Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-19 12:59:36 +02:00
Code Issues Releases Activity

fix(integration): update image entry retrieval to handle multiple collections and improve access control logic

Browse source
This commit is contained in:
Sean Morley 2025-06-17 15:49:27 -04:00
parent 2fb1548f9f
commit aed76a5689
1 changed files with 11 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

24
backend/server/integrations/views.py
View file

@ -270,23 +270,20 @@ class ImmichIntegrationView(viewsets.ViewSet):
integration = get_object_or_404(ImmichIntegration, id=integration_id) integration = get_object_or_404(ImmichIntegration, id=integration_id)
owner_id = integration.user_id owner_id = integration.user_id
# Try to find the image entry with collection and sharing information # Try to find the image entry with collections and sharing information
image_entry = ( image_entry = (
AdventureImage.objects AdventureImage.objects
.filter(immich_id=imageid, user_id=owner_id) .filter(immich_id=imageid, user_id=owner_id)
.select_related('adventure', 'adventure__collection') .select_related('adventure')
.prefetch_related('adventure__collection__shared_with') .prefetch_related('adventure__collections', 'adventure__collections__shared_with')
.order_by( .order_by('-adventure__is_public') # Public adventures first
'-adventure__is_public', # Public adventures first
'-adventure__collection__is_public' # Then public collections
)
.first() .first()
) )
# Access control # Access control
if image_entry: if image_entry:
adventure = image_entry.adventure adventure = image_entry.adventure
collection = adventure.collection collections = adventure.collections.all()
# Determine access level # Determine access level
is_authorized = False is_authorized = False
@ -295,17 +292,18 @@ class ImmichIntegrationView(viewsets.ViewSet):
if adventure.is_public: if adventure.is_public:
is_authorized = True is_authorized = True
# Level 2: Private adventure in public collection # Level 2: Private adventure in any public collection
elif collection and collection.is_public: elif any(collection.is_public for collection in collections):
is_authorized = True is_authorized = True
# Level 3: Owner access # Level 3: Owner access
elif request.user.is_authenticated and request.user.id == owner_id: elif request.user.is_authenticated and request.user.id == owner_id:
is_authorized = True is_authorized = True
# Level 4: Shared collection access # Level 4: Shared collection access - check if user has access to any collection
elif (request.user.is_authenticated and collection and elif (request.user.is_authenticated and
collection.shared_with.filter(id=request.user.id).exists()): any(collection.shared_with.filter(id=request.user.id).exists()
for collection in collections)):
is_authorized = True is_authorized = True
if not is_authorized: if not is_authorized: