Simplify control flow

2022-12-01 17:28:26 +01:00 · 2022-12-01 17:28:26 +01:00 · 7bc3cbf687
commit 7bc3cbf687
parent 38cfdea855
1 changed files with 9 additions and 3 deletions
--- a/server/apps/immich/src/api-v1/asset/asset.service.ts
+++ b/server/apps/immich/src/api-v1/asset/asset.service.ts
@ -644,21 +644,27 @@ export class AssetService {

  async checkAssetsAccess(authUser: AuthUserDto, assetIds: string[], mustBeOwner = false) {
    for (const assetId of assetIds) {
+      // Default: DENY
+      let accessAllowed = false;
+
      // Step 1: Check if user owns asset
      if ((await this._assetRepository.countByIdAndUser(assetId, authUser.id)) == 1) {
-        continue;
+        accessAllowed = true;
      }

      // Avoid additional checks if ownership is required
      if (!mustBeOwner) {
        // Step 2: Check if asset is part of an album shared with me
        if ((await this._albumRepository.getSharedWithUserAlbumCount(authUser.id, assetId)) > 0) {
-          continue;
+          accessAllowed = true;
        }

        //TODO: Step 3: Check if asset is part of a public album
      }
-      throw new ForbiddenException();
+
+      if (!accessAllowed) {
+        throw new ForbiddenException();
+      }
    }
  }
 }