mirror of
https://github.com/immich-app/immich.git
synced 2024-12-28 22:51:59 +00:00
Simplify control flow
This commit is contained in:
parent
38cfdea855
commit
7bc3cbf687
1 changed files with 9 additions and 3 deletions
|
@ -644,24 +644,30 @@ export class AssetService {
|
|||
|
||||
async checkAssetsAccess(authUser: AuthUserDto, assetIds: string[], mustBeOwner = false) {
|
||||
for (const assetId of assetIds) {
|
||||
// Default: DENY
|
||||
let accessAllowed = false;
|
||||
|
||||
// Step 1: Check if user owns asset
|
||||
if ((await this._assetRepository.countByIdAndUser(assetId, authUser.id)) == 1) {
|
||||
continue;
|
||||
accessAllowed = true;
|
||||
}
|
||||
|
||||
// Avoid additional checks if ownership is required
|
||||
if (!mustBeOwner) {
|
||||
// Step 2: Check if asset is part of an album shared with me
|
||||
if ((await this._albumRepository.getSharedWithUserAlbumCount(authUser.id, assetId)) > 0) {
|
||||
continue;
|
||||
accessAllowed = true;
|
||||
}
|
||||
|
||||
//TODO: Step 3: Check if asset is part of a public album
|
||||
}
|
||||
|
||||
if (!accessAllowed) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async function processETag(path: string, res: Res, headers: Record<string, string>): Promise<boolean> {
|
||||
const { size, mtimeNs } = await fs.stat(path, { bigint: true });
|
||||
|
|
Loading…
Reference in a new issue