refactor(server): partner core (#2678)

* refactor(server): partner core * refactor(server): partner access check
2025-10-29 17:40:28 +00:00 · 2023-06-06 16:18:38 -04:00
parent d1db479727
commit 6ce35d47f5
17 changed files with 85 additions and 84 deletions
--- a/server/apps/immich/src/api-v1/asset/asset.service.spec.ts
+++ b/server/apps/immich/src/api-v1/asset/asset.service.spec.ts
@@ -9,9 +9,9 @@ import { AssetCountByUserIdResponseDto } from './response-dto/asset-count-by-use
 import { DownloadService } from '../../modules/download/download.service';
 import { AlbumRepository, IAlbumRepository } from '../album/album-repository';
 import {
+  IAccessRepository,
  ICryptoRepository,
  IJobRepository,
-  IPartnerRepository,
  ISharedLinkRepository,
  IStorageRepository,
  JobName,
@@ -20,6 +20,7 @@ import {
  assetEntityStub,
  authStub,
  fileStub,
+  newAccessRepositoryMock,
  newCryptoRepositoryMock,
  newJobRepositoryMock,
  newSharedLinkRepositoryMock,
@@ -131,10 +132,10 @@ const _getArchivedAssetsCountByUserId = (): AssetCountByUserIdResponseDto => {
 describe('AssetService', () => {
  let sut: AssetService;
  let a: Repository<AssetEntity>; // TO BE DELETED AFTER FINISHED REFACTORING
+  let accessMock: jest.Mocked<IAccessRepository>;
  let assetRepositoryMock: jest.Mocked<IAssetRepository>;
  let albumRepositoryMock: jest.Mocked<IAlbumRepository>;
  let downloadServiceMock: jest.Mocked<Partial<DownloadService>>;
-  let partnerRepositoryMock: jest.Mocked<IPartnerRepository>;
  let sharedLinkRepositoryMock: jest.Mocked<ISharedLinkRepository>;
  let cryptoMock: jest.Mocked<ICryptoRepository>;
  let jobMock: jest.Mocked<IJobRepository>;
@@ -173,12 +174,14 @@ describe('AssetService', () => {
      downloadArchive: jest.fn(),
    };

+    accessMock = newAccessRepositoryMock();
    sharedLinkRepositoryMock = newSharedLinkRepositoryMock();
    jobMock = newJobRepositoryMock();
    cryptoMock = newCryptoRepositoryMock();
    storageMock = newStorageRepositoryMock();

    sut = new AssetService(
+      accessMock,
      assetRepositoryMock,
      albumRepositoryMock,
      a,
@@ -187,7 +190,6 @@ describe('AssetService', () => {
      jobMock,
      cryptoMock,
      storageMock,
-      partnerRepositoryMock,
    );

    when(assetRepositoryMock.get)
--- a/server/apps/immich/src/api-v1/asset/asset.service.ts
+++ b/server/apps/immich/src/api-v1/asset/asset.service.ts
@@ -25,12 +25,12 @@ import { CuratedObjectsResponseDto } from './response-dto/curated-objects-respon
 import {
  AssetResponseDto,
  getLivePhotoMotionFilename,
+  IAccessRepository,
  ImmichReadStream,
  IStorageRepository,
  JobName,
  mapAsset,
  mapAssetWithoutExif,
-  PartnerCore,
 } from '@app/domain';
 import { CreateAssetDto, UploadFile } from './dto/create-asset.dto';
 import { DeleteAssetResponseDto, DeleteAssetStatusEnum } from './response-dto/delete-asset-response.dto';
@@ -55,7 +55,6 @@ import { DownloadService } from '../../modules/download/download.service';
 import { DownloadDto } from './dto/download-library.dto';
 import { IAlbumRepository } from '../album/album-repository';
 import { SharedLinkCore } from '@app/domain';
-import { IPartnerRepository } from '@app/domain';
 import { ISharedLinkRepository } from '@app/domain';
 import { DownloadFilesDto } from './dto/download-files.dto';
 import { CreateAssetsShareLinkDto } from './dto/create-asset-shared-link.dto';
@@ -82,9 +81,9 @@ export class AssetService {
  readonly logger = new Logger(AssetService.name);
  private shareCore: SharedLinkCore;
  private assetCore: AssetCore;
-  private partnerCore: PartnerCore;

  constructor(
+    @Inject(IAccessRepository) private accessRepository: IAccessRepository,
    @Inject(IAssetRepository) private _assetRepository: IAssetRepository,
    @Inject(IAlbumRepository) private _albumRepository: IAlbumRepository,
    @InjectRepository(AssetEntity)
@@ -94,11 +93,9 @@ export class AssetService {
    @Inject(IJobRepository) private jobRepository: IJobRepository,
    @Inject(ICryptoRepository) cryptoRepository: ICryptoRepository,
    @Inject(IStorageRepository) private storageRepository: IStorageRepository,
-    @Inject(IPartnerRepository) private partnerRepository: IPartnerRepository,
  ) {
    this.assetCore = new AssetCore(_assetRepository, jobRepository);
    this.shareCore = new SharedLinkCore(sharedLinkRepository, cryptoRepository);
-    this.partnerCore = new PartnerCore(partnerRepository);
  }

  public async uploadFile(
@@ -581,7 +578,7 @@ export class AssetService {
        }

        // Step 3: Check if any partner owns the asset
-        const canAccess = await this.partnerCore.hasAssetAccess(assetId, authUser.id);
+        const canAccess = await this.accessRepository.hasPartnerAssetAccess(authUser.id, assetId);
        if (canAccess) {
          continue;
        }
@@ -601,7 +598,8 @@ export class AssetService {

  private async checkUserAccess(authUser: AuthUserDto, userId: string) {
    // Check if userId shares assets with authUser
-    if (!(await this.partnerCore.get({ sharedById: userId, sharedWithId: authUser.id }))) {
+    const canAccess = await this.accessRepository.hasPartnerAccess(authUser.id, userId);
+    if (!canAccess) {
      throw new ForbiddenException();
    }
  }