fix(server): partner can view archived assets (#9750)

* fix(server): partner can view archived assets * update sql queries
2025-12-20 09:15:35 +03:00 · 2024-05-25 12:53:57 +02:00
parent 9e71256191
commit 8a7b0f66a4
4 changed files with 36 additions and 0 deletions
--- a/e2e/src/api/specs/asset.e2e-spec.ts
+++ b/e2e/src/api/specs/asset.e2e-spec.ts
@@ -86,6 +86,8 @@ describe('/asset', () => {
      utils.userSetup(admin.accessToken, createUserDto.create('stack')),
    ]);

+    await utils.createPartner(user1.accessToken, user2.userId);
+
    // asset location
    locationAsset = await utils.createAsset(admin.accessToken, {
      assetData: {
@@ -233,6 +235,35 @@ describe('/asset', () => {
      expect(data.status).toBe(200);
      expect(data.body).toMatchObject({ people: [] });
    });
+
+    describe('partner assets', () => {
+      it('should get the asset info', async () => {
+        const { status, body } = await request(app)
+          .get(`/asset/${user1Assets[0].id}`)
+          .set('Authorization', `Bearer ${user2.accessToken}`);
+        expect(status).toBe(200);
+        expect(body).toMatchObject({ id: user1Assets[0].id });
+      });
+
+      it('disallows viewing archived assets', async () => {
+        const asset = await utils.createAsset(user1.accessToken, { isArchived: true });
+
+        const { status } = await request(app)
+          .get(`/asset/${asset.id}`)
+          .set('Authorization', `Bearer ${user2.accessToken}`);
+        expect(status).toBe(400);
+      });
+
+      it('disallows viewing trashed assets', async () => {
+        const asset = await utils.createAsset(user1.accessToken);
+        await utils.deleteAssets(user1.accessToken, [asset.id]);
+
+        const { status } = await request(app)
+          .get(`/asset/${asset.id}`)
+          .set('Authorization', `Bearer ${user2.accessToken}`);
+        expect(status).toBe(400);
+      });
+    });
  });

  describe('GET /asset/statistics', () => {
--- a/e2e/src/utils.ts
+++ b/e2e/src/utils.ts
@@ -13,6 +13,7 @@ import {
  createAlbum,
  createApiKey,
  createLibrary,
+  createPartner,
  createPerson,
  createSharedLink,
  createUser,
@@ -385,6 +386,8 @@ export const utils = {
  validateLibrary: (accessToken: string, id: string, dto: ValidateLibraryDto) =>
    validate({ id, validateLibraryDto: dto }, { headers: asBearerAuth(accessToken) }),

+  createPartner: (accessToken: string, id: string) => createPartner({ id }, { headers: asBearerAuth(accessToken) }),
+
  setAuthCookies: async (context: BrowserContext, accessToken: string) =>
    await context.addCookies([
      {