mirror of
https://github.com/ente-io/ente.git
synced 2025-05-04 12:27:54 +00:00
67 lines
2.1 KiB
Go
67 lines
2.1 KiB
Go
package access
|
|
|
|
import (
|
|
"github.com/ente-io/museum/ente"
|
|
enteArray "github.com/ente-io/museum/pkg/utils/array"
|
|
"github.com/ente-io/stacktrace"
|
|
"github.com/gin-contrib/requestid"
|
|
"github.com/gin-gonic/gin"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
type VerifyFileOwnershipParams struct {
|
|
// userID of the user trying to fetch the controller
|
|
ActorUserId int64
|
|
FileIDs []int64
|
|
}
|
|
|
|
type CanAccessFileParams struct {
|
|
ActorUserID int64
|
|
FileIDs []int64
|
|
}
|
|
|
|
// VerifyFileOwnership will return error if given fileIDs are not valid or don't belong to the ownerID
|
|
func (c controllerImpl) VerifyFileOwnership(ctx *gin.Context, req *VerifyFileOwnershipParams) error {
|
|
if enteArray.ContainsDuplicateInInt64Array(req.FileIDs) {
|
|
return stacktrace.Propagate(ente.ErrBadRequest, "duplicate fileIDs")
|
|
}
|
|
ownerID := req.ActorUserId
|
|
logger := log.WithFields(log.Fields{
|
|
"req_id": requestid.Get(ctx),
|
|
})
|
|
return c.FileRepo.VerifyFileOwner(ctx, req.FileIDs, ownerID, logger)
|
|
}
|
|
|
|
func (c controllerImpl) CanAccessFile(ctx *gin.Context, req *CanAccessFileParams) error {
|
|
if enteArray.ContainsDuplicateInInt64Array(req.FileIDs) {
|
|
return stacktrace.Propagate(ente.ErrBadRequest, "duplicate fileIDs")
|
|
}
|
|
ownerToFilesMap, err := c.FileRepo.GetOwnerToFileIDsMap(ctx, req.FileIDs)
|
|
if err != nil {
|
|
return stacktrace.Propagate(err, "failed to get owner to fileIDs map")
|
|
}
|
|
// iterate over the map and check if the ownerID has access to the fileIDs
|
|
for owner, fileIDs := range ownerToFilesMap {
|
|
if owner == req.ActorUserID {
|
|
continue
|
|
}
|
|
cIDs, collErr := c.CollectionRepo.GetCollectionIDsSharedWithUser(req.ActorUserID)
|
|
if collErr != nil {
|
|
return stacktrace.Propagate(collErr, "")
|
|
}
|
|
cwIDS, collErr := c.CollectionRepo.GetCollectionIDsSharedWithUser(owner)
|
|
if collErr != nil {
|
|
return stacktrace.Propagate(collErr, "")
|
|
}
|
|
cIDs = append(cIDs, cwIDS...)
|
|
accessErr := c.CollectionRepo.DoAllFilesExistInGivenCollections(fileIDs, cIDs)
|
|
if accessErr != nil {
|
|
log.WithFields(log.Fields{
|
|
"req_id": requestid.Get(ctx),
|
|
}).WithError(accessErr).Error("access check failed")
|
|
return stacktrace.Propagate(ente.ErrPermissionDenied, "access denied")
|
|
}
|
|
}
|
|
return nil
|
|
}
|