helpy4/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich synced 2025-11-14 17:36:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(server): prevent leaking isFavorite and isArchived info (#7580)

Browse source 
* fix: prevent leaking favorites info

* add e2e test

* fix: e2e test

* fix: isArchived

* fix: keep old version
This commit is contained in:
martin 2024-03-03 00:01:24 +01:00 committed by GitHub
parent f03381a5b1
commit ebe7a14c14
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 28 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

14
server/src/domain/asset/asset.service.ts
View file

@ -180,7 +180,7 @@ export class AssetService {
return {
title: `${years} year${years > 1 ? 's' : ''} since...`,
asset: mapAsset(asset),
asset: mapAsset(asset, { auth }),
};
})
.groupBy((asset) => asset.title)
@ -230,8 +230,8 @@ export class AssetService {
const timeBucketOptions = await this.buildTimeBucketOptions(auth, dto);
const assets = await this.assetRepository.getTimeBucket(dto.timeBucket, timeBucketOptions);
return !auth.sharedLink || auth.sharedLink?.showExif
? assets.map((asset) => mapAsset(asset, { withStack: true }))
: assets.map((asset) => mapAsset(asset, { stripMetadata: true }));
? assets.map((asset) => mapAsset(asset, { withStack: true, auth }))
: assets.map((asset) => mapAsset(asset, { stripMetadata: true, auth }));
}
async buildTimeBucketOptions(auth: AuthDto, dto: TimeBucketDto): Promise<TimeBucketOptions> {
@ -261,7 +261,7 @@ export class AssetService {
async getRandom(auth: AuthDto, count: number): Promise<AssetResponseDto[]> {
const assets = await this.assetRepository.getRandom(auth.user.id, count);
return assets.map((a) => mapAsset(a));
return assets.map((a) => mapAsset(a, { auth }));
}
async getUserAssetsByDeviceId(auth: AuthDto, deviceId: string) {
@ -292,10 +292,10 @@ export class AssetService {
}
if (auth.sharedLink && !auth.sharedLink.showExif) {
return mapAsset(asset, { stripMetadata: true, withStack: true });
return mapAsset(asset, { stripMetadata: true, withStack: true, auth });
}
const data = mapAsset(asset, { withStack: true });
const data = mapAsset(asset, { withStack: true, auth });
if (auth.sharedLink) {
delete data.owner;
@ -315,7 +315,7 @@ export class AssetService {
await this.updateMetadata({ id, description, dateTimeOriginal, latitude, longitude });
const asset = await this.assetRepository.save({ id, ...rest });
return mapAsset(asset);
return mapAsset(asset, { auth });
}
async updateAll(auth: AuthDto, dto: AssetBulkUpdateDto): Promise<void> {