @@ export class AssetService {
async checkAssetsAccess(authUser: AuthUserDto, assetIds: string[], mustBeOwner = false) { async checkAssetsAccess(authUser: AuthUserDto, assetIds: string[], mustBeOwner = false) {
for (const assetId of assetIds) { for (const assetId of assetIds) {
// Default: DENY
let accessAllowed = false;
// Step 1: Check if user owns asset // Step 1: Check if user owns asset
if ((await this._assetRepository.countByIdAndUser(assetId, authUser.id)) == 1) { if ((await this._assetRepository.countByIdAndUser(assetId, authUser.id)) == 1) {
continue; accessAllowed = true;
} }
// Avoid additional checks if ownership is required // Avoid additional checks if ownership is required
if (!mustBeOwner) { if (!mustBeOwner) {
// Step 2: Check if asset is part of an album shared with me // Step 2: Check if asset is part of an album shared with me
if ((await this._albumRepository.getSharedWithUserAlbumCount(authUser.id, assetId)) > 0) { if ((await this._albumRepository.getSharedWithUserAlbumCount(authUser.id, assetId)) > 0) {
continue; accessAllowed = true;
} }
//TODO: Step 3: Check if asset is part of a public album //TODO: Step 3: Check if asset is part of a public album
} }
if (!accessAllowed) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
} }
} }
}
async function processETag(path: string, res: Res, headers: Record<string, string>): Promise<boolean> { async function processETag(path: string, res: Res, headers: Record<string, string>): Promise<boolean> {
const { size, mtimeNs } = await fs.stat(path, { bigint: true }); const { size, mtimeNs } = await fs.stat(path, { bigint: true });