feat(web,server): user storage label (#2418)
* feat: user storage label * chore: open api * fix: checks * fix: api update validation and tests * feat: default admin storage label * fix: linting * fix: user create/update dto * fix: delete library with custom label
This commit is contained in:
Jason Rasmussen
@@ -1,24 +1,28 @@
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsNotEmpty, IsEmail } from 'class-validator';
|
||||
import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
|
||||
import { toEmail, toSanitized } from '../../../../../apps/immich/src/utils/transform.util';
|
||||
|
||||
export class CreateUserDto {
|
||||
@IsEmail()
|
||||
@Transform(({ value }) => value?.toLowerCase())
|
||||
@ApiProperty({ example: 'testuser@email.com' })
|
||||
@Transform(toEmail)
|
||||
email!: string;
|
||||
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({ example: 'password' })
|
||||
@IsString()
|
||||
password!: string;
|
||||
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({ example: 'John' })
|
||||
@IsString()
|
||||
firstName!: string;
|
||||
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({ example: 'Doe' })
|
||||
@IsString()
|
||||
lastName!: string;
|
||||
|
||||
@IsOptional()
|
||||
@IsString()
|
||||
@Transform(toSanitized)
|
||||
storageLabel?: string | null;
|
||||
}
|
||||
|
||||
export class CreateAdminDto {
|
||||
|
||||
@@ -1,8 +1,34 @@
|
||||
import { IsBoolean, IsNotEmpty, IsOptional, IsUUID } from 'class-validator';
|
||||
import { CreateUserDto } from './create-user.dto';
|
||||
import { ApiProperty, PartialType } from '@nestjs/swagger';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
|
||||
import { toEmail, toSanitized } from '../../../../../apps/immich/src/utils/transform.util';
|
||||
|
||||
export class UpdateUserDto {
|
||||
@IsOptional()
|
||||
@IsEmail()
|
||||
@Transform(toEmail)
|
||||
email?: string;
|
||||
|
||||
@IsOptional()
|
||||
@IsNotEmpty()
|
||||
@IsString()
|
||||
password?: string;
|
||||
|
||||
@IsOptional()
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
firstName?: string;
|
||||
|
||||
@IsOptional()
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
lastName?: string;
|
||||
|
||||
@IsOptional()
|
||||
@IsString()
|
||||
@Transform(toSanitized)
|
||||
storageLabel?: string;
|
||||
|
||||
export class UpdateUserDto extends PartialType(CreateUserDto) {
|
||||
@IsNotEmpty()
|
||||
@IsUUID('4')
|
||||
@ApiProperty({ format: 'uuid' })
|
||||
|
||||
@@ -5,6 +5,7 @@ export class UserResponseDto {
|
||||
email!: string;
|
||||
firstName!: string;
|
||||
lastName!: string;
|
||||
storageLabel!: string | null;
|
||||
createdAt!: string;
|
||||
profileImagePath!: string;
|
||||
shouldChangePassword!: boolean;
|
||||
@@ -20,6 +21,7 @@ export function mapUser(entity: UserEntity): UserResponseDto {
|
||||
email: entity.email,
|
||||
firstName: entity.firstName,
|
||||
lastName: entity.lastName,
|
||||
storageLabel: entity.storageLabel,
|
||||
createdAt: entity.createdAt,
|
||||
profileImagePath: entity.profileImagePath,
|
||||
shouldChangePassword: entity.shouldChangePassword,
|
||||
|
||||
@@ -5,7 +5,6 @@ import {
|
||||
InternalServerErrorException,
|
||||
Logger,
|
||||
NotFoundException,
|
||||
UnauthorizedException,
|
||||
} from '@nestjs/common';
|
||||
import { hash } from 'bcrypt';
|
||||
import { constants, createReadStream, ReadStream } from 'fs';
|
||||
@@ -28,6 +27,7 @@ export class UserCore {
|
||||
if (!authUser.isAdmin) {
|
||||
// Users can never update the isAdmin property.
|
||||
delete dto.isAdmin;
|
||||
delete dto.storageLabel;
|
||||
} else if (dto.isAdmin && authUser.id !== id) {
|
||||
// Admin cannot create another admin.
|
||||
throw new BadRequestException('The server already has an admin');
|
||||
@@ -36,7 +36,14 @@ export class UserCore {
|
||||
if (dto.email) {
|
||||
const duplicate = await this.userRepository.getByEmail(dto.email);
|
||||
if (duplicate && duplicate.id !== id) {
|
||||
throw new BadRequestException('Email already in user by another account');
|
||||
throw new BadRequestException('Email already in use by another account');
|
||||
}
|
||||
}
|
||||
|
||||
if (dto.storageLabel) {
|
||||
const duplicate = await this.userRepository.getByStorageLabel(dto.storageLabel);
|
||||
if (duplicate && duplicate.id !== id) {
|
||||
throw new BadRequestException('Storage label already in use by another account');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,6 +52,10 @@ export class UserCore {
|
||||
dto.password = await this.cryptoRepository.hashBcrypt(dto.password, SALT_ROUNDS);
|
||||
}
|
||||
|
||||
if (dto.storageLabel === '') {
|
||||
dto.storageLabel = null;
|
||||
}
|
||||
|
||||
return this.userRepository.update(id, dto);
|
||||
} catch (e) {
|
||||
Logger.error(e, 'Failed to update user info');
|
||||
@@ -106,14 +117,8 @@ export class UserCore {
|
||||
}
|
||||
|
||||
async createProfileImage(authUser: AuthUserDto, filePath: string): Promise<UserEntity> {
|
||||
// TODO: do we need to do this? Maybe we can trust the authUser
|
||||
const user = await this.userRepository.get(authUser.id);
|
||||
if (!user) {
|
||||
throw new NotFoundException('User not found');
|
||||
}
|
||||
|
||||
try {
|
||||
return this.userRepository.update(user.id, { profileImagePath: filePath });
|
||||
return this.userRepository.update(authUser.id, { profileImagePath: filePath });
|
||||
} catch (e) {
|
||||
Logger.error(e, 'Create User Profile Image');
|
||||
throw new InternalServerErrorException('Failed to create new user profile image');
|
||||
@@ -121,12 +126,7 @@ export class UserCore {
|
||||
}
|
||||
|
||||
async restoreUser(authUser: AuthUserDto, userToRestore: UserEntity): Promise<UserEntity> {
|
||||
// TODO: do we need to do this? Maybe we can trust the authUser
|
||||
const requestor = await this.userRepository.get(authUser.id);
|
||||
if (!requestor) {
|
||||
throw new UnauthorizedException('Requestor not found');
|
||||
}
|
||||
if (!requestor.isAdmin) {
|
||||
if (!authUser.isAdmin) {
|
||||
throw new ForbiddenException('Unauthorized');
|
||||
}
|
||||
try {
|
||||
@@ -138,12 +138,7 @@ export class UserCore {
|
||||
}
|
||||
|
||||
async deleteUser(authUser: AuthUserDto, userToDelete: UserEntity): Promise<UserEntity> {
|
||||
// TODO: do we need to do this? Maybe we can trust the authUser
|
||||
const requestor = await this.userRepository.get(authUser.id);
|
||||
if (!requestor) {
|
||||
throw new UnauthorizedException('Requestor not found');
|
||||
}
|
||||
if (!requestor.isAdmin) {
|
||||
if (!authUser.isAdmin) {
|
||||
throw new ForbiddenException('Unauthorized');
|
||||
}
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import { UserEntity } from '@app/infra/entities';
|
||||
|
||||
export interface UserListFilter {
|
||||
excludeId?: string;
|
||||
withDeleted?: boolean;
|
||||
}
|
||||
|
||||
export interface UserStatsQueryResponse {
|
||||
@@ -19,6 +19,7 @@ export interface IUserRepository {
|
||||
get(id: string, withDeleted?: boolean): Promise<UserEntity | null>;
|
||||
getAdmin(): Promise<UserEntity | null>;
|
||||
getByEmail(email: string, withPassword?: boolean): Promise<UserEntity | null>;
|
||||
getByStorageLabel(storageLabel: string): Promise<UserEntity | null>;
|
||||
getByOAuthId(oauthId: string): Promise<UserEntity | null>;
|
||||
getDeletedUsers(): Promise<UserEntity[]>;
|
||||
getList(filter?: UserListFilter): Promise<UserEntity[]>;
|
||||
|
||||
@@ -36,7 +36,7 @@ const adminUserAuth: AuthUserDto = Object.freeze({
|
||||
});
|
||||
|
||||
const immichUserAuth: AuthUserDto = Object.freeze({
|
||||
id: 'immich_id',
|
||||
id: 'user-id',
|
||||
email: 'immich@test.com',
|
||||
isAdmin: false,
|
||||
});
|
||||
@@ -55,6 +55,7 @@ const adminUser: UserEntity = Object.freeze({
|
||||
updatedAt: '2021-01-01',
|
||||
tags: [],
|
||||
assets: [],
|
||||
storageLabel: 'admin',
|
||||
});
|
||||
|
||||
const immichUser: UserEntity = Object.freeze({
|
||||
@@ -71,6 +72,7 @@ const immichUser: UserEntity = Object.freeze({
|
||||
updatedAt: '2021-01-01',
|
||||
tags: [],
|
||||
assets: [],
|
||||
storageLabel: null,
|
||||
});
|
||||
|
||||
const updatedImmichUser: UserEntity = Object.freeze({
|
||||
@@ -87,6 +89,7 @@ const updatedImmichUser: UserEntity = Object.freeze({
|
||||
updatedAt: '2021-01-01',
|
||||
tags: [],
|
||||
assets: [],
|
||||
storageLabel: null,
|
||||
});
|
||||
|
||||
const adminUserResponse = Object.freeze({
|
||||
@@ -101,6 +104,7 @@ const adminUserResponse = Object.freeze({
|
||||
profileImagePath: '',
|
||||
createdAt: '2021-01-01',
|
||||
updatedAt: '2021-01-01',
|
||||
storageLabel: 'admin',
|
||||
});
|
||||
|
||||
describe(UserService.name, () => {
|
||||
@@ -150,7 +154,7 @@ describe(UserService.name, () => {
|
||||
|
||||
const response = await sut.getAllUsers(adminUserAuth, false);
|
||||
|
||||
expect(userRepositoryMock.getList).toHaveBeenCalledWith({ excludeId: adminUser.id });
|
||||
expect(userRepositoryMock.getList).toHaveBeenCalledWith({ withDeleted: true });
|
||||
expect(response).toEqual([
|
||||
{
|
||||
id: adminUserAuth.id,
|
||||
@@ -164,6 +168,7 @@ describe(UserService.name, () => {
|
||||
profileImagePath: '',
|
||||
createdAt: '2021-01-01',
|
||||
updatedAt: '2021-01-01',
|
||||
storageLabel: 'admin',
|
||||
},
|
||||
]);
|
||||
});
|
||||
@@ -231,6 +236,22 @@ describe(UserService.name, () => {
|
||||
expect(updatedUser.shouldChangePassword).toEqual(true);
|
||||
});
|
||||
|
||||
it('should not set an empty string for storage label', async () => {
|
||||
userRepositoryMock.update.mockResolvedValue(updatedImmichUser);
|
||||
|
||||
await sut.updateUser(adminUserAuth, { id: immichUser.id, storageLabel: '' });
|
||||
|
||||
expect(userRepositoryMock.update).toHaveBeenCalledWith(immichUser.id, { id: immichUser.id, storageLabel: null });
|
||||
});
|
||||
|
||||
it('should omit a storage label set by non-admin users', async () => {
|
||||
userRepositoryMock.update.mockResolvedValue(updatedImmichUser);
|
||||
|
||||
await sut.updateUser(immichUserAuth, { id: immichUser.id, storageLabel: 'admin' });
|
||||
|
||||
expect(userRepositoryMock.update).toHaveBeenCalledWith(immichUser.id, { id: immichUser.id });
|
||||
});
|
||||
|
||||
it('user can only update its information', async () => {
|
||||
when(userRepositoryMock.get)
|
||||
.calledWith('not_immich_auth_user_id', undefined)
|
||||
@@ -255,7 +276,7 @@ describe(UserService.name, () => {
|
||||
await sut.updateUser(immichUser, dto);
|
||||
|
||||
expect(userRepositoryMock.update).toHaveBeenCalledWith(immichUser.id, {
|
||||
id: 'immich_id',
|
||||
id: 'user-id',
|
||||
email: 'updated@test.com',
|
||||
});
|
||||
});
|
||||
@@ -271,6 +292,17 @@ describe(UserService.name, () => {
|
||||
expect(userRepositoryMock.update).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('should not let the admin change the storage label to one already in use', async () => {
|
||||
const dto = { id: immichUser.id, storageLabel: 'admin' };
|
||||
|
||||
userRepositoryMock.get.mockResolvedValue(immichUser);
|
||||
userRepositoryMock.getByStorageLabel.mockResolvedValue(adminUser);
|
||||
|
||||
await expect(sut.updateUser(adminUser, dto)).rejects.toBeInstanceOf(BadRequestException);
|
||||
|
||||
expect(userRepositoryMock.update).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('admin can update any user information', async () => {
|
||||
const update: UpdateUserDto = {
|
||||
id: immichUser.id,
|
||||
@@ -481,6 +513,16 @@ describe(UserService.name, () => {
|
||||
expect(userRepositoryMock.delete).toHaveBeenCalledWith(user, true);
|
||||
});
|
||||
|
||||
it('should delete the library path for a storage label', async () => {
|
||||
const user = { id: 'deleted-user', deletedAt: makeDeletedAt(10), storageLabel: 'admin' } as UserEntity;
|
||||
|
||||
await sut.handleUserDelete({ user });
|
||||
|
||||
const options = { force: true, recursive: true };
|
||||
|
||||
expect(storageMock.unlinkDir).toHaveBeenCalledWith('upload/library/admin', options);
|
||||
});
|
||||
|
||||
it('should handle an error', async () => {
|
||||
const user = { id: 'deleted-user', deletedAt: makeDeletedAt(10) } as UserEntity;
|
||||
|
||||
|
||||
@@ -44,13 +44,8 @@ export class UserService {
|
||||
}
|
||||
|
||||
async getAllUsers(authUser: AuthUserDto, isAll: boolean): Promise<UserResponseDto[]> {
|
||||
if (isAll) {
|
||||
const allUsers = await this.userCore.getList();
|
||||
return allUsers.map(mapUser);
|
||||
}
|
||||
|
||||
const allUserExceptRequestedUser = await this.userCore.getList({ excludeId: authUser.id });
|
||||
return allUserExceptRequestedUser.map(mapUser);
|
||||
const users = await this.userCore.getList({ withDeleted: !isAll });
|
||||
return users.map(mapUser);
|
||||
}
|
||||
|
||||
async getUserById(userId: string, withDeleted = false): Promise<UserResponseDto> {
|
||||
@@ -165,7 +160,7 @@ export class UserService {
|
||||
|
||||
try {
|
||||
const folders = [
|
||||
this.storageCore.getFolderLocation(StorageFolder.LIBRARY, user.id),
|
||||
this.storageCore.getLibraryFolder(user),
|
||||
this.storageCore.getFolderLocation(StorageFolder.UPLOAD, user.id),
|
||||
this.storageCore.getFolderLocation(StorageFolder.PROFILE, user.id),
|
||||
this.storageCore.getFolderLocation(StorageFolder.THUMBNAILS, user.id),
|
||||
|
||||
Reference in New Issue
Block a user