diff --git a/server/src/queries/album.user.repository.sql b/server/src/queries/album.user.repository.sql index a758ba1cf4..fc4a52bae2 100644 --- a/server/src/queries/album.user.repository.sql +++ b/server/src/queries/album.user.repository.sql @@ -17,8 +17,6 @@ set where "userId" = $2 and "albumId" = $3 -returning - * -- AlbumUserRepository.delete delete from "album_user" diff --git a/server/src/repositories/album-user.repository.ts b/server/src/repositories/album-user.repository.ts index 1a1e58a77d..558a0c05d7 100644 --- a/server/src/repositories/album-user.repository.ts +++ b/server/src/repositories/album-user.repository.ts @@ -25,14 +25,13 @@ export class AlbumUserRepository { } @GenerateSql({ params: [{ userId: DummyValue.UUID, albumId: DummyValue.UUID }, { role: AlbumUserRole.Viewer }] }) - update({ userId, albumId }: AlbumPermissionId, dto: Updateable) { - return this.db + async update({ userId, albumId }: AlbumPermissionId, dto: Updateable) { + await this.db .updateTable('album_user') .set(dto) .where('userId', '=', userId) .where('albumId', '=', albumId) - .returningAll() - .executeTakeFirstOrThrow(); + .execute(); } @GenerateSql({ params: [{ userId: DummyValue.UUID, albumId: DummyValue.UUID }] }) diff --git a/server/src/services/album.service.spec.ts b/server/src/services/album.service.spec.ts index 03be834354..209716db3a 100644 --- a/server/src/services/album.service.spec.ts +++ b/server/src/services/album.service.spec.ts @@ -3,9 +3,8 @@ import _ from 'lodash'; import { BulkIdErrorReason } from 'src/dtos/asset-ids.response.dto'; import { AlbumUserRole, AssetOrder, UserMetadataKey } from 'src/enum'; import { AlbumService } from 'src/services/album.service'; -import { albumStub } from 'test/fixtures/album.stub'; import { authStub } from 'test/fixtures/auth.stub'; -import { userStub } from 'test/fixtures/user.stub'; +import { factory } from 'test/small.factory'; import { newTestService, ServiceMocks } from 'test/utils'; describe(AlbumService.name, () => { @@ -39,17 +38,24 @@ describe(AlbumService.name, () => { describe('getAll', () => { it('gets list of albums for auth user', async () => { - mocks.album.getOwned.mockResolvedValue([albumStub.empty, albumStub.sharedWithUser]); + const owner = factory.userAdmin(); + const album = { ...factory.album({ ownerId: owner.id }), owner }; + const sharedWithUserAlbum = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user: factory.user(), role: AlbumUserRole.Editor }], + }; + mocks.album.getOwned.mockResolvedValue([album, sharedWithUserAlbum]); mocks.album.getMetadataForIds.mockResolvedValue([ { - albumId: albumStub.empty.id, + albumId: album.id, assetCount: 0, startDate: null, endDate: null, lastModifiedAssetTimestamp: null, }, { - albumId: albumStub.sharedWithUser.id, + albumId: sharedWithUserAlbum.id, assetCount: 0, startDate: null, endDate: null, @@ -57,17 +63,20 @@ describe(AlbumService.name, () => { }, ]); - const result = await sut.getAll(authStub.admin, {}); + const result = await sut.getAll(factory.auth({ user: owner }), {}); expect(result).toHaveLength(2); - expect(result[0].id).toEqual(albumStub.empty.id); - expect(result[1].id).toEqual(albumStub.sharedWithUser.id); + expect(result[0].id).toEqual(album.id); + expect(result[1].id).toEqual(sharedWithUserAlbum.id); }); it('gets list of albums that have a specific asset', async () => { - mocks.album.getByAssetId.mockResolvedValue([albumStub.oneAsset]); + const owner = factory.userAdmin(); + const asset = factory.asset({ ownerId: owner.id }); + const album = { ...factory.album({ ownerId: owner.id }), owner, assets: [asset] }; + mocks.album.getByAssetId.mockResolvedValue([album]); mocks.album.getMetadataForIds.mockResolvedValue([ { - albumId: albumStub.oneAsset.id, + albumId: album.id, assetCount: 1, startDate: new Date('1970-01-01'), endDate: new Date('1970-01-01'), @@ -75,17 +84,23 @@ describe(AlbumService.name, () => { }, ]); - const result = await sut.getAll(authStub.admin, { assetId: albumStub.oneAsset.id }); + const result = await sut.getAll(factory.auth({ user: owner }), { assetId: asset.id }); expect(result).toHaveLength(1); - expect(result[0].id).toEqual(albumStub.oneAsset.id); + expect(result[0].id).toEqual(album.id); expect(mocks.album.getByAssetId).toHaveBeenCalledTimes(1); }); it('gets list of albums that are shared', async () => { - mocks.album.getShared.mockResolvedValue([albumStub.sharedWithUser]); + const owner = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user: factory.user(), role: AlbumUserRole.Editor }], + }; + mocks.album.getShared.mockResolvedValue([album]); mocks.album.getMetadataForIds.mockResolvedValue([ { - albumId: albumStub.sharedWithUser.id, + albumId: album.id, assetCount: 0, startDate: null, endDate: null, @@ -93,17 +108,19 @@ describe(AlbumService.name, () => { }, ]); - const result = await sut.getAll(authStub.admin, { shared: true }); + const result = await sut.getAll(factory.auth({ user: owner }), { shared: true }); expect(result).toHaveLength(1); - expect(result[0].id).toEqual(albumStub.sharedWithUser.id); + expect(result[0].id).toEqual(album.id); expect(mocks.album.getShared).toHaveBeenCalledTimes(1); }); it('gets list of albums that are NOT shared', async () => { - mocks.album.getNotShared.mockResolvedValue([albumStub.empty]); + const owner = factory.userAdmin(); + const album = { ...factory.album({ ownerId: owner.id }), owner }; + mocks.album.getNotShared.mockResolvedValue([album]); mocks.album.getMetadataForIds.mockResolvedValue([ { - albumId: albumStub.empty.id, + albumId: album.id, assetCount: 0, startDate: null, endDate: null, @@ -111,18 +128,21 @@ describe(AlbumService.name, () => { }, ]); - const result = await sut.getAll(authStub.admin, { shared: false }); + const result = await sut.getAll(factory.auth({ user: owner }), { shared: false }); expect(result).toHaveLength(1); - expect(result[0].id).toEqual(albumStub.empty.id); + expect(result[0].id).toEqual(album.id); expect(mocks.album.getNotShared).toHaveBeenCalledTimes(1); }); }); it('counts assets correctly', async () => { - mocks.album.getOwned.mockResolvedValue([albumStub.oneAsset]); + const owner = factory.userAdmin(); + const asset = factory.asset({ ownerId: owner.id }); + const album = { ...factory.album({ ownerId: owner.id }), owner, assets: [asset] }; + mocks.album.getOwned.mockResolvedValue([album]); mocks.album.getMetadataForIds.mockResolvedValue([ { - albumId: albumStub.oneAsset.id, + albumId: album.id, assetCount: 1, startDate: new Date('1970-01-01'), endDate: new Date('1970-01-01'), @@ -130,7 +150,7 @@ describe(AlbumService.name, () => { }, ]); - const result = await sut.getAll(authStub.admin, {}); + const result = await sut.getAll(factory.auth({ user: owner }), {}); expect(result).toHaveLength(1); expect(result[0].assetCount).toEqual(1); @@ -139,42 +159,60 @@ describe(AlbumService.name, () => { describe('create', () => { it('creates album', async () => { - mocks.album.create.mockResolvedValue(albumStub.empty); - mocks.user.get.mockResolvedValue(userStub.user1); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const asset = { ...factory.asset({ ownerId: owner.id }), exifInfo: factory.exif() }; + const album = { + ...factory.album({ ownerId: owner.id, albumName: 'Empty album' }), + owner, + assets: [asset], + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.album.create.mockResolvedValue(album); + mocks.user.get.mockResolvedValue(user); mocks.user.getMetadata.mockResolvedValue([]); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['123'])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset.id])); - await sut.create(authStub.admin, { + await sut.create(factory.auth({ user: owner }), { albumName: 'Empty album', - albumUsers: [{ userId: 'user-id', role: AlbumUserRole.Editor }], - description: '', - assetIds: ['123'], + albumUsers: [{ userId: user.id, role: AlbumUserRole.Editor }], + description: 'Album description', + assetIds: [asset.id], }); expect(mocks.album.create).toHaveBeenCalledWith( { - ownerId: authStub.admin.user.id, - albumName: albumStub.empty.albumName, - description: albumStub.empty.description, - order: 'desc', - albumThumbnailAssetId: '123', + ownerId: owner.id, + albumName: album.albumName, + description: album.description, + order: album.order, + albumThumbnailAssetId: asset.id, }, - ['123'], - [{ userId: 'user-id', role: AlbumUserRole.Editor }], + [asset.id], + [{ userId: user.id, role: AlbumUserRole.Editor }], ); - expect(mocks.user.get).toHaveBeenCalledWith('user-id', {}); - expect(mocks.user.getMetadata).toHaveBeenCalledWith(authStub.admin.user.id); - expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith(authStub.admin.user.id, new Set(['123']), false); + expect(mocks.user.get).toHaveBeenCalledWith(user.id, {}); + expect(mocks.user.getMetadata).toHaveBeenCalledWith(owner.id); + expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith(owner.id, new Set([asset.id]), false); expect(mocks.event.emit).toHaveBeenCalledWith('AlbumInvite', { - id: albumStub.empty.id, - userId: 'user-id', + id: album.id, + userId: user.id, }); }); it('creates album with assetOrder from user preferences', async () => { - mocks.album.create.mockResolvedValue(albumStub.empty); - mocks.user.get.mockResolvedValue(userStub.user1); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const asset = { ...factory.asset({ ownerId: owner.id }), exifInfo: factory.exif() }; + const album = { + ...factory.album({ ownerId: owner.id, albumName: 'Empty album' }), + owner, + assets: [asset], + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.album.create.mockResolvedValue(album); + mocks.user.get.mockResolvedValue(user); mocks.user.getMetadata.mockResolvedValue([ { key: UserMetadataKey.Preferences, @@ -185,84 +223,90 @@ describe(AlbumService.name, () => { }, }, ]); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['123'])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset.id])); - await sut.create(authStub.admin, { + await sut.create(factory.auth({ user: owner }), { albumName: 'Empty album', - albumUsers: [{ userId: 'user-id', role: AlbumUserRole.Editor }], - description: '', - assetIds: ['123'], + albumUsers: [{ userId: user.id, role: AlbumUserRole.Editor }], + description: 'Album description', + assetIds: [asset.id], }); expect(mocks.album.create).toHaveBeenCalledWith( { - ownerId: authStub.admin.user.id, - albumName: albumStub.empty.albumName, - description: albumStub.empty.description, + ownerId: owner.id, + albumName: album.albumName, + description: album.description, order: 'asc', - albumThumbnailAssetId: '123', + albumThumbnailAssetId: asset.id, }, - ['123'], - [{ userId: 'user-id', role: AlbumUserRole.Editor }], + [asset.id], + [{ userId: user.id, role: AlbumUserRole.Editor }], ); - expect(mocks.user.get).toHaveBeenCalledWith('user-id', {}); - expect(mocks.user.getMetadata).toHaveBeenCalledWith(authStub.admin.user.id); - expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith(authStub.admin.user.id, new Set(['123']), false); + expect(mocks.user.get).toHaveBeenCalledWith(user.id, {}); + expect(mocks.user.getMetadata).toHaveBeenCalledWith(owner.id); + expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith(owner.id, new Set([asset.id]), false); expect(mocks.event.emit).toHaveBeenCalledWith('AlbumInvite', { - id: albumStub.empty.id, - userId: 'user-id', + id: album.id, + userId: user.id, }); }); it('should require valid userIds', async () => { mocks.user.get.mockResolvedValue(void 0); await expect( - sut.create(authStub.admin, { + sut.create(factory.auth(), { albumName: 'Empty album', - albumUsers: [{ userId: 'user-3', role: AlbumUserRole.Editor }], + albumUsers: [{ userId: 'unknown-user', role: AlbumUserRole.Editor }], }), ).rejects.toBeInstanceOf(BadRequestException); - expect(mocks.user.get).toHaveBeenCalledWith('user-3', {}); + expect(mocks.user.get).toHaveBeenCalledWith('unknown-user', {}); expect(mocks.album.create).not.toHaveBeenCalled(); }); it('should only add assets the user is allowed to access', async () => { - mocks.user.get.mockResolvedValue(userStub.user1); - mocks.album.create.mockResolvedValue(albumStub.oneAsset); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const asset = { ...factory.asset({ ownerId: owner.id }), exifInfo: factory.exif() }; + const album = { + ...factory.album({ ownerId: owner.id, albumName: 'Test album' }), + owner, + assets: [asset], + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.user.get.mockResolvedValue(user); + mocks.album.create.mockResolvedValue(album); mocks.user.getMetadata.mockResolvedValue([]); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1'])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset.id])); - await sut.create(authStub.admin, { + await sut.create(factory.auth({ user: owner }), { albumName: 'Test album', - description: '', - assetIds: ['asset-1', 'asset-2'], + description: 'Album description', + assetIds: [asset.id, 'asset-2'], }); expect(mocks.album.create).toHaveBeenCalledWith( { - ownerId: authStub.admin.user.id, - albumName: 'Test album', - description: '', + ownerId: owner.id, + albumName: album.albumName, + description: album.description, order: 'desc', - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset.id, }, - ['asset-1'], + [asset.id], [], ); - expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith( - authStub.admin.user.id, - new Set(['asset-1', 'asset-2']), - false, - ); + expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith(owner.id, new Set([asset.id, 'asset-2']), false); }); it('should throw an error if the userId is the ownerId', async () => { - mocks.user.get.mockResolvedValue(userStub.admin); + const owner = factory.userAdmin(); + mocks.user.get.mockResolvedValue(owner); await expect( - sut.create(authStub.admin, { + sut.create(factory.auth({ user: owner }), { albumName: 'Empty album', - albumUsers: [{ userId: userStub.admin.id, role: AlbumUserRole.Editor }], + albumUsers: [{ userId: owner.id, role: AlbumUserRole.Editor }], }), ).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.create).not.toHaveBeenCalled(); @@ -271,11 +315,12 @@ describe(AlbumService.name, () => { describe('update', () => { it('should prevent updating an album that does not exist', async () => { + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set()); mocks.album.getById.mockResolvedValue(void 0); await expect( - sut.update(authStub.user1, 'invalid-id', { - albumName: 'new album name', + sut.update(factory.auth(), 'invalid-id', { + albumName: 'Album', }), ).rejects.toBeInstanceOf(BadRequestException); @@ -283,139 +328,177 @@ describe(AlbumService.name, () => { }); it('should prevent updating a not owned album (shared with auth user)', async () => { + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { ...factory.album({ ownerId: user.id }), user }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set()); await expect( - sut.update(authStub.admin, albumStub.sharedWithAdmin.id, { + sut.update(factory.auth({ user: owner }), album.id, { albumName: 'new album name', }), ).rejects.toBeInstanceOf(BadRequestException); }); it('should require a valid thumbnail asset id', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-4'])); - mocks.album.getById.mockResolvedValue(albumStub.oneAsset); - mocks.album.update.mockResolvedValue(albumStub.oneAsset); + const owner = factory.userAdmin(); + const album = { ...factory.album({ ownerId: owner.id }), owner }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); mocks.album.getAssetIds.mockResolvedValue(new Set()); await expect( - sut.update(authStub.admin, albumStub.oneAsset.id, { + sut.update(factory.auth({ user: owner }), album.id, { albumThumbnailAssetId: 'not-in-album', }), ).rejects.toBeInstanceOf(BadRequestException); - expect(mocks.album.getAssetIds).toHaveBeenCalledWith('album-4', ['not-in-album']); + expect(mocks.album.getAssetIds).toHaveBeenCalledWith(album.id, ['not-in-album']); expect(mocks.album.update).not.toHaveBeenCalled(); }); it('should allow the owner to update the album', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-4'])); + const owner = factory.userAdmin(); + const album = { ...factory.album({ ownerId: owner.id }), owner }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); - mocks.album.getById.mockResolvedValue(albumStub.oneAsset); - mocks.album.update.mockResolvedValue(albumStub.oneAsset); + mocks.album.getById.mockResolvedValue(album); + mocks.album.update.mockResolvedValue(album); - await sut.update(authStub.admin, albumStub.oneAsset.id, { + await sut.update(factory.auth({ user: owner }), album.id, { albumName: 'new album name', }); expect(mocks.album.update).toHaveBeenCalledTimes(1); - expect(mocks.album.update).toHaveBeenCalledWith('album-4', { - id: 'album-4', + expect(mocks.album.update).toHaveBeenCalledWith(album.id, { + id: album.id, albumName: 'new album name', }); }); }); describe('delete', () => { - it('should throw an error for an album not found', async () => { + it('should require permissions', async () => { + const album = factory.album(); mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set()); - await expect(sut.delete(authStub.admin, albumStub.sharedWithAdmin.id)).rejects.toBeInstanceOf( - BadRequestException, - ); + await expect(sut.delete(factory.auth(), album.id)).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.delete).not.toHaveBeenCalled(); }); it('should not let a shared user delete the album', async () => { - mocks.album.getById.mockResolvedValue(albumStub.sharedWithAdmin); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { ...factory.album({ ownerId: user.id }), owner: user }; + mocks.album.getById.mockResolvedValue(album); + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set()); - await expect(sut.delete(authStub.admin, albumStub.sharedWithAdmin.id)).rejects.toBeInstanceOf( - BadRequestException, - ); + await expect(sut.delete(factory.auth({ user: owner }), album.id)).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.delete).not.toHaveBeenCalled(); }); it('should let the owner delete an album', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([albumStub.empty.id])); - mocks.album.getById.mockResolvedValue(albumStub.empty); + const owner = factory.userAdmin(); + const album = { ...factory.album({ ownerId: owner.id }), owner }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); - await sut.delete(authStub.admin, albumStub.empty.id); + await sut.delete(factory.auth({ user: owner }), album.id); expect(mocks.album.delete).toHaveBeenCalledTimes(1); - expect(mocks.album.delete).toHaveBeenCalledWith(albumStub.empty.id); + expect(mocks.album.delete).toHaveBeenCalledWith(album.id); }); }); describe('addUsers', () => { it('should throw an error if the auth user is not the owner', async () => { + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { ...factory.album({ ownerId: owner.id }), owner }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set()); await expect( - sut.addUsers(authStub.admin, albumStub.sharedWithAdmin.id, { albumUsers: [{ userId: 'user-1' }] }), + sut.addUsers(factory.auth({ user }), album.id, { albumUsers: [{ userId: owner.id }] }), ).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.update).not.toHaveBeenCalled(); }); it('should throw an error if the userId is already added', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([albumStub.sharedWithAdmin.id])); - mocks.album.getById.mockResolvedValue(albumStub.sharedWithAdmin); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); await expect( - sut.addUsers(authStub.user1, albumStub.sharedWithAdmin.id, { - albumUsers: [{ userId: authStub.admin.user.id }], - }), + sut.addUsers(factory.auth({ user: owner }), album.id, { albumUsers: [{ userId: user.id }] }), ).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.update).not.toHaveBeenCalled(); + expect(mocks.user.get).not.toHaveBeenCalled(); }); it('should throw an error if the userId does not exist', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([albumStub.sharedWithAdmin.id])); - mocks.album.getById.mockResolvedValue(albumStub.sharedWithAdmin); + const owner = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); mocks.user.get.mockResolvedValue(void 0); await expect( - sut.addUsers(authStub.user1, albumStub.sharedWithAdmin.id, { albumUsers: [{ userId: 'user-3' }] }), + sut.addUsers(factory.auth({ user: owner }), album.id, { albumUsers: [{ userId: 'unknown-user' }] }), ).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.update).not.toHaveBeenCalled(); + expect(mocks.user.get).toHaveBeenCalledWith('unknown-user', {}); }); it('should throw an error if the userId is the ownerId', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([albumStub.sharedWithAdmin.id])); - mocks.album.getById.mockResolvedValue(albumStub.sharedWithAdmin); + const owner = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); await expect( - sut.addUsers(authStub.user1, albumStub.sharedWithAdmin.id, { - albumUsers: [{ userId: userStub.user1.id }], + sut.addUsers(factory.auth({ user: owner }), album.id, { + albumUsers: [{ userId: owner.id }], }), ).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.update).not.toHaveBeenCalled(); + expect(mocks.user.get).not.toHaveBeenCalled(); }); it('should add valid shared users', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([albumStub.sharedWithAdmin.id])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.sharedWithAdmin)); - mocks.album.update.mockResolvedValue(albumStub.sharedWithAdmin); - mocks.user.get.mockResolvedValue(userStub.user2); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); + mocks.album.update.mockResolvedValue(album); + mocks.user.get.mockResolvedValue(user); mocks.albumUser.create.mockResolvedValue({ - userId: userStub.user2.id, - albumId: albumStub.sharedWithAdmin.id, + userId: user.id, + albumId: album.id, role: AlbumUserRole.Editor, }); - await sut.addUsers(authStub.user1, albumStub.sharedWithAdmin.id, { - albumUsers: [{ userId: authStub.user2.user.id }], + await sut.addUsers(factory.auth({ user: owner }), album.id, { + albumUsers: [{ userId: user.id }], }); expect(mocks.albumUser.create).toHaveBeenCalledWith({ - userId: authStub.user2.user.id, - albumId: albumStub.sharedWithAdmin.id, + userId: user.id, + albumId: album.id, }); expect(mocks.event.emit).toHaveBeenCalledWith('AlbumInvite', { - id: albumStub.sharedWithAdmin.id, - userId: userStub.user2.id, + id: album.id, + userId: user.id, }); }); }); @@ -424,71 +507,105 @@ describe(AlbumService.name, () => { it('should require a valid album id', async () => { mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-1'])); mocks.album.getById.mockResolvedValue(void 0); - await expect(sut.removeUser(authStub.admin, 'album-1', 'user-1')).rejects.toBeInstanceOf(BadRequestException); + await expect(sut.removeUser(factory.auth(), 'album-1', 'user-1')).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.update).not.toHaveBeenCalled(); }); it('should remove a shared user from an owned album', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([albumStub.sharedWithUser.id])); - mocks.album.getById.mockResolvedValue(albumStub.sharedWithUser); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); mocks.albumUser.delete.mockResolvedValue(); - await expect( - sut.removeUser(authStub.admin, albumStub.sharedWithUser.id, userStub.user1.id), - ).resolves.toBeUndefined(); + await expect(sut.removeUser(factory.auth({ user: owner }), album.id, user.id)).resolves.toBeUndefined(); expect(mocks.albumUser.delete).toHaveBeenCalledTimes(1); expect(mocks.albumUser.delete).toHaveBeenCalledWith({ - albumId: albumStub.sharedWithUser.id, - userId: userStub.user1.id, + albumId: album.id, + userId: user.id, }); - expect(mocks.album.getById).toHaveBeenCalledWith(albumStub.sharedWithUser.id, { withAssets: false }); + expect(mocks.album.getById).toHaveBeenCalledWith(album.id, { withAssets: false }); }); it('should prevent removing a shared user from a not-owned album (shared with auth user)', async () => { - mocks.album.getById.mockResolvedValue(albumStub.sharedWithMultiple); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const user2 = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: user.id }), + owner: user, + albumUsers: [ + { user: owner, role: AlbumUserRole.Editor }, + { user: user2, role: AlbumUserRole.Editor }, + ], + }; + mocks.album.getById.mockResolvedValue(album); - await expect( - sut.removeUser(authStub.user1, albumStub.sharedWithMultiple.id, authStub.user2.user.id), - ).rejects.toBeInstanceOf(BadRequestException); + await expect(sut.removeUser(factory.auth({ user: owner }), album.id, user2.id)).rejects.toBeInstanceOf( + BadRequestException, + ); expect(mocks.albumUser.delete).not.toHaveBeenCalled(); - expect(mocks.access.album.checkOwnerAccess).toHaveBeenCalledWith( - authStub.user1.user.id, - new Set([albumStub.sharedWithMultiple.id]), - ); + expect(mocks.access.album.checkOwnerAccess).toHaveBeenCalledWith(owner.id, new Set([album.id])); }); it('should allow a shared user to remove themselves', async () => { - mocks.album.getById.mockResolvedValue(albumStub.sharedWithUser); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: user.id }), + owner: user, + albumUsers: [{ user: owner, role: AlbumUserRole.Editor }], + }; + mocks.album.getById.mockResolvedValue(album); mocks.albumUser.delete.mockResolvedValue(); - await sut.removeUser(authStub.user1, albumStub.sharedWithUser.id, authStub.user1.user.id); + await sut.removeUser(factory.auth({ user: owner }), album.id, owner.id); expect(mocks.albumUser.delete).toHaveBeenCalledTimes(1); expect(mocks.albumUser.delete).toHaveBeenCalledWith({ - albumId: albumStub.sharedWithUser.id, - userId: authStub.user1.user.id, + albumId: album.id, + userId: owner.id, }); }); it('should allow a shared user to remove themselves using "me"', async () => { - mocks.album.getById.mockResolvedValue(albumStub.sharedWithUser); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.album.getById.mockResolvedValue(album); mocks.albumUser.delete.mockResolvedValue(); - await sut.removeUser(authStub.user1, albumStub.sharedWithUser.id, 'me'); + await sut.removeUser(factory.auth({ user }), album.id, 'me'); expect(mocks.albumUser.delete).toHaveBeenCalledTimes(1); expect(mocks.albumUser.delete).toHaveBeenCalledWith({ - albumId: albumStub.sharedWithUser.id, - userId: authStub.user1.user.id, + albumId: album.id, + userId: user.id, }); }); it('should not allow the owner to be removed', async () => { - mocks.album.getById.mockResolvedValue(albumStub.empty); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.album.getById.mockResolvedValue(album); - await expect(sut.removeUser(authStub.admin, albumStub.empty.id, authStub.admin.user.id)).rejects.toBeInstanceOf( + await expect(sut.removeUser(factory.auth({ user: owner }), album.id, owner.id)).rejects.toBeInstanceOf( BadRequestException, ); @@ -496,9 +613,16 @@ describe(AlbumService.name, () => { }); it('should throw an error for a user not in the album', async () => { - mocks.album.getById.mockResolvedValue(albumStub.empty); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.album.getById.mockResolvedValue(album); - await expect(sut.removeUser(authStub.admin, albumStub.empty.id, 'user-3')).rejects.toBeInstanceOf( + await expect(sut.removeUser(factory.auth({ user: owner }), album.id, 'user-3')).rejects.toBeInstanceOf( BadRequestException, ); @@ -508,26 +632,40 @@ describe(AlbumService.name, () => { describe('updateUser', () => { it('should update user role', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([albumStub.sharedWithAdmin.id])); - mocks.albumUser.update.mockResolvedValue(null as any); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.albumUser.update.mockResolvedValue(); - await sut.updateUser(authStub.user1, albumStub.sharedWithAdmin.id, userStub.admin.id, { - role: AlbumUserRole.Editor, + await sut.updateUser(factory.auth({ user: owner }), album.id, user.id, { + role: AlbumUserRole.Viewer, }); expect(mocks.albumUser.update).toHaveBeenCalledWith( - { albumId: albumStub.sharedWithAdmin.id, userId: userStub.admin.id }, - { role: AlbumUserRole.Editor }, + { albumId: album.id, userId: user.id }, + { role: AlbumUserRole.Viewer }, ); }); }); describe('getAlbumInfo', () => { it('should get a shared album', async () => { - mocks.album.getById.mockResolvedValue(albumStub.oneAsset); - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([albumStub.oneAsset.id])); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.album.getById.mockResolvedValue(album); + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); mocks.album.getMetadataForIds.mockResolvedValue([ { - albumId: albumStub.oneAsset.id, + albumId: album.id, assetCount: 1, startDate: new Date('1970-01-01'), endDate: new Date('1970-01-01'), @@ -535,21 +673,25 @@ describe(AlbumService.name, () => { }, ]); - await sut.get(authStub.admin, albumStub.oneAsset.id, {}); + await sut.get(factory.auth({ user: owner }), album.id, {}); - expect(mocks.album.getById).toHaveBeenCalledWith(albumStub.oneAsset.id, { withAssets: true }); - expect(mocks.access.album.checkOwnerAccess).toHaveBeenCalledWith( - authStub.admin.user.id, - new Set([albumStub.oneAsset.id]), - ); + expect(mocks.album.getById).toHaveBeenCalledWith(album.id, { withAssets: true }); + expect(mocks.access.album.checkOwnerAccess).toHaveBeenCalledWith(owner.id, new Set([album.id])); }); it('should get a shared album via a shared link', async () => { - mocks.album.getById.mockResolvedValue(albumStub.oneAsset); - mocks.access.album.checkSharedLinkAccess.mockResolvedValue(new Set(['album-123'])); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.album.getById.mockResolvedValue(album); + mocks.access.album.checkSharedLinkAccess.mockResolvedValue(new Set([album.id])); mocks.album.getMetadataForIds.mockResolvedValue([ { - albumId: albumStub.oneAsset.id, + albumId: album.id, assetCount: 1, startDate: new Date('1970-01-01'), endDate: new Date('1970-01-01'), @@ -557,21 +699,26 @@ describe(AlbumService.name, () => { }, ]); - await sut.get(authStub.adminSharedLink, 'album-123', {}); + const auth = factory.auth({ sharedLink: {} }); + await sut.get(auth, album.id, {}); - expect(mocks.album.getById).toHaveBeenCalledWith('album-123', { withAssets: true }); - expect(mocks.access.album.checkSharedLinkAccess).toHaveBeenCalledWith( - authStub.adminSharedLink.sharedLink?.id, - new Set(['album-123']), - ); + expect(mocks.album.getById).toHaveBeenCalledWith(album.id, { withAssets: true }); + expect(mocks.access.album.checkSharedLinkAccess).toHaveBeenCalledWith(auth.sharedLink!.id, new Set([album.id])); }); it('should get a shared album via shared with user', async () => { - mocks.album.getById.mockResolvedValue(albumStub.oneAsset); - mocks.access.album.checkSharedAlbumAccess.mockResolvedValue(new Set(['album-123'])); + const owner = factory.userAdmin(); + const user = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + mocks.album.getById.mockResolvedValue(album); + mocks.access.album.checkSharedAlbumAccess.mockResolvedValue(new Set([album.id])); mocks.album.getMetadataForIds.mockResolvedValue([ { - albumId: albumStub.oneAsset.id, + albumId: album.id, assetCount: 1, startDate: new Date('1970-01-01'), endDate: new Date('1970-01-01'), @@ -579,22 +726,23 @@ describe(AlbumService.name, () => { }, ]); - await sut.get(authStub.user1, 'album-123', {}); + await sut.get(factory.auth({ user }), album.id, {}); - expect(mocks.album.getById).toHaveBeenCalledWith('album-123', { withAssets: true }); + expect(mocks.album.getById).toHaveBeenCalledWith(album.id, { withAssets: true }); expect(mocks.access.album.checkSharedAlbumAccess).toHaveBeenCalledWith( - authStub.user1.user.id, - new Set(['album-123']), + user.id, + new Set([album.id]), AlbumUserRole.Viewer, ); }); it('should throw an error for no access', async () => { - await expect(sut.get(authStub.admin, 'album-123', {})).rejects.toBeInstanceOf(BadRequestException); + const auth = factory.auth(); + await expect(sut.get(auth, 'album-123', {})).rejects.toBeInstanceOf(BadRequestException); - expect(mocks.access.album.checkOwnerAccess).toHaveBeenCalledWith(authStub.admin.user.id, new Set(['album-123'])); + expect(mocks.access.album.checkOwnerAccess).toHaveBeenCalledWith(auth.user.id, new Set(['album-123'])); expect(mocks.access.album.checkSharedAlbumAccess).toHaveBeenCalledWith( - authStub.admin.user.id, + auth.user.id, new Set(['album-123']), AlbumUserRole.Viewer, ); @@ -603,173 +751,233 @@ describe(AlbumService.name, () => { describe('addAssets', () => { it('should allow the owner to add assets', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.oneAsset)); + const owner = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValue(album); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()); await expect( - sut.addAssets(authStub.admin, 'album-123', { ids: ['asset-1', 'asset-2', 'asset-3'] }), + sut.addAssets(factory.auth({ user: owner }), album.id, { ids: [asset1.id, asset2.id, asset3.id] }), ).resolves.toEqual([ - { success: true, id: 'asset-1' }, - { success: true, id: 'asset-2' }, - { success: true, id: 'asset-3' }, + { success: true, id: asset1.id }, + { success: true, id: asset2.id }, + { success: true, id: asset3.id }, ]); - expect(mocks.album.update).toHaveBeenCalledWith('album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenCalledWith(album.id, { + id: album.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); - expect(mocks.album.addAssetIds).toHaveBeenCalledWith('album-123', ['asset-1', 'asset-2', 'asset-3']); + expect(mocks.album.addAssetIds).toHaveBeenCalledWith(album.id, [asset1.id, asset2.id, asset3.id]); }); it('should not set the thumbnail if the album has one already', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep({ ...albumStub.empty, albumThumbnailAssetId: 'asset-id' })); + const owner = factory.userAdmin(); + const [asset1, asset2] = [factory.asset(), factory.asset()]; + const album = { + ...factory.album({ ownerId: owner.id, albumThumbnailAssetId: asset1.id }), + owner, + assets: [{ ...asset1, exifInfo: factory.exif() }], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset2.id])); + mocks.album.getById.mockResolvedValue(album); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()); - await expect(sut.addAssets(authStub.admin, 'album-123', { ids: ['asset-1'] })).resolves.toEqual([ - { success: true, id: 'asset-1' }, + await expect(sut.addAssets(factory.auth({ user: owner }), album.id, { ids: [asset2.id] })).resolves.toEqual([ + { success: true, id: asset2.id }, ]); - expect(mocks.album.update).toHaveBeenCalledWith('album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenCalledWith(album.id, { + id: album.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-id', + albumThumbnailAssetId: asset1.id, }); expect(mocks.album.addAssetIds).toHaveBeenCalled(); }); it('should allow a shared user to add assets', async () => { - mocks.access.album.checkSharedAlbumAccess.mockResolvedValue(new Set(['album-123'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.sharedWithUser)); + const owner = factory.userAdmin(); + const user = factory.user(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + mocks.access.album.checkSharedAlbumAccess.mockResolvedValue(new Set([album.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValue(album); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()); await expect( - sut.addAssets(authStub.user1, 'album-123', { ids: ['asset-1', 'asset-2', 'asset-3'] }), + sut.addAssets(factory.auth({ user }), album.id, { ids: [asset1.id, asset2.id, asset3.id] }), ).resolves.toEqual([ - { success: true, id: 'asset-1' }, - { success: true, id: 'asset-2' }, - { success: true, id: 'asset-3' }, + { success: true, id: asset1.id }, + { success: true, id: asset2.id }, + { success: true, id: asset3.id }, ]); - expect(mocks.album.update).toHaveBeenCalledWith('album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenCalledWith(album.id, { + id: album.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); - expect(mocks.album.addAssetIds).toHaveBeenCalledWith('album-123', ['asset-1', 'asset-2', 'asset-3']); + expect(mocks.album.addAssetIds).toHaveBeenCalledWith(album.id, [asset1.id, asset2.id, asset3.id]); expect(mocks.event.emit).toHaveBeenCalledWith('AlbumUpdate', { - id: 'album-123', - recipientId: 'admin_id', + id: album.id, + recipientId: owner.id, }); }); it('should not allow a shared user with viewer access to add assets', async () => { + const owner = factory.userAdmin(); + const user = factory.user(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Viewer }], + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; mocks.access.album.checkSharedAlbumAccess.mockResolvedValue(new Set()); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.sharedWithUser)); + mocks.album.getById.mockResolvedValue(album); await expect( - sut.addAssets(authStub.user2, 'album-123', { ids: ['asset-1', 'asset-2', 'asset-3'] }), + sut.addAssets(factory.auth({ user }), album.id, { ids: [asset1.id, asset2.id, asset3.id] }), ).rejects.toBeInstanceOf(BadRequestException); expect(mocks.album.update).not.toHaveBeenCalled(); }); it('should allow a shared link user to add assets', async () => { - mocks.access.album.checkSharedLinkAccess.mockResolvedValue(new Set(['album-123'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.oneAsset)); + const owner = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + const auth = factory.auth({ sharedLink: { allowUpload: true } }); + mocks.access.album.checkSharedLinkAccess.mockResolvedValue(new Set([album.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValue(album); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()); - await expect( - sut.addAssets(authStub.adminSharedLink, 'album-123', { ids: ['asset-1', 'asset-2', 'asset-3'] }), - ).resolves.toEqual([ - { success: true, id: 'asset-1' }, - { success: true, id: 'asset-2' }, - { success: true, id: 'asset-3' }, + await expect(sut.addAssets(auth, album.id, { ids: [asset1.id, asset2.id, asset3.id] })).resolves.toEqual([ + { success: true, id: asset1.id }, + { success: true, id: asset2.id }, + { success: true, id: asset3.id }, ]); - expect(mocks.album.update).toHaveBeenCalledWith('album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenCalledWith(album.id, { + id: album.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); - expect(mocks.album.addAssetIds).toHaveBeenCalledWith('album-123', ['asset-1', 'asset-2', 'asset-3']); + expect(mocks.album.addAssetIds).toHaveBeenCalledWith(album.id, [asset1.id, asset2.id, asset3.id]); - expect(mocks.access.album.checkSharedLinkAccess).toHaveBeenCalledWith( - authStub.adminSharedLink.sharedLink?.id, - new Set(['album-123']), - ); + expect(mocks.access.album.checkSharedLinkAccess).toHaveBeenCalledWith(auth.sharedLink?.id, new Set([album.id])); }); it('should allow adding assets shared via partner sharing', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.access.asset.checkPartnerAccess.mockResolvedValue(new Set(['asset-1'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.oneAsset)); + const owner = factory.userAdmin(); + const user = factory.user(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const asset = factory.asset({ ownerId: user.id }); + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.access.asset.checkPartnerAccess.mockResolvedValue(new Set([asset.id])); + mocks.album.getById.mockResolvedValue(album); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()); - await expect(sut.addAssets(authStub.admin, 'album-123', { ids: ['asset-1'] })).resolves.toEqual([ - { success: true, id: 'asset-1' }, + await expect(sut.addAssets(factory.auth({ user: owner }), album.id, { ids: [asset.id] })).resolves.toEqual([ + { success: true, id: asset.id }, ]); - expect(mocks.album.update).toHaveBeenCalledWith('album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenCalledWith(album.id, { + id: album.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset.id, }); - expect(mocks.access.asset.checkPartnerAccess).toHaveBeenCalledWith(authStub.admin.user.id, new Set(['asset-1'])); + expect(mocks.access.asset.checkPartnerAccess).toHaveBeenCalledWith(owner.id, new Set([asset.id])); }); it('should skip duplicate assets', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-id'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.oneAsset)); - mocks.album.getAssetIds.mockResolvedValueOnce(new Set(['asset-id'])); + const owner = factory.userAdmin(); + const asset = factory.asset(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + assets: [{ ...asset, exifInfo: factory.exif() }], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset.id])); + mocks.album.getById.mockResolvedValue(album); + mocks.album.getAssetIds.mockResolvedValueOnce(new Set([asset.id])); - await expect(sut.addAssets(authStub.admin, 'album-123', { ids: ['asset-id'] })).resolves.toEqual([ - { success: false, id: 'asset-id', error: BulkIdErrorReason.DUPLICATE }, + await expect(sut.addAssets(factory.auth({ user: owner }), album.id, { ids: [asset.id] })).resolves.toEqual([ + { success: false, id: asset.id, error: BulkIdErrorReason.DUPLICATE }, ]); expect(mocks.album.update).not.toHaveBeenCalled(); }); it('should skip assets not shared with user', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.album.getById.mockResolvedValue(albumStub.oneAsset); + const owner = factory.userAdmin(); + const asset = factory.asset(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()); - await expect(sut.addAssets(authStub.admin, 'album-123', { ids: ['asset-1'] })).resolves.toEqual([ - { success: false, id: 'asset-1', error: BulkIdErrorReason.NO_PERMISSION }, + await expect(sut.addAssets(factory.auth({ user: owner }), album.id, { ids: [asset.id] })).resolves.toEqual([ + { success: false, id: asset.id, error: BulkIdErrorReason.NO_PERMISSION }, ]); - expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith( - authStub.admin.user.id, - new Set(['asset-1']), - false, - ); - expect(mocks.access.asset.checkPartnerAccess).toHaveBeenCalledWith(authStub.admin.user.id, new Set(['asset-1'])); + expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith(owner.id, new Set([asset.id]), false); + expect(mocks.access.asset.checkPartnerAccess).toHaveBeenCalledWith(owner.id, new Set([asset.id])); }); it('should not allow unauthorized access to the album', async () => { - mocks.album.getById.mockResolvedValue(albumStub.oneAsset); + const owner = factory.userAdmin(); + const user = factory.user(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const asset = factory.asset({ ownerId: user.id }); + mocks.album.getById.mockResolvedValue(album); - await expect( - sut.addAssets(authStub.admin, 'album-123', { ids: ['asset-1', 'asset-2', 'asset-3'] }), - ).rejects.toBeInstanceOf(BadRequestException); + await expect(sut.addAssets(factory.auth({ user }), album.id, { ids: [asset.id] })).rejects.toBeInstanceOf( + BadRequestException, + ); expect(mocks.access.album.checkOwnerAccess).toHaveBeenCalled(); expect(mocks.access.album.checkSharedAlbumAccess).toHaveBeenCalled(); }); it('should not allow unauthorized shared link access to the album', async () => { - mocks.album.getById.mockResolvedValue(albumStub.oneAsset); + const owner = factory.userAdmin(); + const album = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const asset = factory.asset(); + mocks.album.getById.mockResolvedValue(album); await expect( - sut.addAssets(authStub.adminSharedLink, 'album-123', { ids: ['asset-1', 'asset-2', 'asset-3'] }), + sut.addAssets(factory.auth({ sharedLink: { allowUpload: true } }), album.id, { ids: [asset.id] }), ).rejects.toBeInstanceOf(BadRequestException); expect(mocks.access.album.checkSharedLinkAccess).toHaveBeenCalled(); @@ -778,133 +986,174 @@ describe(AlbumService.name, () => { describe('addAssetsToAlbums', () => { it('should allow the owner to add assets', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValueOnce(new Set(['album-123', 'album-321'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.empty)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.oneAsset)); + const owner = factory.userAdmin(); + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + mocks.access.album.checkOwnerAccess.mockResolvedValueOnce(new Set([album1.id, album2.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()).mockResolvedValueOnce(new Set()); await expect( - sut.addAssetsToAlbums(authStub.admin, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ user: owner }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: true, error: undefined }); expect(mocks.album.update).toHaveBeenCalledTimes(2); - expect(mocks.album.update).toHaveBeenNthCalledWith(1, 'album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenNthCalledWith(1, album1.id, { + id: album1.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); - expect(mocks.album.update).toHaveBeenNthCalledWith(2, 'album-321', { - id: 'album-321', + expect(mocks.album.update).toHaveBeenNthCalledWith(2, album2.id, { + id: album2.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); expect(mocks.album.addAssetIdsToAlbums).toHaveBeenCalledWith([ - { albumId: 'album-123', assetId: 'asset-1' }, - { albumId: 'album-123', assetId: 'asset-2' }, - { albumId: 'album-123', assetId: 'asset-3' }, - { albumId: 'album-321', assetId: 'asset-1' }, - { albumId: 'album-321', assetId: 'asset-2' }, - { albumId: 'album-321', assetId: 'asset-3' }, + { albumId: album1.id, assetId: asset1.id }, + { albumId: album1.id, assetId: asset2.id }, + { albumId: album1.id, assetId: asset3.id }, + { albumId: album2.id, assetId: asset1.id }, + { albumId: album2.id, assetId: asset2.id }, + { albumId: album2.id, assetId: asset3.id }, ]); }); it('should not set the thumbnail if the album has one already', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValueOnce(new Set(['album-123', 'album-321'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep({ ...albumStub.empty, albumThumbnailAssetId: 'asset-id' })) - .mockResolvedValueOnce(_.cloneDeep({ ...albumStub.oneAsset, albumThumbnailAssetId: 'asset-id' })); + const owner = factory.userAdmin(); + const asset = factory.asset(); + const album1 = { + ...factory.album({ ownerId: owner.id, albumThumbnailAssetId: asset.id }), + owner, + albumAssets: [asset], + }; + const album2 = { + ...factory.album({ ownerId: owner.id, albumThumbnailAssetId: asset.id }), + owner, + albumAssets: [asset], + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + mocks.access.album.checkOwnerAccess.mockResolvedValueOnce(new Set([album1.id, album2.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()).mockResolvedValueOnce(new Set()); await expect( - sut.addAssetsToAlbums(authStub.admin, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ user: owner }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: true, error: undefined }); expect(mocks.album.update).toHaveBeenCalledTimes(2); - expect(mocks.album.update).toHaveBeenNthCalledWith(1, 'album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenNthCalledWith(1, album1.id, { + id: album1.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-id', + albumThumbnailAssetId: asset.id, }); - expect(mocks.album.update).toHaveBeenNthCalledWith(2, 'album-321', { - id: 'album-321', + expect(mocks.album.update).toHaveBeenNthCalledWith(2, album2.id, { + id: album2.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-id', + albumThumbnailAssetId: asset.id, }); expect(mocks.album.addAssetIdsToAlbums).toHaveBeenCalledWith([ - { albumId: 'album-123', assetId: 'asset-1' }, - { albumId: 'album-123', assetId: 'asset-2' }, - { albumId: 'album-123', assetId: 'asset-3' }, - { albumId: 'album-321', assetId: 'asset-1' }, - { albumId: 'album-321', assetId: 'asset-2' }, - { albumId: 'album-321', assetId: 'asset-3' }, + { albumId: album1.id, assetId: asset1.id }, + { albumId: album1.id, assetId: asset2.id }, + { albumId: album1.id, assetId: asset3.id }, + { albumId: album2.id, assetId: asset1.id }, + { albumId: album2.id, assetId: asset2.id }, + { albumId: album2.id, assetId: asset3.id }, ]); }); it('should allow a shared user to add assets', async () => { - mocks.access.album.checkSharedAlbumAccess.mockResolvedValueOnce(new Set(['album-123', 'album-321'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithUser)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithMultiple)); + const owner = factory.userAdmin(); + const user = factory.user(); + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Editor }], + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + mocks.access.album.checkSharedAlbumAccess.mockResolvedValueOnce(new Set([album1.id, album2.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()).mockResolvedValueOnce(new Set()); await expect( - sut.addAssetsToAlbums(authStub.user1, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ user }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: true, error: undefined }); expect(mocks.album.update).toHaveBeenCalledTimes(2); - expect(mocks.album.update).toHaveBeenNthCalledWith(1, 'album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenNthCalledWith(1, album1.id, { + id: album1.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); - expect(mocks.album.update).toHaveBeenNthCalledWith(2, 'album-321', { - id: 'album-321', + expect(mocks.album.update).toHaveBeenNthCalledWith(2, album2.id, { + id: album2.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); expect(mocks.album.addAssetIdsToAlbums).toHaveBeenCalledWith([ - { albumId: 'album-123', assetId: 'asset-1' }, - { albumId: 'album-123', assetId: 'asset-2' }, - { albumId: 'album-123', assetId: 'asset-3' }, - { albumId: 'album-321', assetId: 'asset-1' }, - { albumId: 'album-321', assetId: 'asset-2' }, - { albumId: 'album-321', assetId: 'asset-3' }, + { albumId: album1.id, assetId: asset1.id }, + { albumId: album1.id, assetId: asset2.id }, + { albumId: album1.id, assetId: asset3.id }, + { albumId: album2.id, assetId: asset1.id }, + { albumId: album2.id, assetId: asset2.id }, + { albumId: album2.id, assetId: asset3.id }, ]); expect(mocks.event.emit).toHaveBeenCalledWith('AlbumUpdate', { - id: 'album-123', - recipientId: 'admin_id', + id: album1.id, + recipientId: owner.id, }); expect(mocks.event.emit).toHaveBeenCalledWith('AlbumUpdate', { - id: 'album-321', - recipientId: 'admin_id', + id: album2.id, + recipientId: owner.id, }); }); it('should not allow a shared user with viewer access to add assets', async () => { + const owner = factory.userAdmin(); + const user = factory.user(); + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Viewer }], + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + albumUsers: [{ user, role: AlbumUserRole.Viewer }], + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; mocks.access.album.checkSharedAlbumAccess.mockResolvedValueOnce(new Set()).mockResolvedValueOnce(new Set()); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithUser)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithAdmin)); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()).mockResolvedValueOnce(new Set()); await expect( - sut.addAssetsToAlbums(authStub.user2, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ user }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: false, @@ -915,125 +1164,162 @@ describe(AlbumService.name, () => { }); it('should not allow a shared link user to add assets to multiple albums', async () => { - mocks.access.album.checkSharedLinkAccess.mockResolvedValueOnce(new Set(['album-123'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithUser)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithMultiple)); + const owner = factory.userAdmin(); + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + mocks.access.album.checkSharedLinkAccess.mockResolvedValueOnce(new Set([album1.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()).mockResolvedValueOnce(new Set()); + const auth = factory.auth({ user: owner, sharedLink: { allowUpload: true } }); await expect( - sut.addAssetsToAlbums(authStub.adminSharedLink, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(auth, { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: true, error: undefined }); expect(mocks.album.update).toHaveBeenCalledTimes(1); - expect(mocks.album.update).toHaveBeenNthCalledWith(1, 'album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenNthCalledWith(1, album1.id, { + id: album1.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); expect(mocks.album.addAssetIdsToAlbums).toHaveBeenCalledWith([ - { albumId: 'album-123', assetId: 'asset-1' }, - { albumId: 'album-123', assetId: 'asset-2' }, - { albumId: 'album-123', assetId: 'asset-3' }, + { albumId: album1.id, assetId: asset1.id }, + { albumId: album1.id, assetId: asset2.id }, + { albumId: album1.id, assetId: asset3.id }, ]); - expect(mocks.event.emit).toHaveBeenCalledWith('AlbumUpdate', { - id: 'album-123', - recipientId: 'user-id', - }); expect(mocks.access.album.checkSharedLinkAccess).toHaveBeenCalledWith( - authStub.adminSharedLink.sharedLink?.id, - new Set(['album-123', 'album-321']), + auth.sharedLink?.id, + new Set([album1.id, album2.id]), ); }); it('should allow adding assets shared via partner sharing', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValueOnce(new Set(['album-123', 'album-321'])); - mocks.access.asset.checkPartnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.empty)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.oneAsset)); + const owner = factory.userAdmin(); + const user = factory.user(); + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const [asset1, asset2, asset3] = [ + factory.asset({ ownerId: user.id }), + factory.asset({ ownerId: user.id }), + factory.asset({ ownerId: user.id }), + ]; + mocks.access.album.checkOwnerAccess.mockResolvedValueOnce(new Set([album1.id, album2.id])); + mocks.access.asset.checkPartnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()).mockResolvedValueOnce(new Set()); await expect( - sut.addAssetsToAlbums(authStub.admin, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ user: owner }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: true, error: undefined }); expect(mocks.album.update).toHaveBeenCalledTimes(2); - expect(mocks.album.update).toHaveBeenNthCalledWith(1, 'album-123', { - id: 'album-123', + expect(mocks.album.update).toHaveBeenNthCalledWith(1, album1.id, { + id: album1.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); - expect(mocks.album.update).toHaveBeenNthCalledWith(2, 'album-321', { - id: 'album-321', + expect(mocks.album.update).toHaveBeenNthCalledWith(2, album2.id, { + id: album2.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); expect(mocks.album.addAssetIdsToAlbums).toHaveBeenCalledWith([ - { albumId: 'album-123', assetId: 'asset-1' }, - { albumId: 'album-123', assetId: 'asset-2' }, - { albumId: 'album-123', assetId: 'asset-3' }, - { albumId: 'album-321', assetId: 'asset-1' }, - { albumId: 'album-321', assetId: 'asset-2' }, - { albumId: 'album-321', assetId: 'asset-3' }, + { albumId: album1.id, assetId: asset1.id }, + { albumId: album1.id, assetId: asset2.id }, + { albumId: album1.id, assetId: asset3.id }, + { albumId: album2.id, assetId: asset1.id }, + { albumId: album2.id, assetId: asset2.id }, + { albumId: album2.id, assetId: asset3.id }, ]); expect(mocks.access.asset.checkPartnerAccess).toHaveBeenCalledWith( - authStub.admin.user.id, - new Set(['asset-1', 'asset-2', 'asset-3']), + owner.id, + new Set([asset1.id, asset2.id, asset3.id]), ); }); it('should skip some duplicate assets', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValueOnce(new Set(['album-123', 'album-321'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2', 'asset-3'])); + const owner = factory.userAdmin(); + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + albumAssets: [asset1, asset2, asset3], + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + mocks.access.album.checkOwnerAccess.mockResolvedValueOnce(new Set([album1.id, album2.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); mocks.album.getAssetIds - .mockResolvedValueOnce(new Set(['asset-1', 'asset-2', 'asset-3'])) + .mockResolvedValueOnce(new Set([asset1.id, asset2.id, asset3.id])) .mockResolvedValueOnce(new Set()); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.empty)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.oneAsset)); + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); await expect( - sut.addAssetsToAlbums(authStub.admin, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ user: owner }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: true, error: undefined }); expect(mocks.album.update).toHaveBeenCalledTimes(1); - expect(mocks.album.update).toHaveBeenNthCalledWith(1, 'album-321', { - id: 'album-321', + expect(mocks.album.update).toHaveBeenNthCalledWith(1, album2.id, { + id: album2.id, updatedAt: expect.any(Date), - albumThumbnailAssetId: 'asset-1', + albumThumbnailAssetId: asset1.id, }); expect(mocks.album.addAssetIdsToAlbums).toHaveBeenCalledWith([ - { albumId: 'album-321', assetId: 'asset-1' }, - { albumId: 'album-321', assetId: 'asset-2' }, - { albumId: 'album-321', assetId: 'asset-3' }, + { albumId: album2.id, assetId: asset1.id }, + { albumId: album2.id, assetId: asset2.id }, + { albumId: album2.id, assetId: asset3.id }, ]); }); it('should skip all duplicate assets', async () => { + const owner = factory.userAdmin(); + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + albumAssets: [asset1, asset2, asset3], + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + albumAssets: [asset1, asset2, asset3], + }; mocks.access.album.checkOwnerAccess - .mockResolvedValueOnce(new Set(['album-123'])) - .mockResolvedValueOnce(new Set(['album-321'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-1', 'asset-2'])); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.empty)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.oneAsset)); - mocks.album.getAssetIds.mockResolvedValue(new Set(['asset-1', 'asset-2'])); + .mockResolvedValueOnce(new Set([album1.id])) + .mockResolvedValueOnce(new Set([album2.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); + mocks.album.getAssetIds.mockResolvedValue(new Set([asset1.id, asset2.id, asset3.id])); await expect( - sut.addAssetsToAlbums(authStub.admin, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2'], + sut.addAssetsToAlbums(factory.auth({ user: owner }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: false, @@ -1045,18 +1331,31 @@ describe(AlbumService.name, () => { }); it('should skip assets not shared with user', async () => { + const owner = factory.userAdmin(); + const user = factory.user(); + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const [asset1, asset2, asset3] = [ + factory.asset({ ownerId: user.id }), + factory.asset({ ownerId: user.id }), + factory.asset({ ownerId: user.id }), + ]; mocks.access.album.checkSharedAlbumAccess - .mockResolvedValueOnce(new Set(['album-123'])) - .mockResolvedValueOnce(new Set(['album-321'])); - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithUser)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithMultiple)); + .mockResolvedValueOnce(new Set([album1.id])) + .mockResolvedValueOnce(new Set([album2.id])); + mocks.album.getById.mockResolvedValueOnce(_.cloneDeep(album1)).mockResolvedValueOnce(_.cloneDeep(album2)); mocks.album.getAssetIds.mockResolvedValueOnce(new Set()).mockResolvedValueOnce(new Set()); await expect( - sut.addAssetsToAlbums(authStub.admin, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ user: owner }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: false, @@ -1066,25 +1365,34 @@ describe(AlbumService.name, () => { expect(mocks.album.update).not.toHaveBeenCalled(); expect(mocks.album.addAssetIds).not.toHaveBeenCalled(); expect(mocks.access.asset.checkOwnerAccess).toHaveBeenCalledWith( - authStub.admin.user.id, - new Set(['asset-1', 'asset-2', 'asset-3']), + owner.id, + new Set([asset1.id, asset2.id, asset3.id]), false, ); expect(mocks.access.asset.checkPartnerAccess).toHaveBeenCalledWith( - authStub.admin.user.id, - new Set(['asset-1', 'asset-2', 'asset-3']), + owner.id, + new Set([asset1.id, asset2.id, asset3.id]), ); }); it('should not allow unauthorized access to the albums', async () => { - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithUser)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.sharedWithMultiple)); + const owner = factory.userAdmin(); + const user = factory.user(); + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); await expect( - sut.addAssetsToAlbums(authStub.admin, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ user }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: false, @@ -1098,14 +1406,22 @@ describe(AlbumService.name, () => { }); it('should not allow unauthorized shared link access to the album', async () => { - mocks.album.getById - .mockResolvedValueOnce(_.cloneDeep(albumStub.empty)) - .mockResolvedValueOnce(_.cloneDeep(albumStub.oneAsset)); + const owner = factory.userAdmin(); + const album1 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const album2 = { + ...factory.album({ ownerId: owner.id }), + owner, + }; + const [asset1, asset2, asset3] = [factory.asset(), factory.asset(), factory.asset()]; + mocks.album.getById.mockResolvedValueOnce(album1).mockResolvedValueOnce(album2); await expect( - sut.addAssetsToAlbums(authStub.adminSharedLink, { - albumIds: ['album-123', 'album-321'], - assetIds: ['asset-1', 'asset-2', 'asset-3'], + sut.addAssetsToAlbums(factory.auth({ sharedLink: { allowUpload: true } }), { + albumIds: [album1.id, album2.id], + assetIds: [asset1.id, asset2.id, asset3.id], }), ).resolves.toEqual({ success: false, @@ -1118,48 +1434,78 @@ describe(AlbumService.name, () => { describe('removeAssets', () => { it('should allow the owner to remove assets', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-id'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.oneAsset)); - mocks.album.getAssetIds.mockResolvedValue(new Set(['asset-id'])); + const owner = factory.userAdmin(); + const asset = factory.asset(); + const album = { + ...factory.album({ ownerId: owner.id, albumThumbnailAssetId: asset.id }), + owner, + albumAssets: [asset, factory.asset()], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset.id])); + mocks.album.getById.mockResolvedValue(album); + mocks.album.getAssetIds.mockResolvedValue(new Set([asset.id])); - await expect(sut.removeAssets(authStub.admin, 'album-123', { ids: ['asset-id'] })).resolves.toEqual([ - { success: true, id: 'asset-id' }, + await expect(sut.removeAssets(factory.auth({ user: owner }), album.id, { ids: [asset.id] })).resolves.toEqual([ + { success: true, id: asset.id }, ]); - expect(mocks.album.removeAssetIds).toHaveBeenCalledWith('album-123', ['asset-id']); + expect(mocks.album.removeAssetIds).toHaveBeenCalledWith(album.id, [asset.id]); }); it('should skip assets not in the album', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.empty)); + const owner = factory.userAdmin(); + const asset = factory.asset(); + const albumAsset = factory.asset(); + const album = { + ...factory.album({ ownerId: owner.id, albumThumbnailAssetId: albumAsset.id }), + owner, + albumAssets: [albumAsset], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); mocks.album.getAssetIds.mockResolvedValue(new Set()); - await expect(sut.removeAssets(authStub.admin, 'album-123', { ids: ['asset-id'] })).resolves.toEqual([ - { success: false, id: 'asset-id', error: BulkIdErrorReason.NOT_FOUND }, + await expect(sut.removeAssets(factory.auth({ user: owner }), album.id, { ids: [asset.id] })).resolves.toEqual([ + { success: false, id: asset.id, error: BulkIdErrorReason.NOT_FOUND }, ]); expect(mocks.album.update).not.toHaveBeenCalled(); }); it('should allow owner to remove all assets from the album', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.oneAsset)); - mocks.album.getAssetIds.mockResolvedValue(new Set(['asset-id'])); + const owner = factory.userAdmin(); + const asset = factory.asset(); + const album = { + ...factory.album({ ownerId: owner.id, albumThumbnailAssetId: asset.id }), + owner, + albumAssets: [asset], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.album.getById.mockResolvedValue(album); + mocks.album.getAssetIds.mockResolvedValue(new Set([asset.id])); - await expect(sut.removeAssets(authStub.admin, 'album-123', { ids: ['asset-id'] })).resolves.toEqual([ - { success: true, id: 'asset-id' }, + await expect(sut.removeAssets(factory.auth({ user: owner }), album.id, { ids: [asset.id] })).resolves.toEqual([ + { success: true, id: asset.id }, ]); }); it('should reset the thumbnail if it is removed', async () => { - mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set(['album-123'])); - mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set(['asset-id'])); - mocks.album.getById.mockResolvedValue(_.cloneDeep(albumStub.twoAssets)); - mocks.album.getAssetIds.mockResolvedValue(new Set(['asset-id'])); + const owner = factory.userAdmin(); + const asset1 = factory.asset(); + const asset2 = factory.asset(); + const album = { + ...factory.album({ ownerId: owner.id, albumThumbnailAssetId: asset1.id }), + owner, + albumAssets: [asset1, asset2], + }; + mocks.access.album.checkOwnerAccess.mockResolvedValue(new Set([album.id])); + mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set([asset1.id])); + mocks.album.getById.mockResolvedValue(album); + mocks.album.getAssetIds.mockResolvedValue(new Set([asset1.id, asset2.id])); - await expect(sut.removeAssets(authStub.admin, 'album-123', { ids: ['asset-id'] })).resolves.toEqual([ - { success: true, id: 'asset-id' }, + await expect(sut.removeAssets(factory.auth({ user: owner }), album.id, { ids: [asset1.id] })).resolves.toEqual([ + { success: true, id: asset1.id }, ]); expect(mocks.album.updateThumbnails).toHaveBeenCalled(); diff --git a/server/test/small.factory.ts b/server/test/small.factory.ts index 579da1a2d8..4169c6e9bd 100644 --- a/server/test/small.factory.ts +++ b/server/test/small.factory.ts @@ -1,5 +1,6 @@ import { Activity, + Album, ApiKey, AssetFace, AssetFile, @@ -23,6 +24,7 @@ import { AssetEditAction, AssetEditActionItem, MirrorAxis } from 'src/dtos/editi import { QueueStatisticsDto } from 'src/dtos/queue.dto'; import { AssetFileType, + AssetOrder, AssetStatus, AssetType, AssetVisibility, @@ -506,6 +508,24 @@ const personFactory = (person?: Partial): Person => ({ ...person, }); +const albumFactory = (album?: Partial>) => ({ + albumName: 'My Album', + albumThumbnailAssetId: null, + albumUsers: [], + assets: [], + createdAt: newDate(), + deletedAt: null, + description: 'Album description', + id: newUuid(), + isActivityEnabled: false, + order: AssetOrder.Desc, + ownerId: newUuid(), + sharedLinks: [], + updatedAt: newDate(), + updateId: newUuidV7(), + ...album, +}); + export const factory = { activity: activityFactory, apiKey: apiKeyFactory, @@ -532,6 +552,7 @@ export const factory = { person: personFactory, assetEdit: assetEditFactory, tag: tagFactory, + album: albumFactory, uuid: newUuid, buffer: () => Buffer.from('this is a fake buffer'), date: newDate,