Check public albums for asset

server/apps/immich/src/api-v1/asset/asset.service.ts

@@ -54,6 +54,7 @@ import { InjectQueue } from '@nestjs/bull';
 import { Queue } from 'bull';
 import { DownloadService } from '../../modules/download/download.service';
 import { DownloadDto } from './dto/download-library.dto';
+import { ALBUM_REPOSITORY, IAlbumRepository } from "../album/album-repository";
 
 const fileInfo = promisify(stat);
 
@@ -63,6 +64,9 @@ export class AssetService {
     @Inject(ASSET_REPOSITORY)
     private _assetRepository: IAssetRepository,
 
+    @Inject(ALBUM_REPOSITORY)
+    private _albumRepository: IAlbumRepository,
+
     @InjectRepository(AssetEntity)
     private assetRepository: Repository<AssetEntity>,
 
@@ -627,8 +631,8 @@ export class AssetService {
     return this._assetRepository.getAssetCountByUserId(authUser.id);
   }
 
-  async checkAssetsAccess(authUser: AuthUserDto, assetIds: string[], mustBeOwner: boolean = false) {
-    for (let assetId of assetIds) {
+  async checkAssetsAccess(authUser: AuthUserDto, assetIds: string[], mustBeOwner = false) {
+    for (const assetId of assetIds) {
       // Step 1: Check if user owns asset
       if (await this._assetRepository.countByIdAndUser(assetId, authUser.id) == 1) {
         continue;
@@ -636,9 +640,13 @@ export class AssetService {
 
       // Avoid additional checks if ownership is required
       if (!mustBeOwner) {
+        // Step 2: Check if asset is part of an album shared with me
+        if (await this._albumRepository.getSharedAlbumCount(authUser.id, assetId) > 0) {
+          continue;
+        }
 
+        //TODO: Step 3: Check if asset is part of a public album
       }
-
       throw new ForbiddenException();
     }
   }