1
0
mirror of https://github.com/immich-app/immich.git synced 2024-12-25 10:43:13 +02:00

fix(server): Offset of random endpoint could be higher than user's asset count (#4342)

* fix offset of all assets with correct ownerId

* (e2e): test if user does not have all assets
This commit is contained in:
Daniel Dietzler 2023-10-04 19:51:44 +02:00 committed by GitHub
parent e571880c16
commit ff331ffad9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 3 deletions

View File

@ -435,7 +435,7 @@ export class AssetRepository implements IAssetRepository {
`SELECT *
FROM assets
WHERE "ownerId" = $1
OFFSET FLOOR(RANDOM() * (SELECT GREATEST(COUNT(*) - $2, 0) FROM ASSETS)) LIMIT $2`,
OFFSET FLOOR(RANDOM() * (SELECT GREATEST(COUNT(*) - $2, 0) FROM ASSETS WHERE "ownerId" = $1)) LIMIT $2`,
[ownerId, count],
);
}

View File

@ -1,4 +1,11 @@
import { AssetResponseDto, IAssetRepository, IPersonRepository, LoginResponseDto, TimeBucketSize } from '@app/domain';
import {
AssetResponseDto,
IAssetRepository,
IPersonRepository,
LibraryResponseDto,
LoginResponseDto,
TimeBucketSize,
} from '@app/domain';
import { AppModule, AssetController } from '@app/immich';
import { AssetEntity, AssetType } from '@app/infra/entities';
import { INestApplication } from '@nestjs/common';
@ -68,6 +75,7 @@ describe(`${AssetController.name} (e2e)`, () => {
let app: INestApplication;
let server: any;
let assetRepository: IAssetRepository;
let defaultLibrary: LibraryResponseDto;
let user1: LoginResponseDto;
let user2: LoginResponseDto;
let asset1: AssetEntity;
@ -96,7 +104,7 @@ describe(`${AssetController.name} (e2e)`, () => {
api.userApi.create(server, admin.accessToken, user2Dto),
]);
const defaultLibrary = libraries[0];
defaultLibrary = libraries[0];
[user1, user2] = await Promise.all([
api.authApi.login(server, { email: user1Dto.email, password: user1Dto.password }),
@ -385,6 +393,16 @@ describe(`${AssetController.name} (e2e)`, () => {
});
describe('GET /asset/random', () => {
beforeAll(async () => {
await Promise.all([
createAsset(assetRepository, user1, defaultLibrary.id, new Date('1970-02-01')),
createAsset(assetRepository, user1, defaultLibrary.id, new Date('1970-02-01')),
createAsset(assetRepository, user1, defaultLibrary.id, new Date('1970-02-01')),
createAsset(assetRepository, user1, defaultLibrary.id, new Date('1970-02-01')),
createAsset(assetRepository, user1, defaultLibrary.id, new Date('1970-02-01')),
createAsset(assetRepository, user1, defaultLibrary.id, new Date('1970-02-01')),
]);
});
it('should require authentication', async () => {
const { status, body } = await request(server).get('/asset/random');
@ -427,6 +445,18 @@ describe(`${AssetController.name} (e2e)`, () => {
}
});
it.each(Array(10))(
'should return 1 asset if there are 10 assets in the database but user 2 only has 1',
async () => {
const { status, body } = await request(server)
.get('/[]asset/random')
.set('Authorization', `Bearer ${user2.accessToken}`);
expect(status).toBe(200);
expect(body).toEqual([expect.objectContaining({ id: asset4.id })]);
},
);
it('should return error', async () => {
const { status } = await request(server)
.get('/asset/random?count=ABC')