helpy4/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich synced 2025-11-07 17:27:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix(server): tighten asset visibility (#18699)

Browse source 
* tighten visibility

* update sql

* elevated access util function

* fix potential sync issue

* include in user stats

* include hidden assets in size usage

* filter visibility in search duplicates query

* stack visibility
This commit is contained in:
Mert 2025-06-02 10:33:08 -04:00 committed by GitHub
parent b5c3a675b2
commit fa22e865a4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
21 changed files with 132 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

1
server/src/queries/activity.repository.sql
View file

@ -73,3 +73,4 @@ where
and "activity"."albumId" = $2
and "activity"."isLiked" = $3
and "assets"."deletedAt" is null
and "assets"."visibility" != 'locked'

4
server/src/queries/album.repository.sql
View file

@ -80,6 +80,7 @@ select
where
"albums_assets_assets"."albumsId" = "albums"."id"
and "assets"."deletedAt" is null
and "assets"."visibility" in ('archive', 'timeline')
order by
"assets"."fileCreatedAt" desc
) as "asset"
@ -178,7 +179,8 @@ from
"assets"
inner join "albums_assets_assets" as "album_assets" on "album_assets"."assetsId" = "assets"."id"
where
"album_assets"."albumsId" in ($1)
"assets"."visibility" in ('archive', 'timeline')
and "album_assets"."albumsId" in ($1)
and "assets"."deletedAt" is null
group by
"album_assets"."albumsId"

6
server/src/queries/asset.job.repository.sql
View file

@ -186,8 +186,8 @@ from
inner join "smart_search" on "assets"."id" = "smart_search"."assetId"
inner join "asset_job_status" as "job_status" on "job_status"."assetId" = "assets"."id"
where
"assets"."visibility" != $1
and "assets"."deletedAt" is null
"assets"."deletedAt" is null
and "assets"."visibility" in ('archive', 'timeline')
and "job_status"."duplicatesDetectedAt" is null
-- AssetJobRepository.streamForEncodeClip
@ -349,7 +349,7 @@ from
"assets" as "stacked"
where
"stacked"."deletedAt" is not null
and "stacked"."visibility" != $1
and "stacked"."visibility" = $1
and "stacked"."stackId" = "asset_stack"."id"
group by
"asset_stack"."id"

27
server/src/queries/asset.repository.sql
View file

@ -130,7 +130,6 @@ select
from
"assets"
left join "exif" on "assets"."id" = "exif"."assetId"
left join "asset_stack" on "asset_stack"."id" = "assets"."stackId"
where
"assets"."id" = any ($1::uuid[])
@ -240,10 +239,7 @@ with
"assets"
where
"assets"."deletedAt" is null
and (
"assets"."visibility" = $1
or "assets"."visibility" = $2
)
and "assets"."visibility" in ('archive', 'timeline')
)
select
"timeBucket",
@ -300,21 +296,14 @@ with
where
"stacked"."stackId" = "assets"."stackId"
and "stacked"."deletedAt" is null
and "stacked"."visibility" != $1
and "stacked"."visibility" = $1
group by
"stacked"."stackId"
) as "stacked_assets" on true
where
"assets"."deletedAt" is null
and (
"assets"."visibility" = $2
or "assets"."visibility" = $3
)
and date_trunc('MONTH', "localDateTime" at time zone 'UTC') at time zone 'UTC' = $4
and (
"assets"."visibility" = $5
or "assets"."visibility" = $6
)
and "assets"."visibility" in ('archive', 'timeline')
and date_trunc('MONTH', "localDateTime" at time zone 'UTC') at time zone 'UTC' = $2
and not exists (
select
from
@ -374,10 +363,10 @@ with
"exif"."assetId" = "assets"."id"
) as "asset" on true
where
"assets"."ownerId" = $1::uuid
"assets"."visibility" in ('archive', 'timeline')
and "assets"."ownerId" = $1::uuid
and "assets"."duplicateId" is not null
and "assets"."deletedAt" is null
and "assets"."visibility" != $2
and "assets"."stackId" is null
group by
"assets"."duplicateId"
@ -388,12 +377,12 @@ with
from
"duplicates"
where
json_array_length("assets") = $3
json_array_length("assets") = $2
),
"removed_unique" as (
update "assets"
set
"duplicateId" = $4
"duplicateId" = $3
from
"unique"
where

37
server/src/queries/person.repository.sql
View file

@ -182,27 +182,42 @@ from
"asset_faces"
left join "assets" on "assets"."id" = "asset_faces"."assetId"
and "asset_faces"."personId" = $1
and "assets"."visibility" != $2
and "assets"."visibility" = 'timeline'
and "assets"."deletedAt" is null
where
"asset_faces"."deletedAt" is null
-- PersonRepository.getNumberOfPeople
select
count(distinct ("person"."id")) as "total",
count(distinct ("person"."id")) filter (
where
"person"."isHidden" = $1
coalesce(count(*), 0) as "total",
coalesce(
count(*) filter (
where
"isHidden" = $1
),
0
) as "hidden"
from
"person"
inner join "asset_faces" on "asset_faces"."personId" = "person"."id"
inner join "assets" on "assets"."id" = "asset_faces"."assetId"
and "assets"."deletedAt" is null
and "assets"."visibility" != $2
where
"person"."ownerId" = $3
and "asset_faces"."deletedAt" is null
exists (
select
from
"asset_faces"
where
"asset_faces"."personId" = "person"."id"
and "asset_faces"."deletedAt" is null
and exists (
select
from
"assets"
where
"assets"."id" = "asset_faces"."assetId"
and "assets"."visibility" = 'timeline'
and "assets"."deletedAt" is null
)
)
and "person"."ownerId" = $2
-- PersonRepository.refreshFaces
with

20
server/src/queries/search.repository.sql
View file

@ -102,23 +102,23 @@ with
"assets"
inner join "smart_search" on "assets"."id" = "smart_search"."assetId"
where
"assets"."ownerId" = any ($2::uuid[])
"assets"."visibility" in ('archive', 'timeline')
and "assets"."ownerId" = any ($2::uuid[])
and "assets"."deletedAt" is null
and "assets"."visibility" != $3
and "assets"."type" = $4
and "assets"."id" != $5::uuid
and "assets"."type" = $3
and "assets"."id" != $4::uuid
and "assets"."stackId" is null
order by
"distance"
limit
$6
$5
)
select
*
from
"cte"
where
"cte"."distance" <= $7
"cte"."distance" <= $6
commit
-- SearchRepository.searchFaces
@ -241,7 +241,7 @@ from
inner join "assets" on "assets"."id" = "exif"."assetId"
where
"ownerId" = any ($1::uuid[])
and "visibility" != $2
and "visibility" = $2
and "deletedAt" is null
and "state" is not null
@ -253,7 +253,7 @@ from
inner join "assets" on "assets"."id" = "exif"."assetId"
where
"ownerId" = any ($1::uuid[])
and "visibility" != $2
and "visibility" = $2
and "deletedAt" is null
and "city" is not null
@ -265,7 +265,7 @@ from
inner join "assets" on "assets"."id" = "exif"."assetId"
where
"ownerId" = any ($1::uuid[])
and "visibility" != $2
and "visibility" = $2
and "deletedAt" is null
and "make" is not null
@ -277,6 +277,6 @@ from
inner join "assets" on "assets"."id" = "exif"."assetId"
where
"ownerId" = any ($1::uuid[])
and "visibility" != $2
and "visibility" = $2
and "deletedAt" is null
and "model" is not null

2
server/src/queries/stack.repository.sql
View file

@ -52,6 +52,7 @@ select
where
"assets"."deletedAt" is null
and "assets"."stackId" = "asset_stack"."id"
and "assets"."visibility" in ('archive', 'timeline')
) as agg
) as "assets"
from
@ -135,6 +136,7 @@ select
where
"assets"."deletedAt" is null
and "assets"."stackId" = "asset_stack"."id"
and "assets"."visibility" in ('archive', 'timeline')
) as agg
) as "assets"
from

5
server/src/queries/user.repository.sql
View file

@ -290,7 +290,7 @@ order by
select
"users"."id" as "userId",
"users"."name" as "userName",
"users"."quotaSizeInBytes" as "quotaSizeInBytes",
"users"."quotaSizeInBytes",
count(*) filter (
where
(
@ -335,9 +335,8 @@ select
from
"users"
left join "assets" on "assets"."ownerId" = "users"."id"
and "assets"."deletedAt" is null
left join "exif" on "exif"."assetId" = "assets"."id"
where
"assets"."deletedAt" is null
group by
"users"."id"
order by