feat: faster access checks

2025-09-11 14:17:43 -04:00
44 changed files with 475 additions and 291 deletions
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@@ -26,7 +26,7 @@ services:
    env_file: !reset []
  init:
    env_file: !reset []
-    command: sh -c 'find /data -maxdepth 1 ! -path "/data/postgres" -type d -exec chown ${UID:-0}:${GID:-0} {} + 2>/dev/null || true; for path in /usr/src/app/.pnpm-store /usr/src/app/server/node_modules /usr/src/app/server/dist /usr/src/app/.github/node_modules /usr/src/app/cli/node_modules /usr/src/app/docs/node_modules /usr/src/app/e2e/node_modules /usr/src/app/open-api/typescript-sdk/node_modules /usr/src/app/web/.svelte-kit /usr/src/app/web/coverage /usr/src/app/node_modules /usr/src/app/web/node_modules; do [ -e "$$path" ] && chown -R ${UID:-0}:${GID:-0} "$$path" || true; done'
+    command: sh -c 'find /data -maxdepth 1 ! -path "/data/postgres" -type d -exec chown ${UID:-1000}:${GID:-1000} {} + 2>/dev/null || true; for path in /usr/src/app/.pnpm-store /usr/src/app/server/node_modules /usr/src/app/server/dist /usr/src/app/.github/node_modules /usr/src/app/cli/node_modules /usr/src/app/docs/node_modules /usr/src/app/e2e/node_modules /usr/src/app/open-api/typescript-sdk/node_modules /usr/src/app/web/.svelte-kit /usr/src/app/web/coverage /usr/src/app/node_modules /usr/src/app/web/node_modules; do [ -e "$$path" ] && chown -R ${UID:-1000}:${GID:-1000} "$$path" || true; done'
  immich-machine-learning:
    env_file: !reset []
  database:
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -35,7 +35,7 @@ jobs:
    needs: [get_body, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:1669c75a5542333ff6b03c13d5fd259ea8d798188b84d5d99093d62e4542eb05
+      image: yshavit/mdq:0.9.0@sha256:4399483ca857fb1a7ed28a596f754c7373e358647de31ce14b79a27c91e1e35e
    outputs:
      checked: ${{ steps.get_checkbox.outputs.checked }}
    steps:
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -1,15 +1,8 @@
 name: Merge translations

 on:
-  workflow_dispatch:
  workflow_call:
-    secrets:
-      PUSH_O_MATIC_APP_ID:
-        required: true
-      PUSH_O_MATIC_APP_KEY:
-        required: true
-      WEBLATE_TOKEN:
-        required: true
+  workflow_dispatch:

 permissions: {}

--- a/8
+++ b/8
@@ -70,9 +70,11 @@ VOLUME_DIRS = \

 # Helper function to chown, on error suggest remediation and exit
 define safe_chown
-	CURRENT_OWNER=$$(stat -c '%u:%g' "$(1)" 2>/dev/null || echo "none"); \
-	DESIRED_OWNER="$(or $(UID),0):$(or $(GID),0)"; \
-	if [ "$$CURRENT_OWNER" != "$$DESIRED_OWNER" ] && ! chown -v $(2) $$DESIRED_OWNER "$(1)" 2>/dev/null; then \
+	if chown $(2) $(or $(UID),1000):$(or $(GID),1000) "$(1)" 2>/dev/null; then \
+		true; \
+	else \
+	  	STATUS=$$?; echo "Exit code: $$STATUS $(1)"; \
+		echo "$$STATUS $(1)"; \
 		echo "Permission denied when changing owner of volumes and upload location. Try running 'sudo make prepare-volumes' first."; \
 		exit 1; \
 	fi;
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.89",
+  "version": "2.2.88",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -21,7 +21,7 @@ services:
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
-    user: '${UID:-0}:${GID:-0}'
+    user: '${UID:-1000}:${GID:-1000}'
    build:
      context: ../
      dockerfile: server/Dockerfile
@@ -82,7 +82,7 @@ services:
    image: immich-web-dev:latest
    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
    # user: 0:0
-    user: '${UID:-0}:${GID:-0}'
+    user: '${UID:-1000}:${GID:-1000}'
    build:
      context: ../
      dockerfile: server/Dockerfile
@@ -189,7 +189,7 @@ services:
    env_file:
      - .env
    user: 0:0
-    command: sh -c 'find /data -maxdepth 1 -type d -exec chown ${UID:-0}:${GID:-0} {} + 2>/dev/null || true; for path in /usr/src/app/.pnpm-store /usr/src/app/server/node_modules /usr/src/app/server/dist /usr/src/app/.github/node_modules /usr/src/app/cli/node_modules /usr/src/app/docs/node_modules /usr/src/app/e2e/node_modules /usr/src/app/open-api/typescript-sdk/node_modules /usr/src/app/web/.svelte-kit /usr/src/app/web/coverage /usr/src/app/node_modules /usr/src/app/web/node_modules; do [ -e "$$path" ] && chown -R ${UID:-0}:${GID:-0} "$$path" || true; done'
+    command: sh -c 'find /data -maxdepth 1 -type d -exec chown ${UID:-1000}:${GID:-1000} {} + 2>/dev/null || true; for path in /usr/src/app/.pnpm-store /usr/src/app/server/node_modules /usr/src/app/server/dist /usr/src/app/.github/node_modules /usr/src/app/cli/node_modules /usr/src/app/docs/node_modules /usr/src/app/e2e/node_modules /usr/src/app/open-api/typescript-sdk/node_modules /usr/src/app/web/.svelte-kit /usr/src/app/web/coverage /usr/src/app/node_modules /usr/src/app/web/node_modules; do [ -e "$$path" ] && chown -R ${UID:-1000}:${GID:-1000} "$$path" || true; done'
    volumes:
      - pnpm-store:/usr/src/app/.pnpm-store
      - server-node_modules:/usr/src/app/server/node_modules
--- a/docs/static/archived-versions.json
+++ b/docs/static/archived-versions.json
@@ -1,8 +1,4 @@
 [
-  {
-    "label": "v1.142.0",
-    "url": "https://v1.142.0.archive.immich.app"
-  },
  {
    "label": "v1.141.1",
    "url": "https://v1.141.1.archive.immich.app"
--- a/e2e/package.json
+++ b/e2e/package.json
@@ -1,6 +1,6 @@
 {
  "name": "immich-e2e",
-  "version": "1.142.0",
+  "version": "1.141.1",
  "description": "",
  "main": "index.js",
  "type": "module",
--- a/i18n/ja.json
+++ b/i18n/ja.json
@@ -1473,9 +1473,9 @@
  "permission_onboarding_permission_limited": "写真へのアクセスが制限されています。Immichが写真のバックアップと管理を行うには、システム設定から写真と動画のアクセス権限を変更してください。",
  "permission_onboarding_request": "Immichは写真へのアクセス許可が必要です",
  "person": "人物",
-  "person_age_months": "生後 {months, plural, one {# ヶ月} other {# ヶ月}}",
-  "person_age_year_months": "1 歳と, {months, plural, one {# ヶ月} other {# ヶ月}}",
-  "person_age_years": "{years, plural, other {# 歳}}",
+  "person_age_months": "{months, plural, one {# ヶ月} other {# ヶ月}} 前",
+  "person_age_year_months": "1 年, {months, plural, one {# ヶ月} other {# ヶ月}} 前",
+  "person_age_years": "{years, plural, other {# 年}}前",
  "person_birthdate": "{date}生まれ",
  "person_hidden": "{name}{hidden, select, true { (非表示)} other {}}",
  "photo_shared_all_users": "写真をすべてのユーザーと共有したか、共有するユーザーがいないようです。",
@@ -2024,7 +2024,7 @@
  "upload_success": "アップロード成功、新しくアップロードされたアセットを見るにはページを更新してください。",
  "upload_to_immich": "Immichにアップロード ({count})",
  "uploading": "アップロード中",
-  "uploading_media": "メディアをアップロード中",
+  "uploading_media": "メディアをアップロード",
  "url": "URL",
  "usage": "使用容量",
  "use_biometric": "生体認証をご利用ください",
--- a/i18n/ru.json
+++ b/i18n/ru.json
@@ -35,7 +35,7 @@
  "add_url": "Добавить URL",
  "added_to_archive": "Добавлено в архив",
  "added_to_favorites": "Добавлено в избранное",
-  "added_to_favorites_count": "{count, plural, one {# объект добавлен} many {# объектов добавлено} other {# объекта добавлено}} в избранное",
+  "added_to_favorites_count": "Добавлено{count, number} в избранное",
  "admin": {
    "add_exclusion_pattern_description": "Добавьте шаблоны исключений. Поддерживаются символы подстановки *, ** и ?. Чтобы игнорировать все файлы в любом каталоге с именем \"Raw\", укажите \"**/Raw/**\". Чтобы игнорировать все файлы, заканчивающиеся на \".tif\", используйте \"**/*.tif\". Чтобы игнорировать путь целиком, укажите \"/path/to/ignore/**\".",
    "admin_user": "Администратор",
@@ -448,7 +448,7 @@
  "all_albums": "Все альбомы",
  "all_people": "Все люди",
  "all_videos": "Все видео",
-  "allow_dark_mode": "Разрешить тёмный режим",
+  "allow_dark_mode": "Разрешить темный режим",
  "allow_edits": "Разрешить редактирование",
  "allow_public_user_to_download": "Разрешить скачивание",
  "allow_public_user_to_upload": "Разрешить добавление файлов",
@@ -1112,14 +1112,14 @@
  "home_page_add_to_album_conflicts": "Добавлено {added} медиа в альбом {album}. {failed} медиа уже в альбоме.",
  "home_page_add_to_album_err_local": "Пока нельзя добавлять локальные объекты в альбомы, пропуск",
  "home_page_add_to_album_success": "Добавлено {added} медиа в альбом {album}.",
-  "home_page_album_err_partner": "Невозможно добавить объекты партнёра в альбом, пропуск",
+  "home_page_album_err_partner": "Пока нельзя добавить медиа партнера в альбом, пропуск",
  "home_page_archive_err_local": "Пока нельзя добавить локальные файлы в архив, пропуск",
-  "home_page_archive_err_partner": "Невозможно добавить объекты партнёра в архив, пропуск",
+  "home_page_archive_err_partner": "Невозможно архивировать медиа партнера, пропуск",
  "home_page_building_timeline": "Построение хронологии",
-  "home_page_delete_err_partner": "Невозможно удалить объекты партнёра, пропуск",
+  "home_page_delete_err_partner": "Невозможно удалить медиа партнера, пропуск",
  "home_page_delete_remote_err_local": "Невозможно удалить локальные файлы с сервера, пропуск",
  "home_page_favorite_err_local": "Пока нельзя добавить в избранное локальные файлы, пропуск",
-  "home_page_favorite_err_partner": "Невозможно добавить объекты партнёра в избранное, пропуск",
+  "home_page_favorite_err_partner": "Пока нельзя добавить в избранное медиа партнера, пропуск",
  "home_page_first_time_notice": "Перед началом использования приложения выберите альбом с объектами для резервного копирования, чтобы они отобразились на временной шкале",
  "home_page_locked_error_local": "Невозможно переместить локальные объекты в личную папку, пропуск",
  "home_page_locked_error_partner": "Невозможно переместить объекты партнёра в личную папку, пропуск",
@@ -1154,8 +1154,8 @@
  "in_albums": "В {count, plural, one {# альбоме} other {# альбомах}}",
  "in_archive": "В архиве",
  "include_archived": "Отображать архив",
-  "include_shared_albums": "Включать объекты общих альбомов",
-  "include_shared_partner_assets": "Включать объекты партнёров",
+  "include_shared_albums": "Включать общие альбомы",
+  "include_shared_partner_assets": "Включать общие ресурсы партнера",
  "individual_share": "Индивидуальная подборка",
  "individual_shares": "Подборки",
  "info": "Информация",
@@ -1367,7 +1367,7 @@
  "no_duplicates_found": "Дубликатов не обнаружено.",
  "no_exif_info_available": "Нет доступной информации exif",
  "no_explore_results_message": "Загружайте больше фотографий, чтобы наслаждаться вашей коллекцией.",
-  "no_favorites_message": "Добавляйте объекты в избранное, чтобы быстрее находить свои лучшие фото и видео",
+  "no_favorites_message": "Добавляйте в избранное, чтобы быстро найти свои лучшие фотографии и видео",
  "no_libraries_message": "Создайте внешнюю библиотеку для просмотра в Immich сторонних фотографий и видео",
  "no_locked_photos_message": "Фото и видео, перемещенные в личную папку, скрыты и не отображаются при просмотре библиотеки.",
  "no_name": "Нет имени",
@@ -1422,18 +1422,18 @@
  "other_variables": "Другие переменные",
  "owned": "Мои",
  "owner": "Владелец",
-  "partner": "Партнёр",
-  "partner_can_access": "Пользователю {partner} доступны",
-  "partner_can_access_assets": "Все ваши фото и видео, кроме тех, что находятся в архиве и корзине",
-  "partner_can_access_location": "Места, где были сделаны ваши фото и видео",
-  "partner_list_user_photos": "Фото и видео пользователя {user}",
+  "partner": "Партнер",
+  "partner_can_access": "{partner} имеет доступ",
+  "partner_can_access_assets": "Все ваши фотографии и видеозаписи, кроме тех, которые находятся в Архиве и Корзине",
+  "partner_can_access_location": "Местоположение, где были сделаны ваши фотографии",
+  "partner_list_user_photos": "Фотографии пользователя {user}",
  "partner_list_view_all": "Посмотреть все",
-  "partner_page_empty_message": "Вы пока никому из партнёров не предоставили доступ к своим фото и видео.",
+  "partner_page_empty_message": "У вашего партнёра еще нет доступа к вашим фото.",
  "partner_page_no_more_users": "Выбраны все доступные пользователи",
  "partner_page_partner_add_failed": "Не удалось добавить партнёра",
  "partner_page_select_partner": "Выбрать партнёра",
  "partner_page_shared_to_title": "Поделиться с...",
-  "partner_page_stop_sharing_content": "Пользователь {partner} больше не будет иметь доступ к вашим фото и видео.",
+  "partner_page_stop_sharing_content": "Пользователь {partner} больше не сможет получить доступ к вашим фото.",
  "partner_sharing": "Совместное использование",
  "partners": "Партнёры",
  "password": "Пароль",
@@ -1796,7 +1796,7 @@
  "shared_by": "Поделился",
  "shared_by_user": "Владелец: {user}",
  "shared_by_you": "Вы поделились",
-  "shared_from_partner": "Пользователь {partner} предоставил вам доступ",
+  "shared_from_partner": "Фото и видео пользователя {partner}",
  "shared_intent_upload_button_progress_text": "{current} / {total} Загружено",
  "shared_link_app_bar_title": "Публичные ссылки",
  "shared_link_clipboard_copied_massage": "Скопировано в буфер обмена",
@@ -1833,7 +1833,7 @@
  "shared_links_description": "Делитесь фотографиями и видео по ссылке",
  "shared_photos_and_videos_count": "{assetCount, plural, other {# фото и видео.}}",
  "shared_with_me": "Доступные мне",
-  "shared_with_partner": "Вы предоставили доступ пользователю {partner}",
+  "shared_with_partner": "Совместно с {partner}",
  "sharing": "Общие",
  "sharing_enter_password": "Пожалуйста, введите пароль для просмотра этой страницы.",
  "sharing_page_album": "Общие альбомы",
@@ -1851,7 +1851,7 @@
  "show_gallery": "Показать галерею",
  "show_hidden_people": "Показать скрытых людей",
  "show_in_timeline": "Показать на временной шкале",
-  "show_in_timeline_setting_description": "Отображать фото и видео этого пользователя на своей временной шкале",
+  "show_in_timeline_setting_description": "Отображать фото и видео этого пользователя в своей ленте",
  "show_keyboard_shortcuts": "Показать сочетания клавиш",
  "show_metadata": "Показывать метаданные",
  "show_or_hide_info": "Показать или скрыть информацию",
@@ -1897,9 +1897,9 @@
  "status": "Состояние",
  "stop_casting": "Остановить трансляцию",
  "stop_motion_photo": "Покадровая анимация",
-  "stop_photo_sharing": "Закрыть доступ партнёру?",
+  "stop_photo_sharing": "Закрыть доступ партнёра к вашим фото?",
  "stop_photo_sharing_description": "Пользователь {partner} больше не имеет доступа к вашим фотографиям.",
-  "stop_sharing_photos_with_user": "Прекратить делиться своими фото и видео с этим пользователем",
+  "stop_sharing_photos_with_user": "Прекратить делиться своими фотографиями с этим пользователем",
  "storage": "Хранилище",
  "storage_label": "Метка хранилища",
  "storage_quota": "Квота хранилища",
--- a/mobile/android/fastlane/Fastfile
+++ b/mobile/android/fastlane/Fastfile
@@ -35,8 +35,8 @@ platform :android do
      task: 'bundle', 
      build_type: 'Release',
      properties: {
-        "android.injected.version.code" => 3014,
-        "android.injected.version.name" => "1.142.0",
+        "android.injected.version.code" => 3013,
+        "android.injected.version.name" => "1.141.1",
      }
    )
    upload_to_play_store(skip_upload_apk: true, skip_upload_images: true, skip_upload_screenshots: true, aab: '../build/app/outputs/bundle/release/app-release.aab')
--- a/mobile/ios/Runner.xcodeproj/project.pbxproj
+++ b/mobile/ios/Runner.xcodeproj/project.pbxproj
@@ -3,7 +3,7 @@
 	archiveVersion = 1;
 	classes = {
 	};
-	objectVersion = 54;
+	objectVersion = 77;
 	objects = {

 /* Begin PBXBuildFile section */
@@ -133,8 +133,6 @@
 /* Begin PBXFileSystemSynchronizedRootGroup section */
 		B2CF7F8C2DDE4EBB00744BF6 /* Sync */ = {
 			isa = PBXFileSystemSynchronizedRootGroup;
-			exceptions = (
-			);
 			path = Sync;
 			sourceTree = "<group>";
 		};
@@ -521,10 +519,14 @@
 			inputFileListPaths = (
 				"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-resources-${CONFIGURATION}-input-files.xcfilelist",
 			);
+			inputPaths = (
+			);
 			name = "[CP] Copy Pods Resources";
 			outputFileListPaths = (
 				"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-resources-${CONFIGURATION}-output-files.xcfilelist",
 			);
+			outputPaths = (
+			);
 			runOnlyForDeploymentPostprocessing = 0;
 			shellPath = /bin/sh;
 			shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-resources.sh\"\n";
@@ -553,10 +555,14 @@
 			inputFileListPaths = (
 				"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-frameworks-${CONFIGURATION}-input-files.xcfilelist",
 			);
+			inputPaths = (
+			);
 			name = "[CP] Embed Pods Frameworks";
 			outputFileListPaths = (
 				"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-frameworks-${CONFIGURATION}-output-files.xcfilelist",
 			);
+			outputPaths = (
+			);
 			runOnlyForDeploymentPostprocessing = 0;
 			shellPath = /bin/sh;
 			shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-frameworks.sh\"\n";
@@ -705,7 +711,7 @@
 				CODE_SIGN_ENTITLEMENTS = Runner/RunnerProfile.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_BITCODE = NO;
@@ -849,7 +855,7 @@
 				CODE_SIGN_ENTITLEMENTS = Runner/Runner.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_BITCODE = NO;
@@ -879,7 +885,7 @@
 				CODE_SIGN_ENTITLEMENTS = Runner/Runner.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_BITCODE = NO;
@@ -913,7 +919,7 @@
 				CODE_SIGN_ENTITLEMENTS = WidgetExtension/WidgetExtension.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
@@ -956,7 +962,7 @@
 				CODE_SIGN_ENTITLEMENTS = WidgetExtension/WidgetExtension.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
@@ -996,7 +1002,7 @@
 				CODE_SIGN_ENTITLEMENTS = WidgetExtension/WidgetExtension.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
@@ -1035,7 +1041,7 @@
 				CODE_SIGN_ENTITLEMENTS = ShareExtension/ShareExtension.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
@@ -1079,7 +1085,7 @@
 				CODE_SIGN_ENTITLEMENTS = ShareExtension/ShareExtension.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
@@ -1120,7 +1126,7 @@
 				CODE_SIGN_ENTITLEMENTS = ShareExtension/ShareExtension.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 223;
+				CURRENT_PROJECT_VERSION = 219;
 				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
--- a/mobile/ios/Runner/Info.plist
+++ b/mobile/ios/Runner/Info.plist
@@ -80,7 +80,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.142.0</string>
+	<string>1.140.0</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleURLTypes</key>
@@ -107,7 +107,7 @@
 		</dict>
 	</array>
 	<key>CFBundleVersion</key>
-	<string>223</string>
+	<string>219</string>
 	<key>FLTEnableImpeller</key>
 	<true/>
 	<key>ITSAppUsesNonExemptEncryption</key>
--- a/mobile/ios/fastlane/Fastfile
+++ b/mobile/ios/fastlane/Fastfile
@@ -22,7 +22,7 @@ platform :ios do
      path: "./Runner.xcodeproj",
    )
    increment_version_number(
-      version_number: "1.142.0"
+      version_number: "1.141.1"
    )
    increment_build_number(
      build_number: latest_testflight_build_number + 1,
--- a/mobile/lib/domain/services/background_worker.service.dart
+++ b/mobile/lib/domain/services/background_worker.service.dart
@@ -169,10 +169,7 @@ class BackgroundWorkerBgService extends BackgroundWorkerFlutterApi {
    }

    try {
-      final backgroundSyncManager = _ref.read(backgroundSyncProvider);
      _isCleanedUp = true;
-      _ref.dispose();
-
      _cancellationToken.cancel();
      _logger.info("Cleaning up background worker");
      final cleanupFutures = [
@@ -182,13 +179,14 @@ class BackgroundWorkerBgService extends BackgroundWorkerFlutterApi {
        }),
        _drift.close(),
        _driftLogger.close(),
-        backgroundSyncManager.cancel(),
-        backgroundSyncManager.cancelLocal(),
+        _ref.read(backgroundSyncProvider).cancel(),
+        _ref.read(backgroundSyncProvider).cancelLocal(),
      ];

      if (_isar.isOpen) {
        cleanupFutures.add(_isar.close());
      }
+      _ref.dispose();
      await Future.wait(cleanupFutures);
      _logger.info("Background worker resources cleaned up");
    } catch (error, stack) {
@@ -197,42 +195,35 @@ class BackgroundWorkerBgService extends BackgroundWorkerFlutterApi {
  }

  Future<void> _handleBackup() async {
-    await runZonedGuarded(
-      () async {
-        if (!_isBackupEnabled || _isCleanedUp) {
-          _logger.info("[_handleBackup 1] Backup is disabled. Skipping backup routine");
-          return;
-        }
+    if (!_isBackupEnabled || _isCleanedUp) {
+      _logger.info("[_handleBackup 1] Backup is disabled. Skipping backup routine");
+      return;
+    }

-        _logger.info("[_handleBackup 2] Enqueuing assets for backup from the background service");
+    _logger.info("[_handleBackup 2] Enqueuing assets for backup from the background service");

-        final currentUser = _ref.read(currentUserProvider);
-        if (currentUser == null) {
-          _logger.warning("[_handleBackup 3] No current user found. Skipping backup from background");
-          return;
-        }
+    final currentUser = _ref.read(currentUserProvider);
+    if (currentUser == null) {
+      _logger.warning("[_handleBackup 3] No current user found. Skipping backup from background");
+      return;
+    }

-        _logger.info("[_handleBackup 4] Resume backup from background");
-        if (Platform.isIOS) {
-          return _ref.read(driftBackupProvider.notifier).handleBackupResume(currentUser.id);
-        }
+    _logger.info("[_handleBackup 4] Resume backup from background");
+    if (Platform.isIOS) {
+      return _ref.read(driftBackupProvider.notifier).handleBackupResume(currentUser.id);
+    }

-        final canPing = await _ref.read(serverInfoServiceProvider).ping();
-        if (!canPing) {
-          _logger.warning("[_handleBackup 5] Server is not reachable. Skipping backup from background");
-          return;
-        }
+    final canPing = await _ref.read(serverInfoServiceProvider).ping();
+    if (!canPing) {
+      _logger.warning("[_handleBackup 5] Server is not reachable. Skipping backup from background");
+      return;
+    }

-        final networkCapabilities = await _ref.read(connectivityApiProvider).getCapabilities();
+    final networkCapabilities = await _ref.read(connectivityApiProvider).getCapabilities();

-        return _ref
-            .read(uploadServiceProvider)
-            .startBackupWithHttpClient(currentUser.id, networkCapabilities.hasWifi, _cancellationToken);
-      },
-      (error, stack) {
-        debugPrint("Error in backup zone $error, $stack");
-      },
-    );
+    return _ref
+        .read(uploadServiceProvider)
+        .startBackupWithHttpClient(currentUser.id, networkCapabilities.hasWifi, _cancellationToken);
  }

  Future<void> _syncAssets({Duration? hashTimeout}) async {
--- a/mobile/lib/domain/utils/sync_linked_album.dart
+++ b/mobile/lib/domain/utils/sync_linked_album.dart
@@ -1,10 +1,9 @@
 import 'package:hooks_riverpod/hooks_riverpod.dart';
-import 'package:immich_mobile/domain/models/store.model.dart';
 import 'package:immich_mobile/domain/services/sync_linked_album.service.dart';
-import 'package:immich_mobile/entities/store.entity.dart';
+import 'package:immich_mobile/providers/user.provider.dart';

 Future<void> syncLinkedAlbumsIsolated(ProviderContainer ref) {
-  final user = Store.tryGet(StoreKey.currentUser);
+  final user = ref.read(currentUserProvider);
  if (user == null) {
    return Future.value();
  }
--- a/mobile/lib/infrastructure/repositories/timeline.repository.dart
+++ b/mobile/lib/infrastructure/repositories/timeline.repository.dart
@@ -595,7 +595,7 @@ extension on String {
      GroupAssetsBy.none => throw ArgumentError("GroupAssetsBy.none is not supported for date formatting"),
    };
    try {
-      return DateFormat(format, 'en').parse(this);
+      return DateFormat(format).parse(this);
    } catch (e) {
      throw FormatException("Invalid date format: $this", e);
    }
--- a/mobile/lib/main.dart
+++ b/mobile/lib/main.dart
@@ -46,7 +46,7 @@ void main() async {
  await Bootstrap.initDomain(isar, drift, logDb);
  await initApp();
  // Warm-up isolate pool for worker manager
-  await workerManager.init(dynamicSpawning: true);
+  await workerManager.init(dynamicSpawning: false);
  await migrateDatabaseIfNeeded(isar, drift);
  HttpSSLOptions.apply();

--- a/mobile/lib/services/upload.service.dart
+++ b/mobile/lib/services/upload.service.dart
@@ -17,7 +17,6 @@ import 'package:immich_mobile/providers/app_settings.provider.dart';
 import 'package:immich_mobile/providers/backup/drift_backup.provider.dart';
 import 'package:immich_mobile/providers/infrastructure/asset.provider.dart';
 import 'package:immich_mobile/providers/infrastructure/storage.provider.dart';
-import 'package:immich_mobile/repositories/asset_media.repository.dart';
 import 'package:immich_mobile/repositories/upload.repository.dart';
 import 'package:immich_mobile/services/api.service.dart';
 import 'package:immich_mobile/services/app_settings.service.dart';
@@ -31,7 +30,6 @@ final uploadServiceProvider = Provider((ref) {
    ref.watch(storageRepositoryProvider),
    ref.watch(localAssetRepository),
    ref.watch(appSettingsServiceProvider),
-    ref.watch(assetMediaRepositoryProvider),
  );

  ref.onDispose(service.dispose);
@@ -45,7 +43,6 @@ class UploadService {
    this._storageRepository,
    this._localAssetRepository,
    this._appSettingsService,
-    this._assetMediaRepository,
  ) {
    _uploadRepository.onUploadStatus = _onUploadCallback;
    _uploadRepository.onTaskProgress = _onTaskProgressCallback;
@@ -56,7 +53,6 @@ class UploadService {
  final StorageRepository _storageRepository;
  final DriftLocalAssetRepository _localAssetRepository;
  final AppSettingsService _appSettingsService;
-  final AssetMediaRepository _assetMediaRepository;
  final Logger _logger = Logger('UploadService');

  final StreamController<TaskStatusUpdate> _taskStatusController = StreamController<TaskStatusUpdate>.broadcast();
@@ -325,8 +321,7 @@ class UploadService {
      return null;
    }

-    final fileName = await _assetMediaRepository.getOriginalFilename(asset.id) ?? asset.name;
-    final originalFileName = entity.isLivePhoto ? p.setExtension(fileName, p.extension(file.path)) : fileName;
+    final originalFileName = entity.isLivePhoto ? p.setExtension(asset.name, p.extension(file.path)) : asset.name;

    String metadata = UploadTaskMetadata(
      localAssetId: asset.id,
@@ -364,13 +359,12 @@ class UploadService {
    final fields = {'livePhotoVideoId': livePhotoVideoId};

    final requiresWiFi = _shouldRequireWiFi(asset);
-    final originalFileName = await _assetMediaRepository.getOriginalFilename(asset.id) ?? asset.name;

    return buildUploadTask(
      file,
      createdAt: asset.createdAt,
      modifiedAt: asset.updatedAt,
-      originalFileName: originalFileName,
+      originalFileName: asset.name,
      deviceAssetId: asset.id,
      fields: fields,
      group: kBackupLivePhotoGroup,
--- a/mobile/lib/utils/isolate.dart
+++ b/mobile/lib/utils/isolate.dart
@@ -31,62 +31,55 @@ Cancelable<T?> runInIsolateGentle<T>({
  }

  return workerManager.executeGentle((cancelledChecker) async {
-    await runZonedGuarded(
-      () async {
-        BackgroundIsolateBinaryMessenger.ensureInitialized(token);
-        DartPluginRegistrant.ensureInitialized();
+    BackgroundIsolateBinaryMessenger.ensureInitialized(token);
+    DartPluginRegistrant.ensureInitialized();

-        final (isar, drift, logDb) = await Bootstrap.initDB();
-        await Bootstrap.initDomain(isar, drift, logDb, shouldBufferLogs: false);
-        final ref = ProviderContainer(
-          overrides: [
-            // TODO: Remove once isar is removed
-            dbProvider.overrideWithValue(isar),
-            isarProvider.overrideWithValue(isar),
-            cancellationProvider.overrideWithValue(cancelledChecker),
-            driftProvider.overrideWith(driftOverride(drift)),
-          ],
-        );
-
-        Logger log = Logger("IsolateLogger");
-
-        try {
-          HttpSSLOptions.apply(applyNative: false);
-          return await computation(ref);
-        } on CanceledError {
-          log.warning("Computation cancelled ${debugLabel == null ? '' : ' for $debugLabel'}");
-        } catch (error, stack) {
-          log.severe("Error in runInIsolateGentle ${debugLabel == null ? '' : ' for $debugLabel'}", error, stack);
-        } finally {
-          try {
-            ref.dispose();
-
-            await LogService.I.dispose();
-            await logDb.close();
-            await drift.close();
-
-            // Close Isar safely
-            try {
-              if (isar.isOpen) {
-                await isar.close();
-              }
-            } catch (e) {
-              debugPrint("Error closing Isar: $e");
-            }
-          } catch (error, stack) {
-            debugPrint("Error closing resources in isolate: $error, $stack");
-          } finally {
-            ref.dispose();
-            // Delay to ensure all resources are released
-            await Future.delayed(const Duration(seconds: 2));
-          }
-        }
-        return null;
-      },
-      (error, stack) {
-        debugPrint("Error in isolate zone: $error, $stack");
-      },
+    final (isar, drift, logDb) = await Bootstrap.initDB();
+    await Bootstrap.initDomain(isar, drift, logDb, shouldBufferLogs: false);
+    final ref = ProviderContainer(
+      overrides: [
+        // TODO: Remove once isar is removed
+        dbProvider.overrideWithValue(isar),
+        isarProvider.overrideWithValue(isar),
+        cancellationProvider.overrideWithValue(cancelledChecker),
+        driftProvider.overrideWith(driftOverride(drift)),
+      ],
    );
+
+    Logger log = Logger("IsolateLogger");
+
+    try {
+      HttpSSLOptions.apply(applyNative: false);
+      return await computation(ref);
+    } on CanceledError {
+      log.warning("Computation cancelled ${debugLabel == null ? '' : ' for $debugLabel'}");
+    } catch (error, stack) {
+      log.severe("Error in runInIsolateGentle ${debugLabel == null ? '' : ' for $debugLabel'}", error, stack);
+    } finally {
+      try {
+        await LogService.I.dispose();
+        await logDb.close();
+        await ref.read(driftProvider).close();
+
+        // Close Isar safely
+        try {
+          final isar = ref.read(isarProvider);
+          if (isar.isOpen) {
+            await isar.close();
+          }
+        } catch (e) {
+          debugPrint("Error closing Isar: $e");
+        }
+
+        ref.dispose();
+      } catch (error, stack) {
+        debugPrint("Error closing resources in isolate: $error, $stack");
+      } finally {
+        ref.dispose();
+        // Delay to ensure all resources are released
+        await Future.delayed(const Duration(seconds: 2));
+      }
+    }
    return null;
  });
 }
--- a/mobile/openapi/README.md
+++ b/mobile/openapi/README.md
@@ -3,7 +3,7 @@ Immich API

 This Dart package is automatically generated by the [OpenAPI Generator](https://openapi-generator.tech) project:

- API version: 1.142.0
+- API version: 1.141.1
 - Generator version: 7.8.0
 - Build package: org.openapitools.codegen.languages.DartClientCodegen

@@ -297,6 +297,7 @@ Class | Method | HTTP request | Description
 - [APIKeyCreateResponseDto](doc//APIKeyCreateResponseDto.md)
 - [APIKeyResponseDto](doc//APIKeyResponseDto.md)
 - [APIKeyUpdateDto](doc//APIKeyUpdateDto.md)
+ - [AccessHint](doc//AccessHint.md)
 - [ActivityCreateDto](doc//ActivityCreateDto.md)
 - [ActivityResponseDto](doc//ActivityResponseDto.md)
 - [ActivityStatisticsResponseDto](doc//ActivityStatisticsResponseDto.md)
--- a/mobile/openapi/lib/api.dart
+++ b/mobile/openapi/lib/api.dart
@@ -68,6 +68,7 @@ part 'model/api_key_create_dto.dart';
 part 'model/api_key_create_response_dto.dart';
 part 'model/api_key_response_dto.dart';
 part 'model/api_key_update_dto.dart';
+part 'model/access_hint.dart';
 part 'model/activity_create_dto.dart';
 part 'model/activity_response_dto.dart';
 part 'model/activity_statistics_response_dto.dart';
--- a/mobile/openapi/lib/api/assets_api.dart
+++ b/mobile/openapi/lib/api/assets_api.dart
@@ -1247,12 +1247,14 @@ class AssetsApi {
  ///
  /// * [String] id (required):
  ///
+  /// * [AccessHint] hint:
+  ///
  /// * [String] key:
  ///
  /// * [AssetMediaSize] size:
  ///
  /// * [String] slug:
-  Future<Response> viewAssetWithHttpInfo(String id, { String? key, AssetMediaSize? size, String? slug, }) async {
+  Future<Response> viewAssetWithHttpInfo(String id, { AccessHint? hint, String? key, AssetMediaSize? size, String? slug, }) async {
    // ignore: prefer_const_declarations
    final apiPath = r'/assets/{id}/thumbnail'
      .replaceAll('{id}', id);
@@ -1264,6 +1266,9 @@ class AssetsApi {
    final headerParams = <String, String>{};
    final formParams = <String, String>{};

+    if (hint != null) {
+      queryParams.addAll(_queryParams('', 'hint', hint));
+    }
    if (key != null) {
      queryParams.addAll(_queryParams('', 'key', key));
    }
@@ -1294,13 +1299,15 @@ class AssetsApi {
  ///
  /// * [String] id (required):
  ///
+  /// * [AccessHint] hint:
+  ///
  /// * [String] key:
  ///
  /// * [AssetMediaSize] size:
  ///
  /// * [String] slug:
-  Future<MultipartFile?> viewAsset(String id, { String? key, AssetMediaSize? size, String? slug, }) async {
-    final response = await viewAssetWithHttpInfo(id,  key: key, size: size, slug: slug, );
+  Future<MultipartFile?> viewAsset(String id, { AccessHint? hint, String? key, AssetMediaSize? size, String? slug, }) async {
+    final response = await viewAssetWithHttpInfo(id,  hint: hint, key: key, size: size, slug: slug, );
    if (response.statusCode >= HttpStatus.badRequest) {
      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
    }
--- a/mobile/openapi/lib/api_client.dart
+++ b/mobile/openapi/lib/api_client.dart
@@ -190,6 +190,8 @@ class ApiClient {
          return APIKeyResponseDto.fromJson(value);
        case 'APIKeyUpdateDto':
          return APIKeyUpdateDto.fromJson(value);
+        case 'AccessHint':
+          return AccessHintTypeTransformer().decode(value);
        case 'ActivityCreateDto':
          return ActivityCreateDto.fromJson(value);
        case 'ActivityResponseDto':
--- a/mobile/openapi/lib/api_helper.dart
+++ b/mobile/openapi/lib/api_helper.dart
@@ -55,6 +55,9 @@ String parameterToString(dynamic value) {
  if (value is DateTime) {
    return value.toUtc().toIso8601String();
  }
+  if (value is AccessHint) {
+    return AccessHintTypeTransformer().encode(value).toString();
+  }
  if (value is AlbumUserRole) {
    return AlbumUserRoleTypeTransformer().encode(value).toString();
  }
--- a/mobile/openapi/lib/model/access_hint.dart
+++ b/mobile/openapi/lib/model/access_hint.dart
@@ -0,0 +1,91 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+
+class AccessHint {
+  /// Instantiate a new enum with the provided [value].
+  const AccessHint._(this.value);
+
+  /// The underlying value of this enum member.
+  final String value;
+
+  @override
+  String toString() => value;
+
+  String toJson() => value;
+
+  static const owner = AccessHint._(r'owner');
+  static const album = AccessHint._(r'album');
+  static const partner = AccessHint._(r'partner');
+  static const sharedLink = AccessHint._(r'sharedLink');
+
+  /// List of all possible values in this [enum][AccessHint].
+  static const values = <AccessHint>[
+    owner,
+    album,
+    partner,
+    sharedLink,
+  ];
+
+  static AccessHint? fromJson(dynamic value) => AccessHintTypeTransformer().decode(value);
+
+  static List<AccessHint> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <AccessHint>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = AccessHint.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+}
+
+/// Transformation class that can [encode] an instance of [AccessHint] to String,
+/// and [decode] dynamic data back to [AccessHint].
+class AccessHintTypeTransformer {
+  factory AccessHintTypeTransformer() => _instance ??= const AccessHintTypeTransformer._();
+
+  const AccessHintTypeTransformer._();
+
+  String encode(AccessHint data) => data.value;
+
+  /// Decodes a [dynamic value][data] to a AccessHint.
+  ///
+  /// If [allowNull] is true and the [dynamic value][data] cannot be decoded successfully,
+  /// then null is returned. However, if [allowNull] is false and the [dynamic value][data]
+  /// cannot be decoded successfully, then an [UnimplementedError] is thrown.
+  ///
+  /// The [allowNull] is very handy when an API changes and a new enum value is added or removed,
+  /// and users are still using an old app with the old code.
+  AccessHint? decode(dynamic data, {bool allowNull = true}) {
+    if (data != null) {
+      switch (data) {
+        case r'owner': return AccessHint.owner;
+        case r'album': return AccessHint.album;
+        case r'partner': return AccessHint.partner;
+        case r'sharedLink': return AccessHint.sharedLink;
+        default:
+          if (!allowNull) {
+            throw ArgumentError('Unknown enum value to decode: $data');
+          }
+      }
+    }
+    return null;
+  }
+
+  /// Singleton [AccessHintTypeTransformer] instance.
+  static AccessHintTypeTransformer? _instance;
+}
+
--- a/mobile/pubspec.yaml
+++ b/mobile/pubspec.yaml
@@ -2,7 +2,7 @@ name: immich_mobile
 description: Immich - selfhosted backup media file on mobile phone

 publish_to: 'none'
-version: 1.142.0+3014
+version: 1.141.1+3013

 environment:
  sdk: '>=3.8.0 <4.0.0'
--- a/open-api/immich-openapi-specs.json
+++ b/open-api/immich-openapi-specs.json
@@ -2583,6 +2583,14 @@
      "get": {
        "operationId": "viewAsset",
        "parameters": [
+          {
+            "name": "hint",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "$ref": "#/components/schemas/AccessHint"
+            }
+          },
          {
            "name": "id",
            "required": true,
@@ -9858,7 +9866,7 @@
  "info": {
    "title": "Immich",
    "description": "Immich API",
-    "version": "1.142.0",
+    "version": "1.141.1",
    "contact": {}
  },
  "tags": [],
@@ -9967,6 +9975,15 @@
        },
        "type": "object"
      },
+      "AccessHint": {
+        "enum": [
+          "owner",
+          "album",
+          "partner",
+          "sharedLink"
+        ],
+        "type": "string"
+      },
      "ActivityCreateDto": {
        "properties": {
          "albumId": {
--- a/open-api/typescript-sdk/package.json
+++ b/open-api/typescript-sdk/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/sdk",
-  "version": "1.142.0",
+  "version": "1.141.1",
  "description": "Auto-generated TypeScript SDK for the Immich API",
  "type": "module",
  "main": "./build/index.js",
--- a/open-api/typescript-sdk/src/fetch-client.ts
+++ b/open-api/typescript-sdk/src/fetch-client.ts
@@ -1,6 +1,6 @@
 /**
 * Immich
- * 1.142.0
+ * 1.141.1
 * DO NOT MODIFY - This file has been generated using oazapfts.
 * See https://www.npmjs.com/package/oazapfts
 */
@@ -2391,7 +2391,8 @@ export function replaceAsset({ id, key, slug, assetMediaReplaceDto }: {
 /**
 * This endpoint requires the `asset.view` permission.
 */
-export function viewAsset({ id, key, size, slug }: {
+export function viewAsset({ hint, id, key, size, slug }: {
+    hint?: AccessHint;
    id: string;
    key?: string;
    size?: AssetMediaSize;
@@ -2401,6 +2402,7 @@ export function viewAsset({ id, key, size, slug }: {
        status: 200;
        data: Blob;
    }>(`/assets/${encodeURIComponent(id)}/thumbnail${QS.query(QS.explode({
+        hint,
        key,
        size,
        slug
@@ -4842,6 +4844,12 @@ export enum AssetJobName {
    RegenerateThumbnail = "regenerate-thumbnail",
    TranscodeVideo = "transcode-video"
 }
+export enum AccessHint {
+    Owner = "owner",
+    Album = "album",
+    Partner = "partner",
+    SharedLink = "sharedLink"
+}
 export enum AssetMediaSize {
    Fullsize = "fullsize",
    Preview = "preview",
--- a/server/package.json
+++ b/server/package.json
@@ -1,6 +1,6 @@
 {
  "name": "immich",
-  "version": "1.142.0",
+  "version": "1.141.1",
  "description": "",
  "author": "",
  "private": true,
--- a/server/src/dtos/asset-media.dto.ts
+++ b/server/src/dtos/asset-media.dto.ts
@@ -3,7 +3,7 @@ import { ApiProperty } from '@nestjs/swagger';
 import { plainToInstance, Transform, Type } from 'class-transformer';
 import { ArrayNotEmpty, IsArray, IsNotEmpty, IsString, ValidateNested } from 'class-validator';
 import { AssetMetadataUpsertItemDto } from 'src/dtos/asset.dto';
-import { AssetVisibility } from 'src/enum';
+import { AccessHint, AssetVisibility } from 'src/enum';
 import { Optional, ValidateBoolean, ValidateDate, ValidateEnum, ValidateUUID } from 'src/validation';

 export enum AssetMediaSize {
@@ -19,6 +19,9 @@ export enum AssetMediaSize {
 export class AssetMediaOptionsDto {
  @ValidateEnum({ enum: AssetMediaSize, name: 'AssetMediaSize', optional: true })
  size?: AssetMediaSize;
+
+  @ValidateEnum({ enum: AccessHint, name: 'AccessHint', optional: true })
+  hint?: AccessHint;
 }

 export enum UploadFieldName {
--- a/server/src/enum.ts
+++ b/server/src/enum.ts
@@ -753,3 +753,10 @@ export enum CronJob {
  LibraryScan = 'LibraryScan',
  NightlyJobs = 'NightlyJobs',
 }
+
+export enum AccessHint {
+  Owner = 'owner',
+  Album = 'album',
+  Partner = 'partner',
+  SharedLink = 'sharedLink',
+}
--- a/server/src/utils/access.ts
+++ b/server/src/utils/access.ts
@@ -1,7 +1,7 @@
 import { BadRequestException, UnauthorizedException } from '@nestjs/common';
 import { AuthSharedLink } from 'src/database';
 import { AuthDto } from 'src/dtos/auth.dto';
-import { AlbumUserRole, Permission } from 'src/enum';
+import { AccessHint, AlbumUserRole, Permission } from 'src/enum';
 import { AccessRepository } from 'src/repositories/access.repository';
 import { setDifference, setIsEqual, setIsSuperset, setUnion } from 'src/utils/set';

@@ -22,10 +22,11 @@ export type AccessRequest = {
  auth: AuthDto;
  permission: Permission;
  ids: Set<string> | string[];
+  hint?: AccessHint;
 };

 type SharedLinkAccessRequest = { sharedLink: AuthSharedLink; permission: Permission; ids: Set<string> };
-type OtherAccessRequest = { auth: AuthDto; permission: Permission; ids: Set<string> };
+type OtherAccessRequest = { auth: AuthDto; permission: Permission; ids: Set<string>; hint?: AccessHint };

 export const requireUploadAccess = (auth: AuthDto | null): AuthDto => {
  if (!auth || (auth.sharedLink && !auth.sharedLink.allowUpload)) {
@@ -43,7 +44,7 @@ export const requireAccess = async (access: AccessRepository, request: AccessReq

 export const checkAccess = async (
  access: AccessRepository,
-  { ids, auth, permission }: AccessRequest,
+  { ids, auth, permission, hint }: AccessRequest,
 ): Promise<Set<string>> => {
  const idSet = Array.isArray(ids) ? new Set(ids) : ids;
  if (idSet.size === 0) {
@@ -52,7 +53,7 @@ export const checkAccess = async (

  return auth.sharedLink
    ? checkSharedLinkAccess(access, { sharedLink: auth.sharedLink, permission, ids: idSet })
-    : checkOtherAccess(access, { auth, permission, ids: idSet });
+    : checkOtherAccess(access, { auth, permission, ids: idSet, hint });
 };

 const checkSharedLinkAccess = async (
@@ -102,8 +103,38 @@ const checkSharedLinkAccess = async (
  }
 };

+const safeMoveToFront = <T>(array: T[], index: number) => {
+  if (index <= 0 || index >= array.length) {
+    return;
+  }
+
+  const [item] = array.splice(index, 1);
+  array.unshift(item);
+};
+
+type CheckFn = (ids: Set<string>) => Promise<Set<string>>;
+const checkAll = async (ids: Set<string>, checks: Partial<Record<AccessHint, CheckFn>>, hint?: AccessHint) => {
+  let grantedIds = new Set<string>();
+
+  const items = Object.values(checks);
+  if (hint && checks[hint]) {
+    safeMoveToFront(items, items.indexOf(checks[hint]));
+  }
+
+  for (const check of items) {
+    if (ids.size === 0) {
+      break;
+    }
+    const approvedIds = await check(ids);
+    grantedIds = setUnion(grantedIds, approvedIds);
+    ids = setDifference(ids, approvedIds);
+  }
+
+  return grantedIds;
+};
+
 const checkOtherAccess = async (access: AccessRepository, request: OtherAccessRequest): Promise<Set<string>> => {
-  const { auth, permission, ids } = request;
+  const { auth, permission, ids, hint } = request;

  switch (permission) {
    // uses album id
@@ -113,96 +144,118 @@ const checkOtherAccess = async (access: AccessRepository, request: OtherAccessRe

    // uses activity id
    case Permission.ActivityDelete: {
-      const isOwner = await access.activity.checkOwnerAccess(auth.user.id, ids);
-      const isAlbumOwner = await access.activity.checkAlbumOwnerAccess(auth.user.id, setDifference(ids, isOwner));
-      return setUnion(isOwner, isAlbumOwner);
+      return checkAll(
+        ids,
+        {
+          [AccessHint.Owner]: (ids) => access.activity.checkOwnerAccess(auth.user.id, ids),
+          [AccessHint.Album]: (ids) => access.activity.checkAlbumOwnerAccess(auth.user.id, ids),
+        },
+        hint,
+      );
    }

    case Permission.AssetRead: {
-      const isOwner = await access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission);
-      const isAlbum = await access.asset.checkAlbumAccess(auth.user.id, setDifference(ids, isOwner));
-      const isPartner = await access.asset.checkPartnerAccess(auth.user.id, setDifference(ids, isOwner, isAlbum));
-      return setUnion(isOwner, isAlbum, isPartner);
+      return checkAll(
+        ids,
+        {
+          [AccessHint.Owner]: (ids) =>
+            access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission),
+          [AccessHint.Album]: (ids) => access.asset.checkAlbumAccess(auth.user.id, ids),
+          [AccessHint.Partner]: (ids) => access.asset.checkPartnerAccess(auth.user.id, ids),
+        },
+        hint,
+      );
    }

    case Permission.AssetShare: {
-      const isOwner = await access.asset.checkOwnerAccess(auth.user.id, ids, false);
-      const isPartner = await access.asset.checkPartnerAccess(auth.user.id, setDifference(ids, isOwner));
-      return setUnion(isOwner, isPartner);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.asset.checkOwnerAccess(auth.user.id, ids, false),
+        [AccessHint.Partner]: (ids) => access.asset.checkPartnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.AssetView: {
-      const isOwner = await access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission);
-      const isAlbum = await access.asset.checkAlbumAccess(auth.user.id, setDifference(ids, isOwner));
-      const isPartner = await access.asset.checkPartnerAccess(auth.user.id, setDifference(ids, isOwner, isAlbum));
-      return setUnion(isOwner, isAlbum, isPartner);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) =>
+          access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission),
+        [AccessHint.Album]: (ids) => access.asset.checkAlbumAccess(auth.user.id, ids),
+        [AccessHint.Partner]: (ids) => access.asset.checkPartnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.AssetDownload: {
-      const isOwner = await access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission);
-      const isAlbum = await access.asset.checkAlbumAccess(auth.user.id, setDifference(ids, isOwner));
-      const isPartner = await access.asset.checkPartnerAccess(auth.user.id, setDifference(ids, isOwner, isAlbum));
-      return setUnion(isOwner, isAlbum, isPartner);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) =>
+          access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission),
+        [AccessHint.Album]: (ids) => access.asset.checkAlbumAccess(auth.user.id, ids),
+        [AccessHint.Partner]: (ids) => access.asset.checkPartnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.AssetUpdate: {
-      return await access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) =>
+          access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission),
+      });
    }

    case Permission.AssetDelete: {
-      return await access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) =>
+          access.asset.checkOwnerAccess(auth.user.id, ids, auth.session?.hasElevatedPermission),
+      });
    }

    case Permission.AlbumRead: {
-      const isOwner = await access.album.checkOwnerAccess(auth.user.id, ids);
-      const isShared = await access.album.checkSharedAlbumAccess(
-        auth.user.id,
-        setDifference(ids, isOwner),
-        AlbumUserRole.Viewer,
+      return checkAll(
+        ids,
+        {
+          [AccessHint.Owner]: (ids) => access.album.checkOwnerAccess(auth.user.id, ids),
+          [AccessHint.Album]: (ids) => access.album.checkSharedAlbumAccess(auth.user.id, ids, AlbumUserRole.Viewer),
+        },
+        hint,
      );
-      return setUnion(isOwner, isShared);
    }

    case Permission.AlbumAssetCreate: {
-      const isOwner = await access.album.checkOwnerAccess(auth.user.id, ids);
-      const isShared = await access.album.checkSharedAlbumAccess(
-        auth.user.id,
-        setDifference(ids, isOwner),
-        AlbumUserRole.Editor,
-      );
-      return setUnion(isOwner, isShared);
-    }
-
-    case Permission.AlbumUpdate: {
-      return await access.album.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.album.checkOwnerAccess(auth.user.id, ids),
+        [AccessHint.Album]: (ids) => access.album.checkSharedAlbumAccess(auth.user.id, ids, AlbumUserRole.Editor),
+      });
    }

+    case Permission.AlbumShare:
+    case Permission.AlbumUpdate:
    case Permission.AlbumDelete: {
-      return await access.album.checkOwnerAccess(auth.user.id, ids);
-    }
-
-    case Permission.AlbumShare: {
-      return await access.album.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(
+        ids,
+        {
+          [AccessHint.Owner]: (ids) => access.album.checkOwnerAccess(auth.user.id, ids),
+        },
+        hint,
+      );
    }

    case Permission.AlbumDownload: {
-      const isOwner = await access.album.checkOwnerAccess(auth.user.id, ids);
-      const isShared = await access.album.checkSharedAlbumAccess(
-        auth.user.id,
-        setDifference(ids, isOwner),
-        AlbumUserRole.Viewer,
+      return checkAll(
+        ids,
+        {
+          [AccessHint.Owner]: (ids) => access.album.checkOwnerAccess(auth.user.id, ids),
+          [AccessHint.Album]: (ids) => access.album.checkSharedAlbumAccess(auth.user.id, ids, AlbumUserRole.Viewer),
+        },
+        hint,
      );
-      return setUnion(isOwner, isShared);
    }

    case Permission.AlbumAssetDelete: {
-      const isOwner = await access.album.checkOwnerAccess(auth.user.id, ids);
-      const isShared = await access.album.checkSharedAlbumAccess(
-        auth.user.id,
-        setDifference(ids, isOwner),
-        AlbumUserRole.Editor,
+      return checkAll(
+        ids,
+        {
+          [AccessHint.Owner]: (ids) => access.album.checkOwnerAccess(auth.user.id, ids),
+          [AccessHint.Album]: (ids) => access.album.checkSharedAlbumAccess(auth.user.id, ids, AlbumUserRole.Editor),
+        },
+        hint,
      );
-      return setUnion(isOwner, isShared);
    }

    case Permission.AssetUpload: {
@@ -214,24 +267,36 @@ const checkOtherAccess = async (access: AccessRepository, request: OtherAccessRe
    }

    case Permission.AuthDeviceDelete: {
-      return await access.authDevice.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(
+        ids,
+        {
+          [AccessHint.Owner]: (ids) => access.authDevice.checkOwnerAccess(auth.user.id, ids),
+        },
+        hint,
+      );
    }

    case Permission.FaceDelete: {
-      return access.person.checkFaceOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.person.checkFaceOwnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.NotificationRead:
    case Permission.NotificationUpdate:
    case Permission.NotificationDelete: {
-      return access.notification.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.notification.checkOwnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.TagAsset:
    case Permission.TagRead:
    case Permission.TagUpdate:
    case Permission.TagDelete: {
-      return await access.tag.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.tag.checkOwnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.TimelineRead: {
@@ -244,54 +309,56 @@ const checkOtherAccess = async (access: AccessRepository, request: OtherAccessRe
      return ids.has(auth.user.id) ? new Set([auth.user.id]) : new Set();
    }

-    case Permission.MemoryRead: {
-      return access.memory.checkOwnerAccess(auth.user.id, ids);
-    }
-
-    case Permission.MemoryUpdate: {
-      return access.memory.checkOwnerAccess(auth.user.id, ids);
-    }
-
+    case Permission.MemoryRead:
+    case Permission.MemoryUpdate:
    case Permission.MemoryDelete: {
-      return access.memory.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.memory.checkOwnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.PersonCreate: {
-      return access.person.checkFaceOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.person.checkFaceOwnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.PersonRead:
    case Permission.PersonUpdate:
    case Permission.PersonDelete:
    case Permission.PersonMerge: {
-      return await access.person.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.person.checkOwnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.PersonReassign: {
-      return access.person.checkFaceOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.person.checkFaceOwnerAccess(auth.user.id, ids),
+      });
    }

    case Permission.PartnerUpdate: {
-      return await access.partner.checkUpdateAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.partner.checkUpdateAccess(auth.user.id, ids),
+      });
    }

    case Permission.SessionRead:
    case Permission.SessionUpdate:
    case Permission.SessionDelete:
    case Permission.SessionLock: {
-      return access.session.checkOwnerAccess(auth.user.id, ids);
-    }
-
-    case Permission.StackRead: {
-      return access.stack.checkOwnerAccess(auth.user.id, ids);
-    }
-
-    case Permission.StackUpdate: {
-      return access.stack.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.session.checkOwnerAccess(auth.user.id, ids),
+      });
    }

+    case Permission.StackRead:
+    case Permission.StackUpdate:
    case Permission.StackDelete: {
-      return access.stack.checkOwnerAccess(auth.user.id, ids);
+      return checkAll(ids, {
+        [AccessHint.Owner]: (ids) => access.stack.checkOwnerAccess(auth.user.id, ids),
+      });
    }

    default: {
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
  "name": "immich-web",
-  "version": "1.142.0",
+  "version": "1.141.1",
  "license": "GNU Affero General Public License version 3",
  "type": "module",
  "scripts": {
--- a/web/src/lib/components/assets/thumbnail/thumbnail.svelte
+++ b/web/src/lib/components/assets/thumbnail/thumbnail.svelte
@@ -5,7 +5,7 @@
  import { getAssetPlaybackUrl, getAssetThumbnailUrl } from '$lib/utils';
  import { timeToSeconds } from '$lib/utils/date-time';
  import { getAltText } from '$lib/utils/thumbnail-util';
-  import { AssetMediaSize, AssetVisibility } from '@immich/sdk';
+  import { AccessHint, AssetMediaSize, AssetVisibility } from '@immich/sdk';
  import {
    mdiArchiveArrowDownOutline,
    mdiCameraBurst,
@@ -20,6 +20,7 @@
  import { authManager } from '$lib/managers/auth-manager.svelte';
  import type { TimelineAsset } from '$lib/managers/timeline-manager/types';
  import { mobileDevice } from '$lib/stores/mobile-device.svelte';
+  import { user } from '$lib/stores/user.store';
  import { moveFocus } from '$lib/utils/focus-util';
  import { currentUrlReplaceAssetId } from '$lib/utils/navigation';
  import { TUNABLES } from '$lib/utils/tunables';
@@ -45,6 +46,7 @@
    imageClass?: ClassValue;
    brokenAssetClass?: ClassValue;
    dimmed?: boolean;
+    hint?: AccessHint;
    onClick?: (asset: TimelineAsset) => void;
    onSelect?: (asset: TimelineAsset) => void;
    onMouseEvent?: (event: { isMouseOver: boolean; selectedGroupIndex: number }) => void;
@@ -69,6 +71,7 @@
    imageClass = '',
    brokenAssetClass = '',
    dimmed = false,
+    hint,
  }: Props = $props();

  let {
@@ -313,7 +316,12 @@
      <ImageThumbnail
        class={imageClass}
        {brokenAssetClass}
-        url={getAssetThumbnailUrl({ id: asset.id, size: AssetMediaSize.Thumbnail, cacheKey: asset.thumbhash })}
+        url={getAssetThumbnailUrl({
+          id: asset.id,
+          size: AssetMediaSize.Thumbnail,
+          cacheKey: asset.thumbhash,
+          hint: asset.ownerId === $user.id ? undefined : hint,
+        })}
        altText={$getAltText(asset)}
        widthStyle="{width}px"
        heightStyle="{height}px"
--- a/web/src/lib/components/photos-page/asset-date-group.svelte
+++ b/web/src/lib/components/photos-page/asset-date-group.svelte
@@ -232,6 +232,7 @@
            disabled={dayGroup.monthGroup.timelineManager.albumAssets.has(asset.id)}
            thumbnailWidth={position.width}
            thumbnailHeight={position.height}
+            hint={timelineManager.hint}
          />
          {#if customLayout}
            {@render customLayout(asset)}
--- a/web/src/lib/components/shared-components/map/map.svelte
+++ b/web/src/lib/components/shared-components/map/map.svelte
@@ -353,7 +353,7 @@
          <div
            class="rounded-full w-[40px] h-[40px] bg-immich-primary text-white flex justify-center items-center font-mono font-bold shadow-lg hover:bg-immich-dark-primary transition-all duration-200 hover:text-immich-dark-bg opacity-90"
          >
-            {feature.properties?.point_count?.toLocaleString()}
+            {feature.properties?.point_count}
          </div>
        {/snippet}
      </MarkerLayer>
--- a/web/src/lib/managers/timeline-manager/timeline-manager.svelte.ts
+++ b/web/src/lib/managers/timeline-manager/timeline-manager.svelte.ts
@@ -1,4 +1,4 @@
-import { AssetOrder, getAssetInfo, getTimeBuckets } from '@immich/sdk';
+import { AccessHint, AssetOrder, getAssetInfo, getTimeBuckets } from '@immich/sdk';

 import { authManager } from '$lib/managers/auth-manager.svelte';

@@ -38,6 +38,7 @@ import type {
 } from './types';

 export class TimelineManager {
+  hint?: AccessHint;
  isInitialized = $state(false);
  months: MonthGroup[] = $state([]);
  topSectionHeight = $state(0);
@@ -97,7 +98,9 @@ export class TimelineManager {
    monthGroup: undefined,
  });

-  constructor() {}
+  constructor(options?: { hint?: AccessHint }) {
+    this.hint = options?.hint;
+  }

  setLayoutOptions({ headerHeight = 48, rowHeight = 235, gap = 12 }: TimelineManagerLayoutOptions) {
    let changed = false;
--- a/web/src/lib/utils.ts
+++ b/web/src/lib/utils.ts
@@ -5,6 +5,7 @@ import { lang } from '$lib/stores/preferences.store';
 import { serverConfig } from '$lib/stores/server-config.store';
 import { handleError } from '$lib/utils/handle-error';
 import {
+  AccessHint,
  AssetJobName,
  AssetMediaSize,
  JobName,
@@ -197,12 +198,14 @@ export const getAssetOriginalUrl = (options: string | AssetUrlOptions) => {
  return createUrl(getAssetOriginalPath(id), { ...authManager.params, c: cacheKey });
 };

-export const getAssetThumbnailUrl = (options: string | (AssetUrlOptions & { size?: AssetMediaSize })) => {
+export const getAssetThumbnailUrl = (
+  options: string | (AssetUrlOptions & { size?: AssetMediaSize; hint?: AccessHint }),
+) => {
  if (typeof options === 'string') {
    options = { id: options };
  }
-  const { id, size, cacheKey } = options;
-  return createUrl(getAssetThumbnailPath(id), { ...authManager.params, size, c: cacheKey });
+  const { id, size, cacheKey, hint } = options;
+  return createUrl(getAssetThumbnailPath(id), { ...authManager.params, size, c: cacheKey, hint });
 };

 export const getAssetPlaybackUrl = (options: string | AssetUrlOptions) => {
--- a/web/src/lib/utils/timeline-util.spec.ts
+++ b/web/src/lib/utils/timeline-util.spec.ts
@@ -1,6 +1,6 @@
 import { locale } from '$lib/stores/preferences.store';
 import { parseUtcDate } from '$lib/utils/date-time';
-import { formatGroupTitle, toISOYearMonthUTC } from '$lib/utils/timeline-util';
+import { formatGroupTitle } from '$lib/utils/timeline-util';
 import { DateTime } from 'luxon';

 describe('formatGroupTitle', () => {
@@ -77,13 +77,3 @@ describe('formatGroupTitle', () => {
    expect(formatGroupTitle(date)).toBe('Invalid DateTime');
  });
 });
-
-describe('toISOYearMonthUTC', () => {
-  it('should prefix year with 0s', () => {
-    expect(toISOYearMonthUTC({ year: 28, month: 1 })).toBe('0028-01-01T00:00:00.000Z');
-  });
-
-  it('should prefix month with 0s', () => {
-    expect(toISOYearMonthUTC({ year: 2025, month: 1 })).toBe('2025-01-01T00:00:00.000Z');
-  });
-});
--- a/web/src/lib/utils/timeline-util.ts
+++ b/web/src/lib/utils/timeline-util.ts
@@ -94,11 +94,8 @@ export const fromTimelinePlainYearMonth = (timelineYearMonth: TimelineYearMonth)
    { zone: 'local', locale: get(locale) },
  ) as DateTime<true>;

-export const toISOYearMonthUTC = ({ year, month }: TimelineYearMonth): string => {
-  const yearFull = `${year}`.padStart(4, '0');
-  const monthFull = `${month}`.padStart(2, '0');
-  return `${yearFull}-${monthFull}-01T00:00:00.000Z`;
-};
+export const toISOYearMonthUTC = ({ year, month }: TimelineYearMonth): string =>
+  `${year}-${month.toString().padStart(2, '0')}-01T00:00:00.000Z`;

 export function formatMonthGroupTitle(_date: DateTime): string {
  if (!_date.isValid) {
--- a/web/src/routes/(user)/albums/[albumId=id]/[[photos=photos]]/[[assetId=id]]/+page.svelte
+++ b/web/src/routes/(user)/albums/[albumId=id]/[[photos=photos]]/[[assetId=id]]/+page.svelte
@@ -59,6 +59,7 @@
    type AssetGridRouteSearchParams,
  } from '$lib/utils/navigation';
  import {
+    AccessHint,
    AlbumUserRole,
    AssetOrder,
    AssetVisibility,
@@ -328,7 +329,7 @@
    }
  });

-  let timelineManager = new TimelineManager();
+  let timelineManager = new TimelineManager({ hint: AccessHint.Album });

  $effect(() => {
    if (viewMode === AlbumPageViewMode.VIEW) {
--- a/web/src/routes/(user)/partners/[userId]/[[photos=photos]]/[[assetId=id]]/+page.svelte
+++ b/web/src/routes/(user)/partners/[userId]/[[photos=photos]]/[[assetId=id]]/+page.svelte
@@ -10,7 +10,7 @@
  import { AppRoute } from '$lib/constants';
  import { TimelineManager } from '$lib/managers/timeline-manager/timeline-manager.svelte';
  import { AssetInteraction } from '$lib/stores/asset-interaction.svelte';
-  import { AssetVisibility } from '@immich/sdk';
+  import { AccessHint, AssetVisibility } from '@immich/sdk';
  import { mdiArrowLeft, mdiPlus } from '@mdi/js';
  import { onDestroy } from 'svelte';
  import { t } from 'svelte-i18n';
@@ -22,7 +22,7 @@

  let { data }: Props = $props();

-  const timelineManager = new TimelineManager();
+  const timelineManager = new TimelineManager({ hint: AccessHint.Partner });
  $effect(
    () =>
      void timelineManager.updateOptions({