chore(server): Check album permissions in bulk (#5290)

* chore(server): Check album permissions in bulk

Modify Access repository, to evaluate `album` permissions in bulk.
Queries have been validated to match what they currently generate for
single ids.

Queries:

* Owner access:

```sql
-- Before
SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS (
  SELECT 1
  FROM "albums" "AlbumEntity"
  WHERE
    "AlbumEntity"."id" = $1
    AND "AlbumEntity"."ownerId" = $2
    AND "AlbumEntity"."deletedAt" IS NULL
)
LIMIT 1

-- After
SELECT
  "AlbumEntity"."id" AS "AlbumEntity_id"
FROM "albums" "AlbumEntity"
WHERE
  "AlbumEntity"."id" IN ($1, $2)
  AND "AlbumEntity"."ownerId" = $3
  AND "AlbumEntity"."deletedAt" IS NULL
```

* Shared link access:

```sql
-- Before
SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS (
  SELECT 1
  FROM "shared_links" "SharedLinkEntity"
  WHERE
    "SharedLinkEntity"."id" = $1
    AND "SharedLinkEntity"."albumId" = $2
)
LIMIT 1

-- After
SELECT
  "SharedLinkEntity"."albumId" AS "SharedLinkEntity_albumId",
  "SharedLinkEntity"."id" AS "SharedLinkEntity_id"
FROM "shared_links" "SharedLinkEntity"
WHERE
  "SharedLinkEntity"."id" = $1
  AND "SharedLinkEntity"."albumId" IN ($2, $3)
```

* Shared album access:

```sql
-- Before
SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS (
  SELECT 1
  FROM "albums" "AlbumEntity"
    LEFT JOIN "albums_shared_users_users" "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"
      ON "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."albumsId"="AlbumEntity"."id"
    LEFT JOIN "users" "AlbumEntity__AlbumEntity_sharedUsers"
      ON "AlbumEntity__AlbumEntity_sharedUsers"."id"="AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."usersId"
      AND "AlbumEntity__AlbumEntity_sharedUsers"."deletedAt" IS NULL
  WHERE
    "AlbumEntity"."id" = $1
    AND "AlbumEntity__AlbumEntity_sharedUsers"."id" = $2
    AND "AlbumEntity"."deletedAt" IS NULL
)
LIMIT 1

-- After
SELECT
  "AlbumEntity"."id" AS "AlbumEntity_id"
FROM "albums" "AlbumEntity"
  LEFT JOIN "albums_shared_users_users" "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"
    ON "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."albumsId"="AlbumEntity"."id"
  LEFT JOIN "users" "AlbumEntity__AlbumEntity_sharedUsers"
    ON "AlbumEntity__AlbumEntity_sharedUsers"."id"="AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."usersId"
    AND "AlbumEntity__AlbumEntity_sharedUsers"."deletedAt" IS NULL
WHERE
  "AlbumEntity"."id" IN ($1, $2)
  AND "AlbumEntity__AlbumEntity_sharedUsers"."id" = $3
  AND "AlbumEntity"."deletedAt" IS NULL
```

* chore(server): Add set utils, avoid double queries for same ids

* chore(server): Review feedback

server/src/infra/repositories/access.repository.ts

@@ -1,6 +1,6 @@
 import { IAccessRepository } from '@app/domain';
 import { InjectRepository } from '@nestjs/typeorm';
-import { Repository } from 'typeorm';
+import { In, Repository } from 'typeorm';
 import {
   ActivityEntity,
   AlbumEntity,
@@ -209,33 +209,57 @@ export class AccessRepository implements IAccessRepository {
   };
 
   album = {
-    hasOwnerAccess: (userId: string, albumId: string): Promise<boolean> => {
-      return this.albumRepository.exist({
-        where: {
-          id: albumId,
-          ownerId: userId,
-        },
-      });
-    },
+    checkOwnerAccess: async (userId: string, albumIds: Set<string>): Promise<Set<string>> => {
+      if (albumIds.size === 0) {
+        return new Set();
+      }
 
-    hasSharedAlbumAccess: (userId: string, albumId: string): Promise<boolean> => {
-      return this.albumRepository.exist({
-        where: {
-          id: albumId,
-          sharedUsers: {
-            id: userId,
+      return this.albumRepository
+        .find({
+          select: { id: true },
+          where: {
+            id: In([...albumIds]),
+            ownerId: userId,
           },
-        },
-      });
+        })
+        .then((albums) => new Set(albums.map((album) => album.id)));
     },
 
-    hasSharedLinkAccess: (sharedLinkId: string, albumId: string): Promise<boolean> => {
-      return this.sharedLinkRepository.exist({
-        where: {
-          id: sharedLinkId,
-          albumId,
-        },
-      });
+    checkSharedAlbumAccess: async (userId: string, albumIds: Set<string>): Promise<Set<string>> => {
+      if (albumIds.size === 0) {
+        return new Set();
+      }
+
+      return this.albumRepository
+        .find({
+          select: { id: true },
+          where: {
+            id: In([...albumIds]),
+            sharedUsers: {
+              id: userId,
+            },
+          },
+        })
+        .then((albums) => new Set(albums.map((album) => album.id)));
+    },
+
+    checkSharedLinkAccess: async (sharedLinkId: string, albumIds: Set<string>): Promise<Set<string>> => {
+      if (albumIds.size === 0) {
+        return new Set();
+      }
+
+      return this.sharedLinkRepository
+        .find({
+          select: { albumId: true },
+          where: {
+            id: sharedLinkId,
+            albumId: In([...albumIds]),
+          },
+        })
+        .then(
+          (sharedLinks) =>
+            new Set(sharedLinks.flatMap((sharedLink) => (!!sharedLink.albumId ? [sharedLink.albumId] : []))),
+        );
     },
   };