Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2026-05-25 09:02:31 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): restrict individual shared link asset removal to owners (#26868)

Browse Source 
* fix(server): restrict individual shared link asset removal to owners

* make open-api
This commit is contained in:
Michel Heusschen
2026-03-12 19:48:00 +01:00
committed by GitHub
parent 6bb8f4fcc4
commit 3fd24e2083
8 changed files with 55 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files
e2e/src/specs/server/api/shared-link.e2e-spec.ts
+10
View File
@@ -438,6 +438,16 @@ describe('/shared-links', () => {
expect(body).toEqual(errorDto.badRequest('Invalid shared link type'));
});
it('should reject guests removing assets from an individual shared link', async () => {
const { status, body } = await request(app)
.delete(`/shared-links/${linkWithAssets.id}/assets`)
.query({ key: linkWithAssets.key })
.send({ assetIds: [asset1.id] });
expect(status).toBe(403);
expect(body).toEqual(errorDto.forbidden);
});
it('should remove assets from a shared link (individual)', async () => {
const { status, body } = await request(app)
.delete(`/shared-links/${linkWithAssets.id}/assets`)