mirror of
https://github.com/immich-app/immich.git
synced 2025-01-07 00:50:23 -05:00
fix(server): partner can view archived assets (#9750)
* fix(server): partner can view archived assets * update sql queries
This commit is contained in:
parent
9e71256191
commit
8a7b0f66a4
4 changed files with 36 additions and 0 deletions
|
@ -86,6 +86,8 @@ describe('/asset', () => {
|
|||
utils.userSetup(admin.accessToken, createUserDto.create('stack')),
|
||||
]);
|
||||
|
||||
await utils.createPartner(user1.accessToken, user2.userId);
|
||||
|
||||
// asset location
|
||||
locationAsset = await utils.createAsset(admin.accessToken, {
|
||||
assetData: {
|
||||
|
@ -233,6 +235,35 @@ describe('/asset', () => {
|
|||
expect(data.status).toBe(200);
|
||||
expect(data.body).toMatchObject({ people: [] });
|
||||
});
|
||||
|
||||
describe('partner assets', () => {
|
||||
it('should get the asset info', async () => {
|
||||
const { status, body } = await request(app)
|
||||
.get(`/asset/${user1Assets[0].id}`)
|
||||
.set('Authorization', `Bearer ${user2.accessToken}`);
|
||||
expect(status).toBe(200);
|
||||
expect(body).toMatchObject({ id: user1Assets[0].id });
|
||||
});
|
||||
|
||||
it('disallows viewing archived assets', async () => {
|
||||
const asset = await utils.createAsset(user1.accessToken, { isArchived: true });
|
||||
|
||||
const { status } = await request(app)
|
||||
.get(`/asset/${asset.id}`)
|
||||
.set('Authorization', `Bearer ${user2.accessToken}`);
|
||||
expect(status).toBe(400);
|
||||
});
|
||||
|
||||
it('disallows viewing trashed assets', async () => {
|
||||
const asset = await utils.createAsset(user1.accessToken);
|
||||
await utils.deleteAssets(user1.accessToken, [asset.id]);
|
||||
|
||||
const { status } = await request(app)
|
||||
.get(`/asset/${asset.id}`)
|
||||
.set('Authorization', `Bearer ${user2.accessToken}`);
|
||||
expect(status).toBe(400);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('GET /asset/statistics', () => {
|
||||
|
|
|
@ -13,6 +13,7 @@ import {
|
|||
createAlbum,
|
||||
createApiKey,
|
||||
createLibrary,
|
||||
createPartner,
|
||||
createPerson,
|
||||
createSharedLink,
|
||||
createUser,
|
||||
|
@ -385,6 +386,8 @@ export const utils = {
|
|||
validateLibrary: (accessToken: string, id: string, dto: ValidateLibraryDto) =>
|
||||
validate({ id, validateLibraryDto: dto }, { headers: asBearerAuth(accessToken) }),
|
||||
|
||||
createPartner: (accessToken: string, id: string) => createPartner({ id }, { headers: asBearerAuth(accessToken) }),
|
||||
|
||||
setAuthCookies: async (context: BrowserContext, accessToken: string) =>
|
||||
await context.addCookies([
|
||||
{
|
||||
|
|
|
@ -153,6 +153,7 @@ FROM
|
|||
AND ("asset"."deletedAt" IS NULL)
|
||||
WHERE
|
||||
"partner"."sharedWithId" = $1
|
||||
AND "asset"."isArchived" = false
|
||||
AND "asset"."id" IN ($2)
|
||||
|
||||
-- AccessRepository.asset.checkSharedLinkAccess
|
||||
|
|
|
@ -240,6 +240,7 @@ class AssetAccess implements IAssetAccess {
|
|||
.innerJoin('sharedBy.assets', 'asset')
|
||||
.select('asset.id', 'assetId')
|
||||
.where('partner.sharedWithId = :userId', { userId })
|
||||
.andWhere('asset.isArchived = false')
|
||||
.andWhere('asset.id IN (:...assetIds)', { assetIds: [...assetIds] })
|
||||
.getRawMany()
|
||||
.then((rows) => new Set(rows.map((row) => row.assetId)));
|
||||
|
|
Loading…
Reference in a new issue