cjones/immich
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(server): Prepare access interfaces for bulk permission checks (#5223)

Browse Source 
* chore(server): Prepare access interfaces for bulk permission checks

This change adds the `AccessCore.getAllowedIds` method, to evaluate
permissions in bulk, along with some other `getAllowedIds*` private
methods.

The added methods still calculate permissions by id, and are not
optimized to reduce the amount of queries and execution time, which will
be implemented in separate pull requests.

Services that were evaluating permissions in a loop have been refactored
to make use of the bulk approach.

* chore(server): Apply review suggestions

* chore(server): Make multiple-permission check more readable
This commit is contained in:
Michael Manganiello
2023-11-22 23:04:52 -05:00
committed by GitHub
parent 6e10d15f2c
commit 030cd8c4c4
4 changed files with 61 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/domain/album/album.service.ts
+7 -5
View File
@@ -153,6 +153,8 @@ export class AlbumService {
await this.access.requirePermission(authUser, Permission.ALBUM_READ, id);
const existingAssetIds = await this.albumRepository.getAssetIds(id, dto.ids);
const notPresentAssetIds = dto.ids.filter((id) => !existingAssetIds.has(id));
const allowedAssetIds = await this.access.checkAccess(authUser, Permission.ASSET_SHARE, notPresentAssetIds);
const results: BulkIdResponseDto[] = [];
for (const assetId of dto.ids) {
@@ -162,7 +164,7 @@ export class AlbumService {
continue;
}
const hasAccess = await this.access.hasPermission(authUser, Permission.ASSET_SHARE, assetId);
const hasAccess = allowedAssetIds.has(assetId);
if (!hasAccess) {
results.push({ id: assetId, success: false, error: BulkIdErrorReason.NO_PERMISSION });
continue;
@@ -190,6 +192,9 @@ export class AlbumService {
await this.access.requirePermission(authUser, Permission.ALBUM_READ, id);
const existingAssetIds = await this.albumRepository.getAssetIds(id, dto.ids);
const canRemove = await this.access.checkAccess(authUser, Permission.ALBUM_REMOVE_ASSET, existingAssetIds);
const canShare = await this.access.checkAccess(authUser, Permission.ASSET_SHARE, existingAssetIds);
const allowedAssetIds = new Set([...canRemove, ...canShare]);
const results: BulkIdResponseDto[] = [];
for (const assetId of dto.ids) {
@@ -199,10 +204,7 @@ export class AlbumService {
continue;
}
const hasAccess = await this.access.hasAny(authUser, [
{ permission: Permission.ALBUM_REMOVE_ASSET, id: assetId },
{ permission: Permission.ASSET_SHARE, id: assetId },
]);
const hasAccess = allowedAssetIds.has(assetId);
if (!hasAccess) {
results.push({ id: assetId, success: false, error: BulkIdErrorReason.NO_PERMISSION });
continue;