chore(server): Check activity permissions in bulk (#5775)

Modify Access repository, to evaluate `asset` permissions in bulk. This is the last set of permission changes, to migrate all of them to run in bulk! Queries have been validated to match what they currently generate for single ids. Queries: * `activity` owner access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "activity" "ActivityEntity" WHERE "ActivityEntity"."id" = $1 AND "ActivityEntity"."userId" = $2 ) LIMIT 1 -- After SELECT "ActivityEntity"."id" AS "ActivityEntity_id" FROM "activity" "ActivityEntity" WHERE "ActivityEntity"."id" IN ($1) AND "ActivityEntity"."userId" = $2 ``` * `activity` album owner access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "activity" "ActivityEntity" LEFT JOIN "albums" "ActivityEntity__ActivityEntity_album" ON "ActivityEntity__ActivityEntity_album"."id"="ActivityEntity"."albumId" AND "ActivityEntity__ActivityEntity_album"."deletedAt" IS NULL WHERE "ActivityEntity"."id" = $1 AND "ActivityEntity__ActivityEntity_album"."ownerId" = $2 ) LIMIT 1 -- After SELECT "ActivityEntity"."id" AS "ActivityEntity_id" FROM "activity" "ActivityEntity" LEFT JOIN "albums" "ActivityEntity__ActivityEntity_album" ON "ActivityEntity__ActivityEntity_album"."id"="ActivityEntity"."albumId" AND "ActivityEntity__ActivityEntity_album"."deletedAt" IS NULL WHERE "ActivityEntity"."id" IN ($1) AND "ActivityEntity__ActivityEntity_album"."ownerId" = $2 ``` * `activity` create access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "albums" "AlbumEntity" LEFT JOIN "albums_shared_users_users" "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers" ON "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."albumsId"="AlbumEntity"."id" LEFT JOIN "users" "AlbumEntity__AlbumEntity_sharedUsers" ON "AlbumEntity__AlbumEntity_sharedUsers"."id"="AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."usersId" AND "AlbumEntity__AlbumEntity_sharedUsers"."deletedAt" IS NULL WHERE ( ( "AlbumEntity"."id" = $1 AND "AlbumEntity"."isActivityEnabled" = $2 AND "AlbumEntity__AlbumEntity_sharedUsers"."id" = $3 ) OR ( "AlbumEntity"."id" = $4 AND "AlbumEntity"."isActivityEnabled" = $5 AND "AlbumEntity"."ownerId" = $6 ) ) AND "AlbumEntity"."deletedAt" IS NULL ) LIMIT 1 -- After SELECT "AlbumEntity"."id" AS "AlbumEntity_id" FROM "albums" "AlbumEntity" LEFT JOIN "albums_shared_users_users" "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers" ON "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."albumsId"="AlbumEntity"."id" LEFT JOIN "users" "AlbumEntity__AlbumEntity_sharedUsers" ON "AlbumEntity__AlbumEntity_sharedUsers"."id"="AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."usersId" AND "AlbumEntity__AlbumEntity_sharedUsers"."deletedAt" IS NULL WHERE ( ( "AlbumEntity"."id" IN ($1) AND "AlbumEntity"."isActivityEnabled" = $2 AND "AlbumEntity__AlbumEntity_sharedUsers"."id" = $3 ) OR ( "AlbumEntity"."id" IN ($4) AND "AlbumEntity"."isActivityEnabled" = $5 AND "AlbumEntity"."ownerId" = $6 ) ) AND "AlbumEntity"."deletedAt" IS NULL ```
2023-12-17 13:10:21 -05:00
parent 691e20521d
commit c6f56d9591
6 changed files with 89 additions and 79 deletions
@@ -93,7 +93,7 @@ describe(ActivityService.name, () => {
    });

    it('should create a comment', async () => {
-      accessMock.activity.hasCreateAccess.mockResolvedValue(true);
+      accessMock.activity.checkCreateAccess.mockResolvedValue(new Set(['album-id']));
      activityMock.create.mockResolvedValue(activityStub.oneComment);

      await sut.create(authStub.admin, {
@@ -114,7 +114,6 @@ describe(ActivityService.name, () => {

    it('should fail because activity is disabled for the album', async () => {
      accessMock.album.checkOwnerAccess.mockResolvedValue(new Set(['album-id']));
-      accessMock.activity.hasCreateAccess.mockResolvedValue(false);
      activityMock.create.mockResolvedValue(activityStub.oneComment);

      await expect(
@@ -128,7 +127,7 @@ describe(ActivityService.name, () => {
    });

    it('should create a like', async () => {
-      accessMock.activity.hasCreateAccess.mockResolvedValue(true);
+      accessMock.activity.checkCreateAccess.mockResolvedValue(new Set(['album-id']));
      activityMock.create.mockResolvedValue(activityStub.liked);
      activityMock.search.mockResolvedValue([]);

@@ -148,7 +147,7 @@ describe(ActivityService.name, () => {

    it('should skip if like exists', async () => {
      accessMock.album.checkOwnerAccess.mockResolvedValue(new Set(['album-id']));
-      accessMock.activity.hasCreateAccess.mockResolvedValue(true);
+      accessMock.activity.checkCreateAccess.mockResolvedValue(new Set(['album-id']));
      activityMock.search.mockResolvedValue([activityStub.liked]);

      await sut.create(authStub.admin, {
@@ -163,19 +162,18 @@ describe(ActivityService.name, () => {

  describe('delete', () => {
    it('should require access', async () => {
-      accessMock.activity.hasOwnerAccess.mockResolvedValue(false);
      await expect(sut.delete(authStub.admin, activityStub.oneComment.id)).rejects.toBeInstanceOf(BadRequestException);
      expect(activityMock.delete).not.toHaveBeenCalled();
    });

    it('should let the activity owner delete a comment', async () => {
-      accessMock.activity.hasOwnerAccess.mockResolvedValue(true);
+      accessMock.activity.checkOwnerAccess.mockResolvedValue(new Set(['activity-id']));
      await sut.delete(authStub.admin, 'activity-id');
      expect(activityMock.delete).toHaveBeenCalledWith('activity-id');
    });

    it('should let the album owner delete a comment', async () => {
-      accessMock.activity.hasAlbumOwnerAccess.mockResolvedValue(true);
+      accessMock.activity.checkAlbumOwnerAccess.mockResolvedValue(new Set(['activity-id']));
      await sut.delete(authStub.admin, 'activity-id');
      expect(activityMock.delete).toHaveBeenCalledWith('activity-id');
    });