fix(server): tighten asset visibility (#18699)

* tighten visibility

* update sql

* elevated access util function

* fix potential sync issue

* include in user stats

* include hidden assets in size usage

* filter visibility in search duplicates query

* stack visibility

server/src/queries/person.repository.sql

@@ -182,27 +182,42 @@ from
   "asset_faces"
   left join "assets" on "assets"."id" = "asset_faces"."assetId"
   and "asset_faces"."personId" = $1
-  and "assets"."visibility" != $2
+  and "assets"."visibility" = 'timeline'
   and "assets"."deletedAt" is null
 where
   "asset_faces"."deletedAt" is null
 
 -- PersonRepository.getNumberOfPeople
 select
-  count(distinct ("person"."id")) as "total",
-  count(distinct ("person"."id")) filter (
-    where
-      "person"."isHidden" = $1
+  coalesce(count(*), 0) as "total",
+  coalesce(
+    count(*) filter (
+      where
+        "isHidden" = $1
+    ),
+    0
   ) as "hidden"
 from
   "person"
-  inner join "asset_faces" on "asset_faces"."personId" = "person"."id"
-  inner join "assets" on "assets"."id" = "asset_faces"."assetId"
-  and "assets"."deletedAt" is null
-  and "assets"."visibility" != $2
 where
-  "person"."ownerId" = $3
-  and "asset_faces"."deletedAt" is null
+  exists (
+    select
+    from
+      "asset_faces"
+    where
+      "asset_faces"."personId" = "person"."id"
+      and "asset_faces"."deletedAt" is null
+      and exists (
+        select
+        from
+          "assets"
+        where
+          "assets"."id" = "asset_faces"."assetId"
+          and "assets"."visibility" = 'timeline'
+          and "assets"."deletedAt" is null
+      )
+  )
+  and "person"."ownerId" = $2
 
 -- PersonRepository.refreshFaces
 with