cjones/immich
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(server): tighten asset visibility (#18699)

Browse Source 
* tighten visibility

* update sql

* elevated access util function

* fix potential sync issue

* include in user stats

* include hidden assets in size usage

* filter visibility in search duplicates query

* stack visibility
This commit is contained in:
Mert
2025-06-02 10:33:08 -04:00
committed by GitHub
parent b5c3a675b2
commit fa22e865a4
21 changed files with 132 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/services/search.service.ts
+15 -3
View File
@@ -14,8 +14,9 @@ import {
SearchSuggestionType,
SmartSearchDto,
} from 'src/dtos/search.dto';
import { AssetOrder } from 'src/enum';
import { AssetOrder, AssetVisibility } from 'src/enum';
import { BaseService } from 'src/services/base.service';
import { requireElevatedPermission } from 'src/utils/access';
import { getMyPartnerIds } from 'src/utils/asset.util';
import { isSmartSearchEnabled } from 'src/utils/misc';
@@ -40,9 +41,11 @@ export class SearchService extends BaseService {
}
async searchMetadata(auth: AuthDto, dto: MetadataSearchDto): Promise<SearchResponseDto> {
let checksum: Buffer | undefined;
const userIds = await this.getUserIdsToSearch(auth);
if (dto.visibility === AssetVisibility.LOCKED) {
requireElevatedPermission(auth);
}
let checksum: Buffer | undefined;
if (dto.checksum) {
const encoding = dto.checksum.length === 28 ? 'base64' : 'hex';
checksum = Buffer.from(dto.checksum, encoding);
@@ -50,6 +53,7 @@ export class SearchService extends BaseService {
const page = dto.page ?? 1;
const size = dto.size || 250;
const userIds = await this.getUserIdsToSearch(auth);
const { hasNextPage, items } = await this.searchRepository.searchMetadata(
{ page, size },
{
@@ -64,12 +68,20 @@ export class SearchService extends BaseService {
}
async searchRandom(auth: AuthDto, dto: RandomSearchDto): Promise<AssetResponseDto[]> {
if (dto.visibility === AssetVisibility.LOCKED) {
requireElevatedPermission(auth);
}
const userIds = await this.getUserIdsToSearch(auth);
const items = await this.searchRepository.searchRandom(dto.size || 250, { ...dto, userIds });
return items.map((item) => mapAsset(item, { auth }));
}
async searchSmart(auth: AuthDto, dto: SmartSearchDto): Promise<SearchResponseDto> {
if (dto.visibility === AssetVisibility.LOCKED) {
requireElevatedPermission(auth);
}
const { machineLearning } = await this.getConfig({ withCache: false });
if (!isSmartSearchEnabled(machineLearning)) {
throw new BadRequestException('Smart search is not enabled');