refactor(server): shared link asset access check (immich-app#2680)

shiqustudio · Jun 7, 2023 · 284edd9 · 284edd9
1 parent d1b0b64
commit 284edd9
Show file tree

Hide file tree

Showing 9 changed files with 39 additions and 38 deletions.
diff --git a/server/apps/immich/src/api-v1/asset/asset.service.spec.ts b/server/apps/immich/src/api-v1/asset/asset.service.spec.ts
@@ -225,7 +225,7 @@ describe('AssetService', () => {
 
       assetRepositoryMock.getById.mockResolvedValue(asset1);
       sharedLinkRepositoryMock.get.mockResolvedValue(null);
-      sharedLinkRepositoryMock.hasAssetAccess.mockResolvedValue(true);
+      accessMock.hasSharedLinkAssetAccess.mockResolvedValue(true);
 
       await expect(sut.addAssetsToSharedLink(authDto, dto)).rejects.toBeInstanceOf(BadRequestException);
 
@@ -242,7 +242,7 @@ describe('AssetService', () => {
 
       assetRepositoryMock.getById.mockResolvedValue(asset1);
       sharedLinkRepositoryMock.get.mockResolvedValue(sharedLinkStub.valid);
-      sharedLinkRepositoryMock.hasAssetAccess.mockResolvedValue(true);
+      accessMock.hasSharedLinkAssetAccess.mockResolvedValue(true);
       sharedLinkRepositoryMock.update.mockResolvedValue(sharedLinkStub.valid);
 
       await expect(sut.addAssetsToSharedLink(authDto, dto)).resolves.toEqual(sharedLinkResponseStub.valid);
@@ -260,7 +260,7 @@ describe('AssetService', () => {
 
       assetRepositoryMock.getById.mockResolvedValue(asset1);
       sharedLinkRepositoryMock.get.mockResolvedValue(sharedLinkStub.valid);
-      sharedLinkRepositoryMock.hasAssetAccess.mockResolvedValue(true);
+      accessMock.hasSharedLinkAssetAccess.mockResolvedValue(true);
       sharedLinkRepositoryMock.update.mockResolvedValue(sharedLinkStub.valid);
 
       await expect(sut.removeAssetsFromSharedLink(authDto, dto)).resolves.toEqual(sharedLinkResponseStub.valid);

diff --git a/server/apps/immich/src/api-v1/asset/asset.service.ts b/server/apps/immich/src/api-v1/asset/asset.service.ts
@@ -564,10 +564,12 @@ export class AssetService {
   }
 
   private async checkAssetsAccess(authUser: AuthUserDto, assetIds: string[], mustBeOwner = false) {
+    const sharedLinkId = authUser.sharedLinkId;
+
     for (const assetId of assetIds) {
       // Step 1: Check if asset is part of a public shared
-      if (authUser.sharedLinkId) {
-        const canAccess = await this.shareCore.hasAssetAccess(authUser.sharedLinkId, assetId);
+      if (sharedLinkId) {
+        const canAccess = await this.accessRepository.hasSharedLinkAssetAccess(sharedLinkId, assetId);
         if (canAccess) {
           continue;
         }

diff --git a/server/libs/domain/src/access/access.repository.ts b/server/libs/domain/src/access/access.repository.ts
@@ -3,4 +3,5 @@ export const IAccessRepository = 'IAccessRepository';
 export interface IAccessRepository {
   hasPartnerAccess(userId: string, partnerId: string): Promise<boolean>;
   hasPartnerAssetAccess(userId: string, assetId: string): Promise<boolean>;
+  hasSharedLinkAssetAccess(userId: string, assetId: string): Promise<boolean>;
 }
diff --git a/server/libs/domain/src/shared-link/shared-link.core.ts b/server/libs/domain/src/shared-link/shared-link.core.ts
@@ -47,10 +47,6 @@ export class SharedLinkCore {
     return this.repository.update({ ...link, assets: newAssets });
   }
 
-  async hasAssetAccess(id: string, assetId: string): Promise<boolean> {
-    return this.repository.hasAssetAccess(id, assetId);
-  }
-
   checkDownloadAccess(user: AuthUserDto) {
     if (user.isPublicUser && !user.isAllowDownload) {
       throw new ForbiddenException();

diff --git a/server/libs/domain/src/shared-link/shared-link.repository.ts b/server/libs/domain/src/shared-link/shared-link.repository.ts
@@ -9,5 +9,4 @@ export interface ISharedLinkRepository {
   create(entity: Omit<SharedLinkEntity, 'id' | 'user'>): Promise<SharedLinkEntity>;
   update(entity: Partial<SharedLinkEntity>): Promise<SharedLinkEntity>;
   remove(entity: SharedLinkEntity): Promise<void>;
-  hasAssetAccess(id: string, assetId: string): Promise<boolean>;
 }
diff --git a/server/libs/domain/test/access.repository.mock.ts b/server/libs/domain/test/access.repository.mock.ts
@@ -4,5 +4,6 @@ export const newAccessRepositoryMock = (): jest.Mocked<IAccessRepository> => {
   return {
     hasPartnerAccess: jest.fn(),
     hasPartnerAssetAccess: jest.fn(),
+    hasSharedLinkAssetAccess: jest.fn(),
   };
 };
diff --git a/server/libs/domain/test/shared-link.repository.mock.ts b/server/libs/domain/test/shared-link.repository.mock.ts
@@ -8,6 +8,5 @@ export const newSharedLinkRepositoryMock = (): jest.Mocked<ISharedLinkRepository
     create: jest.fn(),
     remove: jest.fn(),
     update: jest.fn(),
-    hasAssetAccess: jest.fn(),
   };
 };
diff --git a/server/libs/infra/src/repositories/access.repository.ts b/server/libs/infra/src/repositories/access.repository.ts
@@ -1,10 +1,13 @@
 import { IAccessRepository } from '@app/domain';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
-import { PartnerEntity } from '../entities';
+import { PartnerEntity, SharedLinkEntity } from '../entities';
 
 export class AccessRepository implements IAccessRepository {
-  constructor(@InjectRepository(PartnerEntity) private partnerRepository: Repository<PartnerEntity>) {}
+  constructor(
+    @InjectRepository(PartnerEntity) private partnerRepository: Repository<PartnerEntity>,
+    @InjectRepository(SharedLinkEntity) private sharedLinkRepository: Repository<SharedLinkEntity>,
+  ) {}
 
   hasPartnerAccess(userId: string, partnerId: string): Promise<boolean> {
     return this.partnerRepository.exist({
@@ -35,4 +38,29 @@ export class AccessRepository implements IAccessRepository {
       },
     });
   }
+
+  async hasSharedLinkAssetAccess(sharedLinkId: string, assetId: string): Promise<boolean> {
+    return (
+      // album asset
+      (await this.sharedLinkRepository.exist({
+        where: {
+          id: sharedLinkId,
+          album: {
+            assets: {
+              id: assetId,
+            },
+          },
+        },
+      })) ||
+      // individual asset
+      (await this.sharedLinkRepository.exist({
+        where: {
+          id: sharedLinkId,
+          assets: {
+            id: assetId,
+          },
+        },
+      }))
+    );
+  }
 }
diff --git a/server/libs/infra/src/repositories/shared-link.repository.ts b/server/libs/infra/src/repositories/shared-link.repository.ts
@@ -86,31 +86,6 @@ export class SharedLinkRepository implements ISharedLinkRepository {
     await this.repository.remove(entity);
   }
 
-  async hasAssetAccess(id: string, assetId: string): Promise<boolean> {
-    return (
-      // album asset
-      (await this.repository.exist({
-        where: {
-          id,
-          album: {
-            assets: {
-              id: assetId,
-            },
-          },
-        },
-      })) ||
-      // individual asset
-      (await this.repository.exist({
-        where: {
-          id,
-          assets: {
-            id: assetId,
-          },
-        },
-      }))
-    );
-  }
-
   private async save(entity: Partial<SharedLinkEntity>): Promise<SharedLinkEntity> {
     await this.repository.save(entity);
     return this.repository.findOneOrFail({ where: { id: entity.id } });