self-hosted/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2024-12-26 10:50:29 +02:00
Code Issues Releases Activity

feat(server): sql access checks (#6635)

Browse Source
This commit is contained in:
Jason Rasmussen 2024-01-25 10:14:38 -05:00 committed by GitHub
parent bd87eb309c
commit 7fc4abba72
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 760 additions and 418 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/infra/infra.util.ts
View File

@ -4,14 +4,17 @@ export const GENERATE_SQL_KEY = 'generate-sql-key';
export interface GenerateSqlQueries { export interface GenerateSqlQueries {
name?: string; name?: string;
params?: any[]; params: unknown[];
} }
/** Decorator to enable versioning/tracking of generated Sql */ /** Decorator to enable versioning/tracking of generated Sql */
export const GenerateSql = (...options: GenerateSqlQueries[]) => SetMetadata(GENERATE_SQL_KEY, options); export const GenerateSql = (...options: GenerateSqlQueries[]) => SetMetadata(GENERATE_SQL_KEY, options);
const UUID = '00000000-0000-4000-a000-000000000000';
export const DummyValue = { export const DummyValue = {
UUID: '00000000-0000-4000-a000-000000000000', UUID,
UUID_SET: new Set([UUID]),
PAGINATION: { take: 10, skip: 0 }, PAGINATION: { take: 10, skip: 0 },
EMAIL: 'user@immich.app', EMAIL: 'user@immich.app',
STRING: 'abcdefghi', STRING: 'abcdefghi',

308
server/src/infra/repositories/access.repository.ts
View File

@ -1,7 +1,6 @@
import { IAccessRepository } from '@app/domain'; import { IAccessRepository, chunks, setUnion } from '@app/domain';
import { InjectRepository } from '@nestjs/typeorm'; import { InjectRepository } from '@nestjs/typeorm';
import { Brackets, In, Repository } from 'typeorm'; import { Brackets, In, Repository } from 'typeorm';
import { chunks, setUnion } from '../../domain/domain.util';
import { import {
ActivityEntity, ActivityEntity,
AlbumEntity, AlbumEntity,
@ -13,23 +12,25 @@ import {
SharedLinkEntity, SharedLinkEntity,
UserTokenEntity, UserTokenEntity,
} from '../entities'; } from '../entities';
import { DATABASE_PARAMETER_CHUNK_SIZE } from '../infra.util'; import { DATABASE_PARAMETER_CHUNK_SIZE, DummyValue, GenerateSql } from '../infra.util';
export class AccessRepository implements IAccessRepository { type IActivityAccess = IAccessRepository['activity'];
type IAlbumAccess = IAccessRepository['album'];
type IAssetAccess = IAccessRepository['asset'];
type IAuthDeviceAccess = IAccessRepository['authDevice'];
type ILibraryAccess = IAccessRepository['library'];
type ITimelineAccess = IAccessRepository['timeline'];
type IPersonAccess = IAccessRepository['person'];
type IPartnerAccess = IAccessRepository['partner'];
class ActivityAccess implements IActivityAccess {
constructor( constructor(
@InjectRepository(ActivityEntity) private activityRepository: Repository<ActivityEntity>, private activityRepository: Repository<ActivityEntity>,
@InjectRepository(AssetEntity) private assetRepository: Repository<AssetEntity>, private albumRepository: Repository<AlbumEntity>,
@InjectRepository(AlbumEntity) private albumRepository: Repository<AlbumEntity>,
@InjectRepository(LibraryEntity) private libraryRepository: Repository<LibraryEntity>,
@InjectRepository(PartnerEntity) private partnerRepository: Repository<PartnerEntity>,
@InjectRepository(PersonEntity) private personRepository: Repository<PersonEntity>,
@InjectRepository(AssetFaceEntity) private assetFaceRepository: Repository<AssetFaceEntity>,
@InjectRepository(SharedLinkEntity) private sharedLinkRepository: Repository<SharedLinkEntity>,
@InjectRepository(UserTokenEntity) private tokenRepository: Repository<UserTokenEntity>,
) {} ) {}
activity = { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
checkOwnerAccess: async (userId: string, activityIds: Set<string>): Promise<Set<string>> => { async checkOwnerAccess(userId: string, activityIds: Set<string>): Promise<Set<string>> {
if (activityIds.size === 0) { if (activityIds.size === 0) {
return new Set(); return new Set();
} }
@ -47,9 +48,10 @@ export class AccessRepository implements IAccessRepository {
.then((activities) => new Set(activities.map((activity) => activity.id))), .then((activities) => new Set(activities.map((activity) => activity.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
checkAlbumOwnerAccess: async (userId: string, activityIds: Set<string>): Promise<Set<string>> => { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkAlbumOwnerAccess(userId: string, activityIds: Set<string>): Promise<Set<string>> {
if (activityIds.size === 0) { if (activityIds.size === 0) {
return new Set(); return new Set();
} }
@ -69,9 +71,10 @@ export class AccessRepository implements IAccessRepository {
.then((activities) => new Set(activities.map((activity) => activity.id))), .then((activities) => new Set(activities.map((activity) => activity.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
checkCreateAccess: async (userId: string, albumIds: Set<string>): Promise<Set<string>> => { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkCreateAccess(userId: string, albumIds: Set<string>): Promise<Set<string>> {
if (albumIds.size === 0) { if (albumIds.size === 0) {
return new Set(); return new Set();
} }
@ -93,18 +96,24 @@ export class AccessRepository implements IAccessRepository {
.then((albums) => new Set(albums.map((album) => album.id))), .then((albums) => new Set(albums.map((album) => album.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
}; }
library = { class AlbumAccess implements IAlbumAccess {
checkOwnerAccess: async (userId: string, libraryIds: Set<string>): Promise<Set<string>> => { constructor(
if (libraryIds.size === 0) { private albumRepository: Repository<AlbumEntity>,
private sharedLinkRepository: Repository<SharedLinkEntity>,
) {}
@GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkOwnerAccess(userId: string, albumIds: Set<string>): Promise<Set<string>> {
if (albumIds.size === 0) {
return new Set(); return new Set();
} }
return Promise.all( return Promise.all(
chunks(libraryIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) => chunks(albumIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) =>
this.libraryRepository this.albumRepository
.find({ .find({
select: { id: true }, select: { id: true },
where: { where: {
@ -112,52 +121,69 @@ export class AccessRepository implements IAccessRepository {
ownerId: userId, ownerId: userId,
}, },
}) })
.then((libraries) => new Set(libraries.map((library) => library.id))), .then((albums) => new Set(albums.map((album) => album.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
checkPartnerAccess: async (userId: string, partnerIds: Set<string>): Promise<Set<string>> => { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
if (partnerIds.size === 0) { async checkSharedAlbumAccess(userId: string, albumIds: Set<string>): Promise<Set<string>> {
if (albumIds.size === 0) {
return new Set(); return new Set();
} }
return Promise.all( return Promise.all(
chunks(partnerIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) => chunks(albumIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) =>
this.partnerRepository this.albumRepository
.createQueryBuilder('partner') .find({
.select('partner.sharedById') select: { id: true },
.where('partner.sharedById IN (:...partnerIds)', { partnerIds: idChunk }) where: {
.andWhere('partner.sharedWithId = :userId', { userId }) id: In(idChunk),
.getMany() sharedUsers: {
.then((partners) => new Set(partners.map((partner) => partner.sharedById))), id: userId,
},
},
})
.then((albums) => new Set(albums.map((album) => album.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
};
timeline = { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
checkPartnerAccess: async (userId: string, partnerIds: Set<string>): Promise<Set<string>> => { async checkSharedLinkAccess(sharedLinkId: string, albumIds: Set<string>): Promise<Set<string>> {
if (partnerIds.size === 0) { if (albumIds.size === 0) {
return new Set(); return new Set();
} }
return Promise.all( return Promise.all(
chunks(partnerIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) => chunks(albumIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) =>
this.partnerRepository this.sharedLinkRepository
.createQueryBuilder('partner') .find({
.select('partner.sharedById') select: { albumId: true },
.where('partner.sharedById IN (:...partnerIds)', { partnerIds: idChunk }) where: {
.andWhere('partner.sharedWithId = :userId', { userId }) id: sharedLinkId,
.getMany() albumId: In(idChunk),
.then((partners) => new Set(partners.map((partner) => partner.sharedById))), },
})
.then(
(sharedLinks) =>
new Set(sharedLinks.flatMap((sharedLink) => (!!sharedLink.albumId ? [sharedLink.albumId] : []))),
),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
}; }
asset = { class AssetAccess implements IAssetAccess {
checkAlbumAccess: async (userId: string, assetIds: Set<string>): Promise<Set<string>> => { constructor(
private albumRepository: Repository<AlbumEntity>,
private assetRepository: Repository<AssetEntity>,
private partnerRepository: Repository<PartnerEntity>,
private sharedLinkRepository: Repository<SharedLinkEntity>,
) {}
@GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkAlbumAccess(userId: string, assetIds: Set<string>): Promise<Set<string>> {
if (assetIds.size === 0) { if (assetIds.size === 0) {
return new Set(); return new Set();
} }
@ -193,9 +219,10 @@ export class AccessRepository implements IAccessRepository {
}), }),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
checkOwnerAccess: async (userId: string, assetIds: Set<string>): Promise<Set<string>> => { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkOwnerAccess(userId: string, assetIds: Set<string>): Promise<Set<string>> {
if (assetIds.size === 0) { if (assetIds.size === 0) {
return new Set(); return new Set();
} }
@ -214,9 +241,10 @@ export class AccessRepository implements IAccessRepository {
.then((assets) => new Set(assets.map((asset) => asset.id))), .then((assets) => new Set(assets.map((asset) => asset.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
checkPartnerAccess: async (userId: string, assetIds: Set<string>): Promise<Set<string>> => { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkPartnerAccess(userId: string, assetIds: Set<string>): Promise<Set<string>> {
if (assetIds.size === 0) { if (assetIds.size === 0) {
return new Set(); return new Set();
} }
@ -234,9 +262,10 @@ export class AccessRepository implements IAccessRepository {
.then((rows) => new Set(rows.map((row) => row.assetId))), .then((rows) => new Set(rows.map((row) => row.assetId))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
checkSharedLinkAccess: async (sharedLinkId: string, assetIds: Set<string>): Promise<Set<string>> => { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkSharedLinkAccess(sharedLinkId: string, assetIds: Set<string>): Promise<Set<string>> {
if (assetIds.size === 0) { if (assetIds.size === 0) {
return new Set(); return new Set();
} }
@ -280,11 +309,14 @@ export class AccessRepository implements IAccessRepository {
}), }),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
}; }
authDevice = { class AuthDeviceAccess implements IAuthDeviceAccess {
checkOwnerAccess: async (userId: string, deviceIds: Set<string>): Promise<Set<string>> => { constructor(private tokenRepository: Repository<UserTokenEntity>) {}
@GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkOwnerAccess(userId: string, deviceIds: Set<string>): Promise<Set<string>> {
if (deviceIds.size === 0) { if (deviceIds.size === 0) {
return new Set(); return new Set();
} }
@ -302,18 +334,24 @@ export class AccessRepository implements IAccessRepository {
.then((tokens) => new Set(tokens.map((token) => token.id))), .then((tokens) => new Set(tokens.map((token) => token.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
}; }
album = { class LibraryAccess implements ILibraryAccess {
checkOwnerAccess: async (userId: string, albumIds: Set<string>): Promise<Set<string>> => { constructor(
if (albumIds.size === 0) { private libraryRepository: Repository<LibraryEntity>,
private partnerRepository: Repository<PartnerEntity>,
) {}
@GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkOwnerAccess(userId: string, libraryIds: Set<string>): Promise<Set<string>> {
if (libraryIds.size === 0) {
return new Set(); return new Set();
} }
return Promise.all( return Promise.all(
chunks(albumIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) => chunks(libraryIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) =>
this.albumRepository this.libraryRepository
.find({ .find({
select: { id: true }, select: { id: true },
where: { where: {
@ -321,59 +359,62 @@ export class AccessRepository implements IAccessRepository {
ownerId: userId, ownerId: userId,
}, },
}) })
.then((albums) => new Set(albums.map((album) => album.id))), .then((libraries) => new Set(libraries.map((library) => library.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
checkSharedAlbumAccess: async (userId: string, albumIds: Set<string>): Promise<Set<string>> => { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
if (albumIds.size === 0) { async checkPartnerAccess(userId: string, partnerIds: Set<string>): Promise<Set<string>> {
if (partnerIds.size === 0) {
return new Set(); return new Set();
} }
return Promise.all( return Promise.all(
chunks(albumIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) => chunks(partnerIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) =>
this.albumRepository this.partnerRepository
.find({ .createQueryBuilder('partner')
select: { id: true }, .select('partner.sharedById')
where: { .where('partner.sharedById IN (:...partnerIds)', { partnerIds: idChunk })
id: In(idChunk), .andWhere('partner.sharedWithId = :userId', { userId })
sharedUsers: { .getMany()
id: userId, .then((partners) => new Set(partners.map((partner) => partner.sharedById))),
},
},
})
.then((albums) => new Set(albums.map((album) => album.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
}
checkSharedLinkAccess: async (sharedLinkId: string, albumIds: Set<string>): Promise<Set<string>> => { class TimelineAccess implements ITimelineAccess {
if (albumIds.size === 0) { constructor(private partnerRepository: Repository<PartnerEntity>) {}
@GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkPartnerAccess(userId: string, partnerIds: Set<string>): Promise<Set<string>> {
if (partnerIds.size === 0) {
return new Set(); return new Set();
} }
return Promise.all( return Promise.all(
chunks(albumIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) => chunks(partnerIds, DATABASE_PARAMETER_CHUNK_SIZE).map((idChunk) =>
this.sharedLinkRepository this.partnerRepository
.find({ .createQueryBuilder('partner')
select: { albumId: true }, .select('partner.sharedById')
where: { .where('partner.sharedById IN (:...partnerIds)', { partnerIds: idChunk })
id: sharedLinkId, .andWhere('partner.sharedWithId = :userId', { userId })
albumId: In(idChunk), .getMany()
}, .then((partners) => new Set(partners.map((partner) => partner.sharedById))),
})
.then(
(sharedLinks) =>
new Set(sharedLinks.flatMap((sharedLink) => (!!sharedLink.albumId ? [sharedLink.albumId] : []))),
),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
}; }
person = { class PersonAccess implements IPersonAccess {
checkOwnerAccess: async (userId: string, personIds: Set<string>): Promise<Set<string>> => { constructor(
private assetFaceRepository: Repository<AssetFaceEntity>,
private personRepository: Repository<PersonEntity>,
) {}
@GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkOwnerAccess(userId: string, personIds: Set<string>): Promise<Set<string>> {
if (personIds.size === 0) { if (personIds.size === 0) {
return new Set(); return new Set();
} }
@ -391,9 +432,10 @@ export class AccessRepository implements IAccessRepository {
.then((persons) => new Set(persons.map((person) => person.id))), .then((persons) => new Set(persons.map((person) => person.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
checkFaceOwnerAccess: async (userId: string, assetFaceIds: Set<string>): Promise<Set<string>> => { @GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkFaceOwnerAccess(userId: string, assetFaceIds: Set<string>): Promise<Set<string>> {
if (assetFaceIds.size === 0) { if (assetFaceIds.size === 0) {
return new Set(); return new Set();
} }
@ -413,11 +455,14 @@ export class AccessRepository implements IAccessRepository {
.then((faces) => new Set(faces.map((face) => face.id))), .then((faces) => new Set(faces.map((face) => face.id))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
}; }
partner = { class PartnerAccess implements IPartnerAccess {
checkUpdateAccess: async (userId: string, partnerIds: Set<string>): Promise<Set<string>> => { constructor(private partnerRepository: Repository<PartnerEntity>) {}
@GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID_SET] })
async checkUpdateAccess(userId: string, partnerIds: Set<string>): Promise<Set<string>> {
if (partnerIds.size === 0) { if (partnerIds.size === 0) {
return new Set(); return new Set();
} }
@ -433,6 +478,37 @@ export class AccessRepository implements IAccessRepository {
.then((partners) => new Set(partners.map((partner) => partner.sharedById))), .then((partners) => new Set(partners.map((partner) => partner.sharedById))),
), ),
).then((results) => setUnion(...results)); ).then((results) => setUnion(...results));
}, }
}; }
export class AccessRepository implements IAccessRepository {
activity: IActivityAccess;
album: IAlbumAccess;
asset: IAssetAccess;
authDevice: IAuthDeviceAccess;
library: ILibraryAccess;
person: IPersonAccess;
partner: IPartnerAccess;
timeline: ITimelineAccess;
constructor(
@InjectRepository(ActivityEntity) activityRepository: Repository<ActivityEntity>,
@InjectRepository(AssetEntity) assetRepository: Repository<AssetEntity>,
@InjectRepository(AlbumEntity) albumRepository: Repository<AlbumEntity>,
@InjectRepository(LibraryEntity) libraryRepository: Repository<LibraryEntity>,
@InjectRepository(PartnerEntity) partnerRepository: Repository<PartnerEntity>,
@InjectRepository(PersonEntity) personRepository: Repository<PersonEntity>,
@InjectRepository(AssetFaceEntity) assetFaceRepository: Repository<AssetFaceEntity>,
@InjectRepository(SharedLinkEntity) sharedLinkRepository: Repository<SharedLinkEntity>,
@InjectRepository(UserTokenEntity) tokenRepository: Repository<UserTokenEntity>,
) {
this.activity = new ActivityAccess(activityRepository, albumRepository);
this.album = new AlbumAccess(albumRepository, sharedLinkRepository);
this.asset = new AssetAccess(albumRepository, assetRepository, partnerRepository, sharedLinkRepository);
this.authDevice = new AuthDeviceAccess(tokenRepository);
this.library = new LibraryAccess(libraryRepository, partnerRepository);
this.person = new PersonAccess(assetFaceRepository, personRepository);
this.partner = new PartnerAccess(partnerRepository);
this.timeline = new TimelineAccess(partnerRepository);
}
} }

29
server/src/infra/sql-generator/index.ts
View File

@ -98,8 +98,25 @@ class SqlGenerator {
const data: string[] = [`-- NOTE: This file is auto generated by ./sql-generator`]; const data: string[] = [`-- NOTE: This file is auto generated by ./sql-generator`];
const instance = this.app.get<Repository>(Repository); const instance = this.app.get<Repository>(Repository);
const properties = Object.getOwnPropertyNames(Repository.prototype) as Array<keyof typeof Repository>;
for (const key of properties) { // normal repositories
data.push(...(await this.runTargets(instance, `${Repository.name}`)));
// nested repositories
if (Repository.name === AccessRepository.name) {
for (const key of Object.keys(instance)) {
const subInstance = (instance as any)[key];
data.push(...(await this.runTargets(subInstance, `${Repository.name}.${key}`)));
}
}
this.results[Repository.name] = data;
}
private async runTargets(instance: any, label: string) {
const data: string[] = [];
for (const key of this.getPropertyNames(instance)) {
const target = instance[key]; const target = instance[key];
if (!(target instanceof Function)) { if (!(target instanceof Function)) {
continue; continue;
@ -116,7 +133,7 @@ class SqlGenerator {
} }
for (const { name, params } of queries) { for (const { name, params } of queries) {
let queryLabel = `${Repository.name}.${key}`; let queryLabel = `${label}.${key}`;
if (name) { if (name) {
queryLabel += ` (${name})`; queryLabel += ` (${name})`;
} }
@ -135,7 +152,7 @@ class SqlGenerator {
} }
} }
this.results[Repository.name] = data; return data;
} }
private async write() { private async write() {
@ -156,6 +173,10 @@ class SqlGenerator {
await this.app.close(); await this.app.close();
} }
} }
private getPropertyNames(instance: any): string[] {
return Object.getOwnPropertyNames(Object.getPrototypeOf(instance)) as any[];
}
} }
new SqlGenerator({ targetDir: './src/infra/sql' }) new SqlGenerator({ targetDir: './src/infra/sql' })

242
server/src/infra/sql/access.repository.sql
View File

@ -1 +1,243 @@
-- NOTE: This file is auto generated by ./sql-generator -- NOTE: This file is auto generated by ./sql-generator
-- AccessRepository.activity.checkOwnerAccess
SELECT
"ActivityEntity"."id" AS "ActivityEntity_id"
FROM
"activity" "ActivityEntity"
WHERE
(
"ActivityEntity"."id" IN ($1)
AND "ActivityEntity"."userId" = $2
)
-- AccessRepository.activity.checkAlbumOwnerAccess
SELECT
"ActivityEntity"."id" AS "ActivityEntity_id"
FROM
"activity" "ActivityEntity"
LEFT JOIN "albums" "ActivityEntity__ActivityEntity_album" ON "ActivityEntity__ActivityEntity_album"."id" = "ActivityEntity"."albumId"
AND (
"ActivityEntity__ActivityEntity_album"."deletedAt" IS NULL
)
WHERE
(
"ActivityEntity"."id" IN ($1)
AND "ActivityEntity__ActivityEntity_album"."ownerId" = $2
)
-- AccessRepository.activity.checkCreateAccess
SELECT
"album"."id" AS "album_id"
FROM
"albums" "album"
LEFT JOIN "albums_shared_users_users" "album_sharedUsers" ON "album_sharedUsers"."albumsId" = "album"."id"
LEFT JOIN "users" "sharedUsers" ON "sharedUsers"."id" = "album_sharedUsers"."usersId"
AND ("sharedUsers"."deletedAt" IS NULL)
WHERE
(
"album"."id" IN ($1)
AND "album"."isActivityEnabled" = true
AND (
"album"."ownerId" = $2
OR "sharedUsers"."id" = $2
)
)
AND ("album"."deletedAt" IS NULL)
-- AccessRepository.album.checkOwnerAccess
SELECT
"AlbumEntity"."id" AS "AlbumEntity_id"
FROM
"albums" "AlbumEntity"
WHERE
(
(
"AlbumEntity"."id" IN ($1)
AND "AlbumEntity"."ownerId" = $2
)
)
AND ("AlbumEntity"."deletedAt" IS NULL)
-- AccessRepository.album.checkSharedAlbumAccess
SELECT
"AlbumEntity"."id" AS "AlbumEntity_id"
FROM
"albums" "AlbumEntity"
LEFT JOIN "albums_shared_users_users" "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers" ON "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."albumsId" = "AlbumEntity"."id"
LEFT JOIN "users" "AlbumEntity__AlbumEntity_sharedUsers" ON "AlbumEntity__AlbumEntity_sharedUsers"."id" = "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."usersId"
AND (
"AlbumEntity__AlbumEntity_sharedUsers"."deletedAt" IS NULL
)
WHERE
(
(
"AlbumEntity"."id" IN ($1)
AND "AlbumEntity__AlbumEntity_sharedUsers"."id" = $2
)
)
AND ("AlbumEntity"."deletedAt" IS NULL)
-- AccessRepository.album.checkSharedLinkAccess
SELECT
"SharedLinkEntity"."albumId" AS "SharedLinkEntity_albumId",
"SharedLinkEntity"."id" AS "SharedLinkEntity_id"
FROM
"shared_links" "SharedLinkEntity"
WHERE
(
"SharedLinkEntity"."id" = $1
AND "SharedLinkEntity"."albumId" IN ($2)
)
-- AccessRepository.asset.checkAlbumAccess
SELECT
"asset"."id" AS "assetId",
"asset"."livePhotoVideoId" AS "livePhotoVideoId"
FROM
"albums" "album"
INNER JOIN "albums_assets_assets" "album_asset" ON "album_asset"."albumsId" = "album"."id"
INNER JOIN "assets" "asset" ON "asset"."id" = "album_asset"."assetsId"
AND ("asset"."deletedAt" IS NULL)
LEFT JOIN "albums_shared_users_users" "album_sharedUsers" ON "album_sharedUsers"."albumsId" = "album"."id"
LEFT JOIN "users" "sharedUsers" ON "sharedUsers"."id" = "album_sharedUsers"."usersId"
AND ("sharedUsers"."deletedAt" IS NULL)
WHERE
(
array["asset"."id", "asset"."livePhotoVideoId"] && array[$1]::uuid []
AND (
"album"."ownerId" = $2
OR "sharedUsers"."id" = $2
)
)
AND ("album"."deletedAt" IS NULL)
-- AccessRepository.asset.checkOwnerAccess
SELECT
"AssetEntity"."id" AS "AssetEntity_id"
FROM
"assets" "AssetEntity"
WHERE
(
"AssetEntity"."id" IN ($1)
AND "AssetEntity"."ownerId" = $2
)
-- AccessRepository.asset.checkPartnerAccess
SELECT
"asset"."id" AS "assetId"
FROM
"partners" "partner"
INNER JOIN "users" "sharedBy" ON "sharedBy"."id" = "partner"."sharedById"
AND ("sharedBy"."deletedAt" IS NULL)
INNER JOIN "assets" "asset" ON "asset"."ownerId" = "sharedBy"."id"
AND ("asset"."deletedAt" IS NULL)
WHERE
"partner"."sharedWithId" = $1
AND "asset"."id" IN ($2)
-- AccessRepository.asset.checkSharedLinkAccess
SELECT
"assets"."id" AS "assetId",
"assets"."livePhotoVideoId" AS "assetLivePhotoVideoId",
"albumAssets"."id" AS "albumAssetId",
"albumAssets"."livePhotoVideoId" AS "albumAssetLivePhotoVideoId"
FROM
"shared_links" "sharedLink"
LEFT JOIN "albums" "album" ON "album"."id" = "sharedLink"."albumId"
AND ("album"."deletedAt" IS NULL)
LEFT JOIN "shared_link__asset" "assets_sharedLink" ON "assets_sharedLink"."sharedLinksId" = "sharedLink"."id"
LEFT JOIN "assets" "assets" ON "assets"."id" = "assets_sharedLink"."assetsId"
AND ("assets"."deletedAt" IS NULL)
LEFT JOIN "albums_assets_assets" "album_albumAssets" ON "album_albumAssets"."albumsId" = "album"."id"
LEFT JOIN "assets" "albumAssets" ON "albumAssets"."id" = "album_albumAssets"."assetsId"
AND ("albumAssets"."deletedAt" IS NULL)
WHERE
"sharedLink"."id" = $1
AND array[
"assets"."id",
"assets"."livePhotoVideoId",
"albumAssets"."id",
"albumAssets"."livePhotoVideoId"
] && array[$2]::uuid []
-- AccessRepository.authDevice.checkOwnerAccess
SELECT
"UserTokenEntity"."id" AS "UserTokenEntity_id"
FROM
"user_token" "UserTokenEntity"
WHERE
(
"UserTokenEntity"."userId" = $1
AND "UserTokenEntity"."id" IN ($2)
)
-- AccessRepository.library.checkOwnerAccess
SELECT
"LibraryEntity"."id" AS "LibraryEntity_id"
FROM
"libraries" "LibraryEntity"
WHERE
(
(
"LibraryEntity"."id" IN ($1)
AND "LibraryEntity"."ownerId" = $2
)
)
AND ("LibraryEntity"."deletedAt" IS NULL)
-- AccessRepository.library.checkPartnerAccess
SELECT
"partner"."sharedById" AS "partner_sharedById",
"partner"."sharedWithId" AS "partner_sharedWithId"
FROM
"partners" "partner"
WHERE
"partner"."sharedById" IN ($1)
AND "partner"."sharedWithId" = $2
-- AccessRepository.person.checkOwnerAccess
SELECT
"PersonEntity"."id" AS "PersonEntity_id"
FROM
"person" "PersonEntity"
WHERE
(
"PersonEntity"."id" IN ($1)
AND "PersonEntity"."ownerId" = $2
)
-- AccessRepository.person.checkFaceOwnerAccess
SELECT
"AssetFaceEntity"."id" AS "AssetFaceEntity_id"
FROM
"asset_faces" "AssetFaceEntity"
LEFT JOIN "assets" "AssetFaceEntity__AssetFaceEntity_asset" ON "AssetFaceEntity__AssetFaceEntity_asset"."id" = "AssetFaceEntity"."assetId"
AND (
"AssetFaceEntity__AssetFaceEntity_asset"."deletedAt" IS NULL
)
WHERE
(
"AssetFaceEntity"."id" IN ($1)
AND "AssetFaceEntity__AssetFaceEntity_asset"."ownerId" = $2
)
-- AccessRepository.partner.checkUpdateAccess
SELECT
"partner"."sharedById" AS "partner_sharedById",
"partner"."sharedWithId" AS "partner_sharedWithId"
FROM
"partners" "partner"
WHERE
"partner"."sharedById" IN ($1)
AND "partner"."sharedWithId" = $2
-- AccessRepository.timeline.checkPartnerAccess
SELECT
"partner"."sharedById" AS "partner_sharedById",
"partner"."sharedWithId" AS "partner_sharedWithId"
FROM
"partners" "partner"
WHERE
"partner"."sharedById" IN ($1)
AND "partner"."sharedWithId" = $2