helpy4/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich synced 2025-10-17 18:19:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
immich/server/src/domain/access/access.core.ts

275 lines
9 KiB
TypeScript
Raw Normal View History

refactor(server): upload config (#3148)
2023-07-09 00:37:40 -04:00
import { BadRequestException, UnauthorizedException } from '@nestjs/common';
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
import { AuthUserDto } from '../auth';
refactor: domain repositories (#4403)
2023-10-09 10:25:03 -04:00
import { IAccessRepository } from '../repositories';
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
export enum Permission {
feat(web,server): activity (#4682) * feat: activity * regenerate api * fix: make asset owner unable to delete comment * fix: merge * fix: tests * feat: use textarea instead of input * fix: do actions only if the album is shared * fix: placeholder opacity * fix(web): improve messages UI * fix(web): improve input message UI * pr feedback * fix: tests * pr feedback * pr feedback * pr feedback * fix permissions * regenerate api * pr feedback * pr feedback * multiple improvements on web * fix: ui colors * WIP * chore: open api * pr feedback * fix: add comment * chore: clean up * pr feedback * refactor: endpoints * chore: open api * fix: filter by type * fix: e2e * feat: e2e remove own comment * fix: web tests * remove console.log * chore: cleanup * fix: ui tweaks * pr feedback * fix web test * fix: unit tests * chore: remove unused code * revert useless changes * fix: grouping messages * fix: remove nullable on updatedAt * fix: text overflow * styling --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-11-01 04:13:34 +01:00
ACTIVITY_CREATE = 'activity.create',
ACTIVITY_DELETE = 'activity.delete',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
// ASSET_CREATE = 'asset.create',
ASSET_READ = 'asset.read',
ASSET_UPDATE = 'asset.update',
ASSET_DELETE = 'asset.delete',
feat(server): trash asset (#4015) * refactor(server): delete assets endpoint * fix: formatting * chore: cleanup * chore: open api * chore(mobile): replace DeleteAssetDTO with BulkIdsDTOs * feat: trash an asset * chore(server): formatting * chore: open api * chore: wording * chore: open-api * feat(server): add withDeleted to getAssets queries * WIP: mobile-recycle-bin * feat(server): recycle-bin to system config * feat(web): use recycle-bin system config * chore(server): domain assetcore removed * chore(server): rename recycle-bin to trash * chore(web): rename recycle-bin to trash * chore(server): always send soft deleted assets for getAllByUserId * chore(web): formatting * feat(server): permanent delete assets older than trashed period * feat(web): trash empty placeholder image * feat(server): empty trash * feat(web): empty trash * WIP: mobile-recycle-bin * refactor(server): empty / restore trash to separate endpoint * test(server): handle failures * test(server): fix e2e server-info test * test(server): deletion test refactor * feat(mobile): use map settings from server-config to enable / disable map * feat(mobile): trash asset * fix(server): operations on assets in trash * feat(web): show trash statistics * fix(web): handle trash enabled * fix(mobile): restore updates from trash * fix(server): ignore trashed assets for person * fix(server): add / remove search index when trashed / restored * chore(web): format * fix(server): asset service test * fix(server): include trashed assts for duplicates from uploads * feat(mobile): no dialog for trash, always dialog for permanent delete * refactor(mobile): use isar where instead of dart filter * refactor(mobile): asset provide - handle deletes in single db txn * chore(mobile): review changes * feat(web): confirmation before empty trash * server: review changes * fix(server): handle library changes * fix: filter external assets from getting trashed / deleted * fix(server): empty-bin * feat: broadcast config update events through ws * change order of trash button on mobile * styling * fix(mobile): do not show trashed toast for local only assets --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-10-06 07:01:14 +00:00
ASSET_RESTORE = 'asset.restore',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
ASSET_SHARE = 'asset.share',
ASSET_VIEW = 'asset.view',
ASSET_DOWNLOAD = 'asset.download',
fix asset upload permissions for shared links (#4325)
2023-10-03 18:36:51 +02:00
ASSET_UPLOAD = 'asset.upload',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
// ALBUM_CREATE = 'album.create',
refactor(server)!: add/remove album assets (#3109) * refactor: add/remove album assets * chore: open api * feat: remove owned assets from album * refactor: move to bulk id req/res dto * chore: open api * chore: merge main * dev: mobile work * fix: adding asset from web not sync with mobile * remove print statement --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>
2023-08-01 21:29:14 -04:00
ALBUM_READ = 'album.read',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
ALBUM_UPDATE = 'album.update',
ALBUM_DELETE = 'album.delete',
refactor(server)!: add/remove album assets (#3109) * refactor: add/remove album assets * chore: open api * feat: remove owned assets from album * refactor: move to bulk id req/res dto * chore: open api * chore: merge main * dev: mobile work * fix: adding asset from web not sync with mobile * remove print statement --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>
2023-08-01 21:29:14 -04:00
ALBUM_REMOVE_ASSET = 'album.removeAsset',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
ALBUM_SHARE = 'album.share',
refactor(server): download assets (#3032) * refactor: download assets * chore: open api * chore: finish tests, make size configurable * chore: defualt to 4GiB * chore: open api * fix: optional archive size * fix: bugs * chore: cleanup
2023-06-30 12:24:28 -04:00
ALBUM_DOWNLOAD = 'album.download',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
refactor(server): auth delete device (#4720) * refactor(server): auth delete device * fix: person e2e
2023-10-30 11:48:38 -04:00
AUTH_DEVICE_DELETE = 'authDevice.delete',
fix(web,server): disable partner's archive access (#3695)
2023-08-15 19:02:38 +03:00
ARCHIVE_READ = 'archive.read',
feat(server,web): libraries (#3124) * feat: libraries Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex <alex.tran1502@gmail.com>
2023-09-20 13:16:33 +02:00
TIMELINE_READ = 'timeline.read',
TIMELINE_DOWNLOAD = 'timeline.download',
LIBRARY_CREATE = 'library.create',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
LIBRARY_READ = 'library.read',
feat(server,web): libraries (#3124) * feat: libraries Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex <alex.tran1502@gmail.com>
2023-09-20 13:16:33 +02:00
LIBRARY_UPDATE = 'library.update',
LIBRARY_DELETE = 'library.delete',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
LIBRARY_DOWNLOAD = 'library.download',
chore(server): Use access core for person permissions (#4138) * use access core for all person methods * minor fixes, feedback * reorder assignments * remove unnecessary permission requirement * unify naming of tests * reorder variables
2023-09-18 23:22:44 +02:00
PERSON_READ = 'person.read',
PERSON_WRITE = 'person.write',
PERSON_MERGE = 'person.merge',
feat(web): show partners assets on the main timeline (#4933)
2023-11-11 15:06:19 -06:00
PARTNER_UPDATE = 'partner.update',
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
}
refactor(server): make access core singleton (#4609)
2023-10-23 14:37:51 +02:00
let instance: AccessCore | null;
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
export class AccessCore {
refactor(server): make access core singleton (#4609)
2023-10-23 14:37:51 +02:00
private constructor(private repository: IAccessRepository) {}
static create(repository: IAccessRepository) {
if (!instance) {
instance = new AccessCore(repository);
}
return instance;
}
static reset() {
instance = null;
}
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
refactor(server): upload config (#3148)
2023-07-09 00:37:40 -04:00
requireUploadAccess(authUser: AuthUserDto | null): AuthUserDto {
if (!authUser || (authUser.isPublicUser && !authUser.isAllowUpload)) {
throw new UnauthorizedException();
}
return authUser;
}
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
/**
* Check if user has access to all ids, for the given permission.
* Throws error if user does not have access to any of the ids.
*/
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
async requirePermission(authUser: AuthUserDto, permission: Permission, ids: string[] | string) {
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
ids = Array.isArray(ids) ? ids : [ids];
const allowedIds = await this.checkAccess(authUser, permission, ids);
if (new Set(ids).size !== allowedIds.size) {
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
throw new BadRequestException(`Not found or no ${permission} access`);
}
}
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
/**
* Return ids that user has access to, for the given permission.
* Check is done for each id, and only allowed ids are returned.
*
* @returns Set<string>
*/
async checkAccess(authUser: AuthUserDto, permission: Permission, ids: Set<string> | string[]) {
const idSet = Array.isArray(ids) ? new Set(ids) : ids;
if (idSet.size === 0) {
return new Set();
refactor(server)!: add/remove album assets (#3109) * refactor: add/remove album assets * chore: open api * feat: remove owned assets from album * refactor: move to bulk id req/res dto * chore: open api * chore: merge main * dev: mobile work * fix: adding asset from web not sync with mobile * remove print statement --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>
2023-08-01 21:29:14 -04:00
}
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
const isSharedLink = authUser.isPublicUser ?? false;
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
return isSharedLink
? await this.checkAccessSharedLink(authUser, permission, idSet)
: await this.checkAccessOther(authUser, permission, idSet);
}
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
private async checkAccessSharedLink(authUser: AuthUserDto, permission: Permission, ids: Set<string>) {
const allowedIds = new Set();
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
for (const id of ids) {
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
const hasAccess = await this.hasSharedLinkAccess(authUser, permission, id);
if (hasAccess) {
allowedIds.add(id);
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
}
}
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
return allowedIds;
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
}
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
// TODO: Migrate logic to checkAccessSharedLink to evaluate permissions in bulk.
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
private async hasSharedLinkAccess(authUser: AuthUserDto, permission: Permission, id: string) {
const sharedLinkId = authUser.sharedLinkId;
if (!sharedLinkId) {
return false;
}
switch (permission) {
case Permission.ASSET_READ:
return this.repository.asset.hasSharedLinkAccess(sharedLinkId, id);
case Permission.ASSET_VIEW:
return await this.repository.asset.hasSharedLinkAccess(sharedLinkId, id);
case Permission.ASSET_DOWNLOAD:
return !!authUser.isAllowDownload && (await this.repository.asset.hasSharedLinkAccess(sharedLinkId, id));
fix asset upload permissions for shared links (#4325)
2023-10-03 18:36:51 +02:00
case Permission.ASSET_UPLOAD:
return authUser.isAllowUpload;
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
case Permission.ASSET_SHARE:
// TODO: fix this to not use authUser.id for shared link access control
return this.repository.asset.hasOwnerAccess(authUser.id, id);
refactor(server)!: add/remove album assets (#3109) * refactor: add/remove album assets * chore: open api * feat: remove owned assets from album * refactor: move to bulk id req/res dto * chore: open api * chore: merge main * dev: mobile work * fix: adding asset from web not sync with mobile * remove print statement --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>
2023-08-01 21:29:14 -04:00
case Permission.ALBUM_READ:
return this.repository.album.hasSharedLinkAccess(sharedLinkId, id);
refactor(server): download assets (#3032) * refactor: download assets * chore: open api * chore: finish tests, make size configurable * chore: defualt to 4GiB * chore: open api * fix: optional archive size * fix: bugs * chore: cleanup
2023-06-30 12:24:28 -04:00
refactor(server)!: add/remove album assets (#3109) * refactor: add/remove album assets * chore: open api * feat: remove owned assets from album * refactor: move to bulk id req/res dto * chore: open api * chore: merge main * dev: mobile work * fix: adding asset from web not sync with mobile * remove print statement --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>
2023-08-01 21:29:14 -04:00
case Permission.ALBUM_DOWNLOAD:
return !!authUser.isAllowDownload && (await this.repository.album.hasSharedLinkAccess(sharedLinkId, id));
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
default:
return false;
}
}
chore(server): Prepare access interfaces for bulk permission checks (#5223) * chore(server): Prepare access interfaces for bulk permission checks This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach. * chore(server): Apply review suggestions * chore(server): Make multiple-permission check more readable
2023-11-22 23:04:52 -05:00
private async checkAccessOther(authUser: AuthUserDto, permission: Permission, ids: Set<string>) {
const allowedIds = new Set();
for (const id of ids) {
const hasAccess = await this.hasOtherAccess(authUser, permission, id);
if (hasAccess) {
allowedIds.add(id);
}
}
return allowedIds;
}
// TODO: Migrate logic to checkAccessOther to evaluate permissions in bulk.
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
private async hasOtherAccess(authUser: AuthUserDto, permission: Permission, id: string) {
switch (permission) {
feat(web,server): activity (#4682) * feat: activity * regenerate api * fix: make asset owner unable to delete comment * fix: merge * fix: tests * feat: use textarea instead of input * fix: do actions only if the album is shared * fix: placeholder opacity * fix(web): improve messages UI * fix(web): improve input message UI * pr feedback * fix: tests * pr feedback * pr feedback * pr feedback * fix permissions * regenerate api * pr feedback * pr feedback * multiple improvements on web * fix: ui colors * WIP * chore: open api * pr feedback * fix: add comment * chore: clean up * pr feedback * refactor: endpoints * chore: open api * fix: filter by type * fix: e2e * feat: e2e remove own comment * fix: web tests * remove console.log * chore: cleanup * fix: ui tweaks * pr feedback * fix web test * fix: unit tests * chore: remove unused code * revert useless changes * fix: grouping messages * fix: remove nullable on updatedAt * fix: text overflow * styling --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-11-01 04:13:34 +01:00
// uses album id
case Permission.ACTIVITY_CREATE:
feat(server, web): Album's options (#4870) * feat: disable activity * fix: disable reactions * fix: tests * fix: tests * fix: tests * pr feedback * pr feedback * chore: styling & wording * refactor component --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-11-07 05:37:21 +01:00
return await this.repository.activity.hasCreateAccess(authUser.id, id);
feat(web,server): activity (#4682) * feat: activity * regenerate api * fix: make asset owner unable to delete comment * fix: merge * fix: tests * feat: use textarea instead of input * fix: do actions only if the album is shared * fix: placeholder opacity * fix(web): improve messages UI * fix(web): improve input message UI * pr feedback * fix: tests * pr feedback * pr feedback * pr feedback * fix permissions * regenerate api * pr feedback * pr feedback * multiple improvements on web * fix: ui colors * WIP * chore: open api * pr feedback * fix: add comment * chore: clean up * pr feedback * refactor: endpoints * chore: open api * fix: filter by type * fix: e2e * feat: e2e remove own comment * fix: web tests * remove console.log * chore: cleanup * fix: ui tweaks * pr feedback * fix web test * fix: unit tests * chore: remove unused code * revert useless changes * fix: grouping messages * fix: remove nullable on updatedAt * fix: text overflow * styling --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-11-01 04:13:34 +01:00
// uses activity id
case Permission.ACTIVITY_DELETE:
return (
(await this.repository.activity.hasOwnerAccess(authUser.id, id)) ||
(await this.repository.activity.hasAlbumOwnerAccess(authUser.id, id))
);
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
case Permission.ASSET_READ:
return (
(await this.repository.asset.hasOwnerAccess(authUser.id, id)) ||
(await this.repository.asset.hasAlbumAccess(authUser.id, id)) ||
(await this.repository.asset.hasPartnerAccess(authUser.id, id))
);
case Permission.ASSET_UPDATE:
return this.repository.asset.hasOwnerAccess(authUser.id, id);
case Permission.ASSET_DELETE:
return this.repository.asset.hasOwnerAccess(authUser.id, id);
feat(server): trash asset (#4015) * refactor(server): delete assets endpoint * fix: formatting * chore: cleanup * chore: open api * chore(mobile): replace DeleteAssetDTO with BulkIdsDTOs * feat: trash an asset * chore(server): formatting * chore: open api * chore: wording * chore: open-api * feat(server): add withDeleted to getAssets queries * WIP: mobile-recycle-bin * feat(server): recycle-bin to system config * feat(web): use recycle-bin system config * chore(server): domain assetcore removed * chore(server): rename recycle-bin to trash * chore(web): rename recycle-bin to trash * chore(server): always send soft deleted assets for getAllByUserId * chore(web): formatting * feat(server): permanent delete assets older than trashed period * feat(web): trash empty placeholder image * feat(server): empty trash * feat(web): empty trash * WIP: mobile-recycle-bin * refactor(server): empty / restore trash to separate endpoint * test(server): handle failures * test(server): fix e2e server-info test * test(server): deletion test refactor * feat(mobile): use map settings from server-config to enable / disable map * feat(mobile): trash asset * fix(server): operations on assets in trash * feat(web): show trash statistics * fix(web): handle trash enabled * fix(mobile): restore updates from trash * fix(server): ignore trashed assets for person * fix(server): add / remove search index when trashed / restored * chore(web): format * fix(server): asset service test * fix(server): include trashed assts for duplicates from uploads * feat(mobile): no dialog for trash, always dialog for permanent delete * refactor(mobile): use isar where instead of dart filter * refactor(mobile): asset provide - handle deletes in single db txn * chore(mobile): review changes * feat(web): confirmation before empty trash * server: review changes * fix(server): handle library changes * fix: filter external assets from getting trashed / deleted * fix(server): empty-bin * feat: broadcast config update events through ws * change order of trash button on mobile * styling * fix(mobile): do not show trashed toast for local only assets --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-10-06 07:01:14 +00:00
case Permission.ASSET_RESTORE:
return this.repository.asset.hasOwnerAccess(authUser.id, id);
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
case Permission.ASSET_SHARE:
return (
(await this.repository.asset.hasOwnerAccess(authUser.id, id)) ||
(await this.repository.asset.hasPartnerAccess(authUser.id, id))
);
case Permission.ASSET_VIEW:
return (
(await this.repository.asset.hasOwnerAccess(authUser.id, id)) ||
(await this.repository.asset.hasAlbumAccess(authUser.id, id)) ||
(await this.repository.asset.hasPartnerAccess(authUser.id, id))
);
case Permission.ASSET_DOWNLOAD:
return (
(await this.repository.asset.hasOwnerAccess(authUser.id, id)) ||
(await this.repository.asset.hasAlbumAccess(authUser.id, id)) ||
(await this.repository.asset.hasPartnerAccess(authUser.id, id))
);
refactor(server)!: add/remove album assets (#3109) * refactor: add/remove album assets * chore: open api * feat: remove owned assets from album * refactor: move to bulk id req/res dto * chore: open api * chore: merge main * dev: mobile work * fix: adding asset from web not sync with mobile * remove print statement --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>
2023-08-01 21:29:14 -04:00
case Permission.ALBUM_READ:
return (
(await this.repository.album.hasOwnerAccess(authUser.id, id)) ||
(await this.repository.album.hasSharedAlbumAccess(authUser.id, id))
);
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
case Permission.ALBUM_UPDATE:
return this.repository.album.hasOwnerAccess(authUser.id, id);
case Permission.ALBUM_DELETE:
return this.repository.album.hasOwnerAccess(authUser.id, id);
case Permission.ALBUM_SHARE:
return this.repository.album.hasOwnerAccess(authUser.id, id);
refactor(server): download assets (#3032) * refactor: download assets * chore: open api * chore: finish tests, make size configurable * chore: defualt to 4GiB * chore: open api * fix: optional archive size * fix: bugs * chore: cleanup
2023-06-30 12:24:28 -04:00
case Permission.ALBUM_DOWNLOAD:
return (
(await this.repository.album.hasOwnerAccess(authUser.id, id)) ||
(await this.repository.album.hasSharedAlbumAccess(authUser.id, id))
);
fix asset upload permissions for shared links (#4325)
2023-10-03 18:36:51 +02:00
case Permission.ASSET_UPLOAD:
return this.repository.library.hasOwnerAccess(authUser.id, id);
refactor(server)!: add/remove album assets (#3109) * refactor: add/remove album assets * chore: open api * feat: remove owned assets from album * refactor: move to bulk id req/res dto * chore: open api * chore: merge main * dev: mobile work * fix: adding asset from web not sync with mobile * remove print statement --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>
2023-08-01 21:29:14 -04:00
case Permission.ALBUM_REMOVE_ASSET:
return this.repository.album.hasOwnerAccess(authUser.id, id);
fix(web,server): disable partner's archive access (#3695)
2023-08-15 19:02:38 +03:00
case Permission.ARCHIVE_READ:
return authUser.id === id;
refactor(server): auth delete device (#4720) * refactor(server): auth delete device * fix: person e2e
2023-10-30 11:48:38 -04:00
case Permission.AUTH_DEVICE_DELETE:
return this.repository.authDevice.hasOwnerAccess(authUser.id, id);
feat(server,web): libraries (#3124) * feat: libraries Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex <alex.tran1502@gmail.com>
2023-09-20 13:16:33 +02:00
case Permission.TIMELINE_READ:
return authUser.id === id || (await this.repository.timeline.hasPartnerAccess(authUser.id, id));
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
feat(server,web): libraries (#3124) * feat: libraries Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex <alex.tran1502@gmail.com>
2023-09-20 13:16:33 +02:00
case Permission.TIMELINE_DOWNLOAD:
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
return authUser.id === id;
feat(server,web): libraries (#3124) * feat: libraries Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex <alex.tran1502@gmail.com>
2023-09-20 13:16:33 +02:00
case Permission.LIBRARY_READ:
return (
(await this.repository.library.hasOwnerAccess(authUser.id, id)) ||
(await this.repository.library.hasPartnerAccess(authUser.id, id))
);
case Permission.LIBRARY_UPDATE:
return this.repository.library.hasOwnerAccess(authUser.id, id);
case Permission.LIBRARY_DELETE:
return this.repository.library.hasOwnerAccess(authUser.id, id);
chore(server): Use access core for person permissions (#4138) * use access core for all person methods * minor fixes, feedback * reorder assignments * remove unnecessary permission requirement * unify naming of tests * reorder variables
2023-09-18 23:22:44 +02:00
case Permission.PERSON_READ:
return this.repository.person.hasOwnerAccess(authUser.id, id);
case Permission.PERSON_WRITE:
return this.repository.person.hasOwnerAccess(authUser.id, id);
case Permission.PERSON_MERGE:
return this.repository.person.hasOwnerAccess(authUser.id, id);
feat(web): show partners assets on the main timeline (#4933)
2023-11-11 15:06:19 -06:00
case Permission.PARTNER_UPDATE:
return this.repository.partner.hasUpdateAccess(authUser.id, id);
refactor(server)!: add/remove album assets (#3109) * refactor: add/remove album assets * chore: open api * feat: remove owned assets from album * refactor: move to bulk id req/res dto * chore: open api * chore: merge main * dev: mobile work * fix: adding asset from web not sync with mobile * remove print statement --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>
2023-08-01 21:29:14 -04:00
default:
return false;
}
refactor(server): access permissions (#2910) * refactor: access repo interface * feat: access core * fix: allow shared links to add to a shared link * chore: comment out unused code * fix: pr feedback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-28 09:56:24 -04:00
}
}
Reference in a new issue Copy permalink