Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2025-06-22 15:00:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): require library.write to upload assets to library (#4200)

Browse Source 
* require library.write to upload assets to library

* fix tests
This commit is contained in:
Daniel Dietzler 2023-09-24 15:19:36 +02:00 committed by GitHub
parent 84e4c15ed5
commit dd86aa9259
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/domain/access/access.core.ts
View File

@ -26,6 +26,7 @@ export enum Permission {
LIBRARY_CREATE = 'library.create', LIBRARY_CREATE = 'library.create',
LIBRARY_READ = 'library.read', LIBRARY_READ = 'library.read',
LIBRARY_WRITE = 'library.write',
LIBRARY_UPDATE = 'library.update', LIBRARY_UPDATE = 'library.update',
LIBRARY_DELETE = 'library.delete', LIBRARY_DELETE = 'library.delete',
LIBRARY_DOWNLOAD = 'library.download', LIBRARY_DOWNLOAD = 'library.download',
@ -183,6 +184,9 @@ export class AccessCore {
(await this.repository.library.hasPartnerAccess(authUser.id, id)) (await this.repository.library.hasPartnerAccess(authUser.id, id))
); );
case Permission.LIBRARY_WRITE:
return this.repository.library.hasOwnerAccess(authUser.id, id);
case Permission.LIBRARY_UPDATE: case Permission.LIBRARY_UPDATE:
return this.repository.library.hasOwnerAccess(authUser.id, id); return this.repository.library.hasOwnerAccess(authUser.id, id);

5
server/src/immich/api-v1/asset/asset.service.spec.ts
View File

@ -139,6 +139,7 @@ describe('AssetService', () => {
const dto = _getCreateAssetDto(); const dto = _getCreateAssetDto();
assetRepositoryMock.create.mockResolvedValue(assetEntity); assetRepositoryMock.create.mockResolvedValue(assetEntity);
accessMock.library.hasOwnerAccess.mockResolvedValue(true);
await expect(sut.uploadFile(authStub.user1, dto, file)).resolves.toEqual({ duplicate: false, id: 'id_1' }); await expect(sut.uploadFile(authStub.user1, dto, file)).resolves.toEqual({ duplicate: false, id: 'id_1' });
@ -158,6 +159,7 @@ describe('AssetService', () => {
assetRepositoryMock.create.mockRejectedValue(error); assetRepositoryMock.create.mockRejectedValue(error);
assetRepositoryMock.getAssetsByChecksums.mockResolvedValue([_getAsset_1()]); assetRepositoryMock.getAssetsByChecksums.mockResolvedValue([_getAsset_1()]);
accessMock.library.hasOwnerAccess.mockResolvedValue(true);
await expect(sut.uploadFile(authStub.user1, dto, file)).resolves.toEqual({ duplicate: true, id: 'id_1' }); await expect(sut.uploadFile(authStub.user1, dto, file)).resolves.toEqual({ duplicate: true, id: 'id_1' });
@ -175,6 +177,7 @@ describe('AssetService', () => {
assetRepositoryMock.create.mockResolvedValueOnce(assetStub.livePhotoMotionAsset); assetRepositoryMock.create.mockResolvedValueOnce(assetStub.livePhotoMotionAsset);
assetRepositoryMock.create.mockResolvedValueOnce(assetStub.livePhotoStillAsset); assetRepositoryMock.create.mockResolvedValueOnce(assetStub.livePhotoStillAsset);
accessMock.library.hasOwnerAccess.mockResolvedValue(true);
await expect( await expect(
sut.uploadFile(authStub.user1, dto, fileStub.livePhotoStill, fileStub.livePhotoMotion), sut.uploadFile(authStub.user1, dto, fileStub.livePhotoStill, fileStub.livePhotoMotion),
@ -367,6 +370,7 @@ describe('AssetService', () => {
it('should handle a file import', async () => { it('should handle a file import', async () => {
assetRepositoryMock.create.mockResolvedValue(assetStub.image); assetRepositoryMock.create.mockResolvedValue(assetStub.image);
storageMock.checkFileExists.mockResolvedValue(true); storageMock.checkFileExists.mockResolvedValue(true);
accessMock.library.hasOwnerAccess.mockResolvedValue(true);
await expect( await expect(
sut.importFile(authStub.external1, { sut.importFile(authStub.external1, {
@ -387,6 +391,7 @@ describe('AssetService', () => {
assetRepositoryMock.create.mockRejectedValue(error); assetRepositoryMock.create.mockRejectedValue(error);
assetRepositoryMock.getAssetsByChecksums.mockResolvedValue([assetStub.image]); assetRepositoryMock.getAssetsByChecksums.mockResolvedValue([assetStub.image]);
storageMock.checkFileExists.mockResolvedValue(true); storageMock.checkFileExists.mockResolvedValue(true);
accessMock.library.hasOwnerAccess.mockResolvedValue(true);
cryptoMock.hashFile.mockResolvedValue(Buffer.from('file hash', 'utf8')); cryptoMock.hashFile.mockResolvedValue(Buffer.from('file hash', 'utf8'));
await expect( await expect(

2
server/src/immich/api-v1/asset/asset.service.ts
View File

@ -91,6 +91,7 @@ export class AssetService {
try { try {
const libraryId = await this.getLibraryId(authUser, dto.libraryId); const libraryId = await this.getLibraryId(authUser, dto.libraryId);
await this.access.requirePermission(authUser, Permission.LIBRARY_WRITE, libraryId);
if (livePhotoFile) { if (livePhotoFile) {
const livePhotoDto = { ...dto, assetType: AssetType.VIDEO, isVisible: false, libraryId }; const livePhotoDto = { ...dto, assetType: AssetType.VIDEO, isVisible: false, libraryId };
livePhotoAsset = await this.assetCore.create(authUser, livePhotoDto, livePhotoFile); livePhotoAsset = await this.assetCore.create(authUser, livePhotoDto, livePhotoFile);
@ -162,6 +163,7 @@ export class AssetService {
try { try {
const libraryId = await this.getLibraryId(authUser, dto.libraryId); const libraryId = await this.getLibraryId(authUser, dto.libraryId);
await this.access.requirePermission(authUser, Permission.LIBRARY_WRITE, libraryId);
const asset = await this.assetCore.create(authUser, { ...dto, libraryId }, assetFile, undefined, dto.sidecarPath); const asset = await this.assetCore.create(authUser, { ...dto, libraryId }, assetFile, undefined, dto.sidecarPath);
return { id: asset.id, duplicate: false }; return { id: asset.id, duplicate: false };
} catch (error: QueryFailedError | Error | any) { } catch (error: QueryFailedError | Error | any) {