From 7801007b70aee2faff6aede828be510bac09493d Mon Sep 17 00:00:00 2001 From: Jason Rasmussen Date: Wed, 8 Apr 2026 21:10:06 -0400 Subject: [PATCH] fix: remove from album --- server/src/services/album.service.ts | 4 +--- server/src/utils/access.ts | 10 ---------- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/server/src/services/album.service.ts b/server/src/services/album.service.ts index 547ec63bf8..5e6fe78253 100644 --- a/server/src/services/album.service.ts +++ b/server/src/services/album.service.ts @@ -265,13 +265,11 @@ export class AlbumService extends BaseService { } async removeAssets(auth: AuthDto, id: string, dto: BulkIdsDto): Promise { - await this.requireAccess({ auth, permission: Permission.AlbumAssetDelete, ids: [id] }); - const album = await this.findOrFail(id, { withAssets: false }); const results = await removeAssets( auth, { access: this.accessRepository, bulk: this.albumRepository }, - { parentId: id, assetIds: dto.ids, canAlwaysRemove: Permission.AlbumDelete }, + { parentId: id, assetIds: dto.ids, canAlwaysRemove: Permission.AlbumUpdate }, ); const removedIds = results.filter(({ success }) => success).map(({ id }) => id); diff --git a/server/src/utils/access.ts b/server/src/utils/access.ts index 21e8bdd66e..cbfb53f93a 100644 --- a/server/src/utils/access.ts +++ b/server/src/utils/access.ts @@ -223,16 +223,6 @@ const checkOtherAccess = async (access: AccessRepository, request: OtherAccessRe return setUnion(isOwner, isShared); } - case Permission.AlbumAssetDelete: { - const isOwner = await access.album.checkOwnerAccess(auth.user.id, ids); - const isShared = await access.album.checkSharedAlbumAccess( - auth.user.id, - setDifference(ids, isOwner), - AlbumUserRole.Editor, - ); - return setUnion(isOwner, isShared); - } - case Permission.AssetUpload: { return ids.has(auth.user.id) ? new Set([auth.user.id]) : new Set(); }