fix: locked visibility in search random endpoint (#29887)

This commit is contained in:
Daniel Dietzler
2026-07-13 22:03:20 +02:00
committed by GitHub
parent ffafc144c6
commit 35fcca6254
2 changed files with 20 additions and 1 deletions

View File

@@ -118,7 +118,11 @@ export class SearchService extends BaseService {
}
const userIds = await this.getUserIdsToSearch(auth, dto.visibility);
const items = await this.searchRepository.searchRandom(dto.size || 250, { ...dto, userIds });
const items = await this.searchRepository.searchRandom(dto.size || 250, {
...dto,
visibility: dto.visibility ?? (auth.session?.hasElevatedPermission ? undefined : 'not-locked'),
userIds,
});
return items.map((item) => mapAsset(item, { auth }));
}

View File

@@ -196,4 +196,19 @@ describe(SearchService.name, () => {
expect(suggestions).toEqual(['Canon', null]);
});
});
describe('searchRandom', () => {
it('should filter out locked assets in a default session', async () => {
const { sut, ctx } = setup();
const { user } = await ctx.newUser();
await ctx.newAsset({ ownerId: user.id, visibility: AssetVisibility.Locked });
const auth = factory.auth({ user: { id: user.id } });
const response = await sut.searchRandom(auth, {});
expect(response.length).toBe(0);
});
});
});