mirror of
https://github.com/immich-app/immich.git
synced 2024-12-25 10:43:13 +02:00
fix(server): Allow access to assets in shared album owned by current user (#1094)
* fix(server): Allow access to assets in shared album owned by current user * Fix sql query Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
This commit is contained in:
parent
aa554a9e77
commit
415550f16d
@ -3,7 +3,7 @@ import { AssetAlbumEntity } from '@app/database/entities/asset-album.entity';
|
|||||||
import { UserAlbumEntity } from '@app/database/entities/user-album.entity';
|
import { UserAlbumEntity } from '@app/database/entities/user-album.entity';
|
||||||
import { Injectable } from '@nestjs/common';
|
import { Injectable } from '@nestjs/common';
|
||||||
import { InjectRepository } from '@nestjs/typeorm';
|
import { InjectRepository } from '@nestjs/typeorm';
|
||||||
import { In, Repository, SelectQueryBuilder, DataSource } from 'typeorm';
|
import { In, Repository, SelectQueryBuilder, DataSource, Brackets } from 'typeorm';
|
||||||
import { AddAssetsDto } from './dto/add-assets.dto';
|
import { AddAssetsDto } from './dto/add-assets.dto';
|
||||||
import { AddUsersDto } from './dto/add-users.dto';
|
import { AddUsersDto } from './dto/add-users.dto';
|
||||||
import { CreateAlbumDto } from './dto/create-album.dto';
|
import { CreateAlbumDto } from './dto/create-album.dto';
|
||||||
@ -286,14 +286,18 @@ export class AlbumRepository implements IAlbumRepository {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async getSharedWithUserAlbumCount(userId: string, assetId: string): Promise<number> {
|
async getSharedWithUserAlbumCount(userId: string, assetId: string): Promise<number> {
|
||||||
const result = await this
|
const result = await this.userAlbumRepository
|
||||||
.userAlbumRepository
|
.createQueryBuilder('usa')
|
||||||
.createQueryBuilder('usa')
|
.select('count(aa)', 'count')
|
||||||
.select('count(aa)', 'count')
|
.innerJoin('asset_album', 'aa', 'aa.albumId = usa.albumId')
|
||||||
.innerJoin('asset_album', 'aa', 'aa.albumId = usa.albumId')
|
.innerJoin('albums', 'a', 'a.id = usa.albumId')
|
||||||
.where('aa.assetId = :assetId', { assetId })
|
.where('aa.assetId = :assetId', { assetId })
|
||||||
.andWhere('usa.sharedUserId = :userId', { userId })
|
.andWhere(
|
||||||
.getRawOne();
|
new Brackets((qb) => {
|
||||||
|
qb.where('a.ownerId = :userId', { userId }).orWhere('usa.sharedUserId = :userId', { userId });
|
||||||
|
}),
|
||||||
|
)
|
||||||
|
.getRawOne();
|
||||||
|
|
||||||
return result.count;
|
return result.count;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user