feat(web,server): activity (#4682)

* feat: activity * regenerate api * fix: make asset owner unable to delete comment * fix: merge * fix: tests * feat: use textarea instead of input * fix: do actions only if the album is shared * fix: placeholder opacity * fix(web): improve messages UI * fix(web): improve input message UI * pr feedback * fix: tests * pr feedback * pr feedback * pr feedback * fix permissions * regenerate api * pr feedback * pr feedback * multiple improvements on web * fix: ui colors * WIP * chore: open api * pr feedback * fix: add comment * chore: clean up * pr feedback * refactor: endpoints * chore: open api * fix: filter by type * fix: e2e * feat: e2e remove own comment * fix: web tests * remove console.log * chore: cleanup * fix: ui tweaks * pr feedback * fix web test * fix: unit tests * chore: remove unused code * revert useless changes * fix: grouping messages * fix: remove nullable on updatedAt * fix: text overflow * styling --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2025-11-14 17:36:12 +00:00 · 2023-11-01 04:13:34 +01:00 · 2023-11-01 04:13:34 +01:00 · ce5966c23d
commit ce5966c23d
parent 68f6446718
66 changed files with 4487 additions and 38 deletions
--- a/server/src/domain/access/access.core.ts
+++ b/server/src/domain/access/access.core.ts
@ -3,6 +3,9 @@ import { AuthUserDto } from '../auth';
 import { IAccessRepository } from '../repositories';

 export enum Permission {
+  ACTIVITY_CREATE = 'activity.create',
+  ACTIVITY_DELETE = 'activity.delete',
+
  // ASSET_CREATE = 'asset.create',
  ASSET_READ = 'asset.read',
  ASSET_UPDATE = 'asset.update',
@ -133,6 +136,20 @@ export class AccessCore {

  private async hasOtherAccess(authUser: AuthUserDto, permission: Permission, id: string) {
    switch (permission) {
+      // uses album id
+      case Permission.ACTIVITY_CREATE:
+        return (
+          (await this.repository.album.hasOwnerAccess(authUser.id, id)) ||
+          (await this.repository.album.hasSharedAlbumAccess(authUser.id, id))
+        );
+
+      // uses activity id
+      case Permission.ACTIVITY_DELETE:
+        return (
+          (await this.repository.activity.hasOwnerAccess(authUser.id, id)) ||
+          (await this.repository.activity.hasAlbumOwnerAccess(authUser.id, id))
+        );
+
      case Permission.ASSET_READ:
        return (
          (await this.repository.asset.hasOwnerAccess(authUser.id, id)) ||