Skip to content

Commit

Permalink
fix(server): partner can view archived assets (immich-app#9750)
Browse files Browse the repository at this point in the history 
* fix(server): partner can view archived assets

* update sql queries
  • Loading branch information
@michelheusschen
michelheusschen authored May 25, 2024
1 parent 9e71256 commit 8a7b0f6
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 0 deletions.
31 changes: 31 additions & 0 deletions e2e/src/api/specs/asset.e2e-spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ describe('/asset', () => {
utils.userSetup(admin.accessToken, createUserDto.create('stack')),
]);

await utils.createPartner(user1.accessToken, user2.userId);

// asset location
locationAsset = await utils.createAsset(admin.accessToken, {
assetData: {
Expand Down Expand Up @@ -233,6 +235,35 @@ describe('/asset', () => {
expect(data.status).toBe(200);
expect(data.body).toMatchObject({ people: [] });
});

describe('partner assets', () => {
it('should get the asset info', async () => {
const { status, body } = await request(app)
.get(`/asset/${user1Assets[0].id}`)
.set('Authorization', `Bearer ${user2.accessToken}`);
expect(status).toBe(200);
expect(body).toMatchObject({ id: user1Assets[0].id });
});

it('disallows viewing archived assets', async () => {
const asset = await utils.createAsset(user1.accessToken, { isArchived: true });

const { status } = await request(app)
.get(`/asset/${asset.id}`)
.set('Authorization', `Bearer ${user2.accessToken}`);
expect(status).toBe(400);
});

it('disallows viewing trashed assets', async () => {
const asset = await utils.createAsset(user1.accessToken);
await utils.deleteAssets(user1.accessToken, [asset.id]);

const { status } = await request(app)
.get(`/asset/${asset.id}`)
.set('Authorization', `Bearer ${user2.accessToken}`);
expect(status).toBe(400);
});
});
});

describe('GET /asset/statistics', () => {
Expand Down
3 changes: 3 additions & 0 deletions e2e/src/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import {
createAlbum,
createApiKey,
createLibrary,
createPartner,
createPerson,
createSharedLink,
createUser,
Expand Down Expand Up @@ -385,6 +386,8 @@ export const utils = {
validateLibrary: (accessToken: string, id: string, dto: ValidateLibraryDto) =>
validate({ id, validateLibraryDto: dto }, { headers: asBearerAuth(accessToken) }),

createPartner: (accessToken: string, id: string) => createPartner({ id }, { headers: asBearerAuth(accessToken) }),

setAuthCookies: async (context: BrowserContext, accessToken: string) =>
await context.addCookies([
{
Expand Down
1 change: 1 addition & 0 deletions server/src/queries/access.repository.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ FROM
AND ("asset"."deletedAt" IS NULL)
WHERE
"partner"."sharedWithId" = $1
AND "asset"."isArchived" = false
AND "asset"."id" IN ($2)

-- AccessRepository.asset.checkSharedLinkAccess
Expand Down
1 change: 1 addition & 0 deletions server/src/repositories/access.repository.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,7 @@ class AssetAccess implements IAssetAccess {
.innerJoin('sharedBy.assets', 'asset')
.select('asset.id', 'assetId')
.where('partner.sharedWithId = :userId', { userId })
.andWhere('asset.isArchived = false')
.andWhere('asset.id IN (:...assetIds)', { assetIds: [...assetIds] })
.getRawMany()
.then((rows) => new Set(rows.map((row) => row.assetId)));
Expand Down

0 comments on commit 8a7b0f6

Please sign in to comment.