cjones/immich
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(server): tighten asset visibility (#18699)

Browse Source 
* tighten visibility

* update sql

* elevated access util function

* fix potential sync issue

* include in user stats

* include hidden assets in size usage

* filter visibility in search duplicates query

* stack visibility
This commit is contained in:
Mert
2025-06-02 10:33:08 -04:00
committed by GitHub
parent b5c3a675b2
commit fa22e865a4
21 changed files with 132 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/services/timeline.service.ts
+5
View File
@@ -4,6 +4,7 @@ import { TimeBucketAssetDto, TimeBucketDto, TimeBucketsResponseDto } from 'src/d
import { AssetVisibility, Permission } from 'src/enum';
import { TimeBucketOptions } from 'src/repositories/asset.repository';
import { BaseService } from 'src/services/base.service';
import { requireElevatedPermission } from 'src/utils/access';
import { getMyPartnerIds } from 'src/utils/asset.util';
@Injectable()
@@ -44,6 +45,10 @@ export class TimelineService extends BaseService {
}
private async timeBucketChecks(auth: AuthDto, dto: TimeBucketDto) {
if (dto.visibility === AssetVisibility.LOCKED) {
requireElevatedPermission(auth);
}
if (dto.albumId) {
await this.requireAccess({ auth, permission: Permission.ALBUM_READ, ids: [dto.albumId] });
} else {