mirror of
https://github.com/immich-app/immich.git
synced 2024-12-25 10:43:13 +02:00
fix asset upload permissions for shared links (#4325)
This commit is contained in:
parent
e2f1e38472
commit
e5f704cf3b
@ -10,6 +10,7 @@ export enum Permission {
|
||||
ASSET_SHARE = 'asset.share',
|
||||
ASSET_VIEW = 'asset.view',
|
||||
ASSET_DOWNLOAD = 'asset.download',
|
||||
ASSET_UPLOAD = 'asset.upload',
|
||||
|
||||
// ALBUM_CREATE = 'album.create',
|
||||
ALBUM_READ = 'album.read',
|
||||
@ -26,7 +27,6 @@ export enum Permission {
|
||||
|
||||
LIBRARY_CREATE = 'library.create',
|
||||
LIBRARY_READ = 'library.read',
|
||||
LIBRARY_WRITE = 'library.write',
|
||||
LIBRARY_UPDATE = 'library.update',
|
||||
LIBRARY_DELETE = 'library.delete',
|
||||
LIBRARY_DOWNLOAD = 'library.download',
|
||||
@ -96,6 +96,9 @@ export class AccessCore {
|
||||
case Permission.ASSET_DOWNLOAD:
|
||||
return !!authUser.isAllowDownload && (await this.repository.asset.hasSharedLinkAccess(sharedLinkId, id));
|
||||
|
||||
case Permission.ASSET_UPLOAD:
|
||||
return authUser.isAllowUpload;
|
||||
|
||||
case Permission.ASSET_SHARE:
|
||||
// TODO: fix this to not use authUser.id for shared link access control
|
||||
return this.repository.asset.hasOwnerAccess(authUser.id, id);
|
||||
@ -166,6 +169,9 @@ export class AccessCore {
|
||||
(await this.repository.album.hasSharedAlbumAccess(authUser.id, id))
|
||||
);
|
||||
|
||||
case Permission.ASSET_UPLOAD:
|
||||
return this.repository.library.hasOwnerAccess(authUser.id, id);
|
||||
|
||||
case Permission.ALBUM_REMOVE_ASSET:
|
||||
return this.repository.album.hasOwnerAccess(authUser.id, id);
|
||||
|
||||
@ -184,9 +190,6 @@ export class AccessCore {
|
||||
(await this.repository.library.hasPartnerAccess(authUser.id, id))
|
||||
);
|
||||
|
||||
case Permission.LIBRARY_WRITE:
|
||||
return this.repository.library.hasOwnerAccess(authUser.id, id);
|
||||
|
||||
case Permission.LIBRARY_UPDATE:
|
||||
return this.repository.library.hasOwnerAccess(authUser.id, id);
|
||||
|
||||
|
@ -91,7 +91,7 @@ export class AssetService {
|
||||
|
||||
try {
|
||||
const libraryId = await this.getLibraryId(authUser, dto.libraryId);
|
||||
await this.access.requirePermission(authUser, Permission.LIBRARY_WRITE, libraryId);
|
||||
await this.access.requirePermission(authUser, Permission.ASSET_UPLOAD, libraryId);
|
||||
if (livePhotoFile) {
|
||||
const livePhotoDto = { ...dto, assetType: AssetType.VIDEO, isVisible: false, libraryId };
|
||||
livePhotoAsset = await this.assetCore.create(authUser, livePhotoDto, livePhotoFile);
|
||||
@ -163,7 +163,7 @@ export class AssetService {
|
||||
|
||||
try {
|
||||
const libraryId = await this.getLibraryId(authUser, dto.libraryId);
|
||||
await this.access.requirePermission(authUser, Permission.LIBRARY_WRITE, libraryId);
|
||||
await this.access.requirePermission(authUser, Permission.ASSET_UPLOAD, libraryId);
|
||||
const asset = await this.assetCore.create(authUser, { ...dto, libraryId }, assetFile, undefined, dto.sidecarPath);
|
||||
return { id: asset.id, duplicate: false };
|
||||
} catch (error: QueryFailedError | Error | any) {
|
||||
|
Loading…
Reference in New Issue
Block a user