feat!: more permissions (#20250)

feat: more api key permissions
2025-11-07 17:27:20 +00:00 · 2025-07-25 15:25:23 -04:00 · 2025-07-25 15:25:23 -04:00 · 0fdeac0417
commit 0fdeac0417
parent 153bb70f6e
20 changed files with 414 additions and 120 deletions
--- a/server/src/controllers/asset-media.controller.ts
+++ b/server/src/controllers/asset-media.controller.ts
@ -34,7 +34,7 @@ import {
  UploadFieldName,
 } from 'src/dtos/asset-media.dto';
 import { AuthDto } from 'src/dtos/auth.dto';
-import { ImmichHeader, RouteKey } from 'src/enum';
+import { ImmichHeader, Permission, RouteKey } from 'src/enum';
 import { AssetUploadInterceptor } from 'src/middleware/asset-upload.interceptor';
 import { Auth, Authenticated, FileResponse } from 'src/middleware/auth.guard';
 import { FileUploadInterceptor, getFiles } from 'src/middleware/file-upload.interceptor';
@ -61,7 +61,7 @@ export class AssetMediaController {
    required: false,
  })
  @ApiBody({ description: 'Asset Upload Information', type: AssetMediaCreateDto })
-  @Authenticated({ sharedLink: true })
+  @Authenticated({ permission: Permission.AssetUpload, sharedLink: true })
  async uploadAsset(
    @Auth() auth: AuthDto,
    @UploadedFiles(new ParseFilePipe({ validators: [new FileNotEmptyValidator(['assetData'])] })) files: UploadFiles,
@ -80,7 +80,7 @@ export class AssetMediaController {

  @Get(':id/original')
  @FileResponse()
-  @Authenticated({ sharedLink: true })
+  @Authenticated({ permission: Permission.AssetDownload, sharedLink: true })
  async downloadAsset(
    @Auth() auth: AuthDto,
    @Param() { id }: UUIDParamDto,
@ -101,7 +101,7 @@ export class AssetMediaController {
    summary: 'replaceAsset',
    description: 'Replace the asset with new file, without changing its id',
  })
-  @Authenticated({ sharedLink: true })
+  @Authenticated({ permission: Permission.AssetReplace, sharedLink: true })
  async replaceAsset(
    @Auth() auth: AuthDto,
    @Param() { id }: UUIDParamDto,
@ -120,7 +120,7 @@ export class AssetMediaController {

  @Get(':id/thumbnail')
  @FileResponse()
-  @Authenticated({ sharedLink: true })
+  @Authenticated({ permission: Permission.AssetView, sharedLink: true })
  async viewAsset(
    @Auth() auth: AuthDto,
    @Param() { id }: UUIDParamDto,
@ -157,7 +157,7 @@ export class AssetMediaController {

  @Get(':id/video/playback')
  @FileResponse()
-  @Authenticated({ sharedLink: true })
+  @Authenticated({ permission: Permission.AssetView, sharedLink: true })
  async playAssetVideo(
    @Auth() auth: AuthDto,
    @Param() { id }: UUIDParamDto,