Moving photos from an admin album to an user one causes ownership errors #1187
Labels
bug
Something isn't working
Comments
|
I fixed my issue by changing the owner_id in the photos table to set the user as owner. |
ynsta
changed the title
|
Thanks for the report! This looks like a regression as I'm pretty sure that it used to work correctly in the past... Either way, we are in the middle of a major refactoring of our code (#1055) yet I can still reproduce it there. We will fix it on that branch which will eventually probably become Lychee 5.0 but unfortunately we are unlikely to make any more incremental 4.x releases at this point. |
nagmat84
added a commit
that referenced
this issue
Jan 13, 2022
* Added new provider for album authorisation * Re-used logic for smart album access from album itself * Removed reverse relation from base class to child class. * Migration renames `viewable` to `requires_link` * Corrected type of attribute `public` of class `Photo` * Complete overhaul of migration due to anoying bugs * Created class FakeModel to work around certain PHP restrictions related to inheritence and using traits. * Repaired upload check * Corrected documentation of method signature * Clean up of tests (missing/mismatching documentation, unused parameters, ...) * Fixed ForwardToParentImplementation for newly created models. * Fixed a bug. * Updated base and child classes such that attributes goes into the correct model. * Fixed bug in albums. * Corrected HTTP return codes * Fixed ownership update during move * Added support to eagerly load photos and sub-albums (if applicable) of an album. * Fixed authorization if no user is logged in. * Fixed eager loading for single models * Fixed returned JSON array. * Added missing method description * Fixed validation in album controller * Fixing more tests and silly bugs * Fixed password for unlock, return results of album controller and tests * Fixed deletion of album * Corrected filter queries for albums (queried properties are actually defined on base class) * Removed handler for model not found * Fixed return results. * Fixed referenced table in diagnostics * Clean up of tests * Beautification of Photo controller * Fixed caching bug * Cleanup of test * Fixed return type and comment * Fixed tests * Fixed installation test * Cleaned up notifications. * Added rules for IDs * Fixed a lot of tests. * Fixed name of DB column, fixed missing DB columns, fixed test. * Corrected spelling * Fixed photo test * Fixed test * Fixed user tests * All tests running again. * Converted taken_at_min and taken_at_max into a relation. * Revert "Converted taken_at_min and taken_at_max into a relation." This reverts commit cf75b97. * Added virtual attributes to TagAlbum * Fixed smart albums * Fixed Albums::getTree * Fixed type error for next and previous photo ID. * Fixed sharing * Fixed bug concerning owner_id * Fixed name of parameters for album sorting * Fixed photo sorting. * Fixed boolean for get position data. * Improved performance of AlbumAuthorisationProvider. * Improved performance of SQL queries * Created custom album query. * Fixed test for position data. * Removed unnessary trait after global scope of albums become query builder * Moved max-taken_at and min_taken_at to correct class. * Renaming of album related classes * Created class PhotoAuthorisationProvider and refactored other classes to use it. * Moved edit checks into correct classes. * Moved sorting logic to decorator. * Renamed attributes * Removed conflicting casts and get mutator * Added user agent for downloads initiated by PHP * Use correct rule for album IDs upon import * Updated front-end for correct import * Updated front-end * Fixed password input * Resolved some todos with respect to photo authorisation. * Resolved ToDo for TagAlbum * Performance improvement for Albums::get * Added downgrade migration. * Fixed migration. * Fixed migration anew. * Fixed downgrade migration. * And another fix. Grmpf. * I'm tired of PHP and Laravel which use fragile strings everywhere * Fixed a strange bug in an old migration. * Next try. * Why does an old migration suddenly fail?! * Why do we have NULL values for _lft, _rgt during migration?! * Fixes. * Fixed imgDirection --> img_direction and default value `description`. * Changed default for column `tags` due silly constraints on old MySQL versions. * Remove foreign constraint on downgrade * Removed more foreign constraints on downgrade. * Fixed bugs which do suprisingly not trigger a failed test for SQLite * Created new PhpStorm meta file * Fixed Archive::do * Fixed a strange error on PosgreSQL which resultet into unintended photo duplication. * Fixed migration. * Fixed typos discovered by @kamil4. * Added album query for browseable albums. * Fixed error in search * Fixed search restriction for admin * Modify the original album query, do not create a new one * Tentatively fixed incompatible types in API * Fixed table reference * Fixed search of unsorted albums for admin user. * Added forgotten commit * Reverted visbility filter * Fixed logic for maySeeUnsorted as pointed out by @kamil4. * Aliased inner join table. * Added a JOIN clause to check explicitly if the target album is accessible which is not checked, if the origin is also a target * Fixed browsability filter to check accessibility of origin. * Fixed accidental leakage of thumbnails of password-protected albums. * Fixed bug in migration script * Replaced ->whereHas with more efficient ->join * Turned thumbnails of real albums into a relation (query is wrong though) * Fixed query for HasAlbumThumb * Renamed column and table aliases to prepare merge with authorisation providers. * Removed unecessary boolean flag. * PhotoAuthorisationProvider only joins with necessary tables * Prepared Photo and AlbumAuthorizationProvider for HasAlbumThumb. * HasAlbumThumb uses AlbumAuthorizationProvider * Fixed HasAlbumThumb to only return thumbs of albums which are accessible. * Fixed two bugs which are only triggred by the MySQL tests of our CI. * A lot of fixes due to @kamil4 (mostly typos and spelling errors) * Revised architecture which avoids to re-implement parts of a model for smart albums * Moved identical methods from TagAlbum and Album to BaseAlbum. * Removed unnecessary code for album deletion which would only be required if we had mixed ownerships of albums, sub-albums and photos * Added optimization of autoloader to Github workflows * Fixed ordering of album thumb. * Migrated to our own fork of NestedSet * Fixed thumb relation for albums to honor explicitly set covers. * Fixed version of Spatie which cannot honor semantic versioning. * Synced front-end * Fixes due to comments by @ildyria and @kamil4. * Fixed a bug wrt. sorting Collection::sortBy does not re-sort the items in-place but returns a new sorted instance. * Fixed the previous fix. :-( * Moved migration to to end * Fixed migration. * Fixed bug with multiple appearing albums and photos. * Corrected comment. * Synced front-end * Merged migration script for photos and albums into a single migration script. * Removed unnessary `size_variants_raw` and replaced with customized relation * Workaround for randomly and strangly failing test on Github workflows. * Trivial renaming from `size_variant.size_variant` into `size_variant.type` to avoid confusion. * More consistent return values. * Sync changed front-end * Removed listener from photo and added code diretly to `delete` * Removed observer for photo and integrated logic for delete directly into photo. * Removed observer for SizeVariant and added code diretly to `delete. * Removed strange "Notifiable" trait from symbolic links. * Removed observer for symbolic link and moved to code directly into model. * Removed observer from HasTimeBasedID * Apply fixes from PHP-CS-Fixer (#1159) Co-authored-by: Matthias Nagel <matthias.h.nagel@posteo.de> Co-authored-by: github-actions[bot] <action@github.com> * Added some syntactic sugar introduced by PHP 8 * Fixed problem with new version of Spatie * MOved migration to end. * Fixed failing foreign key in migration script. * Fixed an old database migration script. * Fixes timestamps * update codecov.yml (#1158) * update codecov.yml * fix readme * Added random ID as primary key to photos and albums * Added some indices after analyzing @ildyria's sample database. * More fancy indices to speed up Lychee. * Fixed another error caused by this stupid Laravel Collections * Fixed console command to reset admin password. * Sorting according to upload/creation time uses column "created_at" not "id". * Fixed an overlooked test (why didn't it failed in previous runs?!) * Fixed some overlooked integer IDs * Fixed another overlooked, broken test * Bring some API aspects forward to avoid another migration. * Removed setting of SQL mode from migration. * Fixed some left overs which still assumed numeric IDs * Fix the restoring of explicit covers of albums * Added updated front-end. * Fixed bug which denied non-admin users with the upload right to create root albums. * Fixed bug such that admin sees thumbnails of albums of other users * Fixed grouping by owner for shared albums. * Apply suggestions from code review Co-authored-by: Benoît Viguier <ildyria@users.noreply.github.com> * Fixed a bug in the view controller. * Added redirection support for legacy IDs. * Fixed redirection test and cleanup of redirection code. * Added support for translation of legacy IDs by front-end * Synced with @kamil4's recent changes to the front-end * Made search results being sorted * Synced @kamil4's changes of the front-end. * Fixed issue with sorting of public albums wrt. to anonymous users. * Fixed bug which prevented uploading to root/unsorted. * Fixed bug which leaked unsorted photos. * Upgrade to timestamps with microsecond resolution. * Workaround for a silly Laravel bug in the migration. * Added id/time-conversion and made migration fancy * Set creation time of photos after upload not after processing. * Fixed tests due to more accurate timestamps * Allow null albumID for setAlbum and duplicate * fix timestamps for page_content * Fixed copy-to for root album. * Fixed foreign constraint when a cover photo is deleted. * Allow unprivilege users to unset album covers (i.e. use the `null` photo as cover) * Made migration a little bit more robust wrt. to a former Lychee bug * Fixed test case for photo duplication. * Allow uploading to the Recent smart album * Clean up the mess left by the front end * Support null albumID * Fixed missing sorting in case album uses default sorting. * Revert "Clean up the mess left by the front end" This reverts commit 3b5dc1c. * Synced front-end * Support to translate all legacy model IDs in a single request. * Sync with front-end * Only use SORT_NATURAL on string columns * Don't serialize owner_id * Support serializing default sorting and hiding it * Fix findWhereIDsIn for smart albums * Restore checking downloadable flag of parent album * Don't serialize owner_id of photos either * Fix the serialization of sorting info * Turn empty album description into null * Use the same sorting as Top * Fix #1187 * Synced front-end * Removed unnessary Laravel mutators for sortigng We have getEffectiveSorting[Column|Order] instead. * Fixed some type cast warnings * Fixed wrong configuration option in `getEffictiveSorting[Column|Order]` * Fix a crash with skip_duplicates enabled * Made album deletion mor robust. * Fixed album deletion bug. * Fixed a bug wrt. to skip duplicates. * Fix skip_duplicates for import from server * Fix ownership for album moves and merges * Fixed a bug when creating the tree of albums. * Fixed move-to and merge operations. * Save updates after auto-rotation * Reset file permissions on the original file * Added a missing `save` after adding a Google Motion Picture * Fix deleting Unsorted for non-admins * Reverted accidental change of checksum upon rotation + sync of front-end * Migrate ISO values * Fixed visibility of albums in tree. * Improved/extended checksum handling. * Enable redirection by default + sync of front-end. * DB version increased. Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <action@github.com> Co-authored-by: Benoît Viguier <ildyria@users.noreply.github.com> Co-authored-by: kamil4 <kamil.01482@iskra.name> Co-authored-by: ildyria <beviguier@gmail.com>
nagmat84
added a commit
that referenced
this issue
May 3, 2022
…refactoring) (#1217) * More clean-up work. * Fixed some left overs which still assumed numeric IDs * Added some comments. * Clean up or remaining controllers * Replaced unspecific exceptions by custom ones. * Fixed a fatal parsing error. * Turned Thumb into a DTO. * Middlewares cleaned up (in particular: delete unnecessarities) * Removed unused ReadCheck. * Fixed checks for sharing. * Fixed authorization of photo rotation and dropped unnessary UploadCheck * Cleaned up authorization for user controller. Added requirement for admin right to User::list, dropped unneccessary `login` middleware for get/set email. (AccessControll::user throws an unauthenticated exception anyway.) * Removed "login" middleware from WebAuth and dropped unnessery login middleware * Consolidated capitalization. * Suppress false IDE warnings * Consolidated middleware to check installation status * Made routes and route files more systematic * Sorted routes into their correct groups. * Repaired diagnostic. * Fixed JSON in test. * Fixed a bug in middleware InstallationStatus and ensured that it nevers happens again. * Fixed check IsInstalled: Must not rely on `installed.log`. * Added 'admin' middlewware to routes in 'api-admin'. * Fixed UseController and UserTest. * Fixed routes for albums and photos. * Fixed content problem for archive * Fixed URLs in tests * Added requirement to accept any content to achive API calls. * Made exception handler content aware. * Moved redirection and direct HTML responses out of middleware * Fixed two silly bugs * First fixes of front-end. * Fix the restoring of explicit covers of albums * Fixed a bug wrt. to skip duplicates. * Fixed photo uploading. * Added updated front-end. * Fixed bug which denied non-admin users with the upload right to create root albums. * Fixed bug such that admin sees thumbnails of albums of other users * Fixed grouping by owner for shared albums. * Apply suggestions from code review Co-authored-by: Benoît Viguier <ildyria@users.noreply.github.com> * Fixed a bug in the view controller. * Added redirection support for legacy IDs. * Fixed redirection test and cleanup of redirection code. * Added support for translation of legacy IDs by front-end * Synced with @kamil4's recent changes to the front-end * Made search results being sorted * Use our own template to report exceptions. * Work on import from server. * Synced @kamil4's changes of the front-end. * Fixed issue with sorting of public albums wrt. to anonymous users. * Fixed bug which prevented uploading to root/unsorted. * Fixed bug which leaked unsorted photos. * Upgrade to timestamps with microsecond resolution. * Workaround for a silly Laravel bug in the migration. * Added id/time-conversion and made migration fancy * Set creation time of photos after upload not after processing. * Fixed tests due to more accurate timestamps * Allow null albumID for setAlbum and duplicate * fix timestamps for page_content * Fixed copy-to for root album. * Fixed foreign constraint when a cover photo is deleted. * Allow unprivilege users to unset album covers (i.e. use the `null` photo as cover) * Made migration a little bit more robust wrt. to a former Lychee bug * Fixed test case for photo duplication. * Allow uploading to the Recent smart album * Clean up the mess left by the front end * Support null albumID * Fixed missing sorting in case album uses default sorting. * Revert "Clean up the mess left by the front end" This reverts commit 3b5dc1c. * Synced front-end * Support to translate all legacy model IDs in a single request. * Sync with front-end * Only use SORT_NATURAL on string columns * Don't serialize owner_id * Support serializing default sorting and hiding it * Fix findWhereIDsIn for smart albums * Restore checking downloadable flag of parent album * Don't serialize owner_id of photos either * Fix the serialization of sorting info * Turn empty album description into null * Use the same sorting as Top * Fix #1187 * Synced front-end * Removed unnessary Laravel mutators for sortigng We have getEffectiveSorting[Column|Order] instead. * Fixed some type cast warnings * Fixed wrong configuration option in `getEffictiveSorting[Column|Order]` * Fix a crash with skip_duplicates enabled * Made album deletion mor robust. * Fixed album deletion bug. * Fixed a bug wrt. to skip duplicates. * Fix skip_duplicates for import from server * Fix ownership for album moves and merges * Fixed a bug when creating the tree of albums. * Fixed move-to and merge operations. * Synced front-end. * Fixed silly syntax error * Synced front-end * Fixed Diagnostics and Logs. * Fixed GET-request for archives. * Tests consistently use `postJson` * Sorted routes alphabetically. * Cleaned up some of the mess around installation/upgrade/migration. * Always return proper and complete HTML for views. * Receive arrays as arrays (avoid stringification of arrays) * Fixed a comment. * Fixed API wrt. to front-end and synced front-end * Proper PHP 8 constants in Configs * Adopted unit tests to pass proper arrays and content type. * Fixed exception handler for installation. * Fixed access rights to diagnostics * Fixed silly oversight in middleware. * Removed unnecessary and problematic route. * Fixed init configuration returned by session controller. * Fixed achive for albums and photos * Synced front-end * Another silly bug. * Added forgotten dot `.` in array validation rules. * Tags are transmitted as proper arrays. * Sync front-end * Added authorization method for already loaded album model * Request to add album loads parent model early * Added authorization method for already loaded album model * Request to archive album loads model early * Added authorization method for already loaded album model * Request to delete albums loads model early * Request to get position data of albums loads model early * Cleaned up APIBaseRequest * Merge and Move album request load models eagerly * Added authorization method for already loaded photo model * Request to set album cover loads model early * Request to set album access, description, license, nsfw state load model early * All album related requests load models eagerly. * Some fixes for bugs identified by automatic testing. * All import related requests load models eagerly. * Add photo request loads models eagerly. * Archive photo request loads models eagerly. * Added authorization method for already loaded photo model * Duplicate photo request loads models eagerly. * Duplicate, get and move photo request load models eagerly. * Delete photo request loads models eagerly. * Rotate photo request loads models eagerly. * All photo requests load models eagerly. * View photo request loads model eagerly. * User requests load models eagerly. * Fixed type error * Fixed some bugs * Added 404 tests * Clean up of method names. * Clean up of exception messages. * Fixed HTTP result code for the unauthenticated case. * Fixed bug with wrong URL query parameter `p` * Synced front-end * Fixed password exception. * Synced front-end. * Fixed search and synced front-end. * Split smart and tag albums. * Synced front-end * Improved handling of sorting criterions * Fixed Lychee exception. * Fixed import from URL/dropbox and synced front-end. * Import/Exec uses proper exceptions now. * Added report function * Cleaned up report function. * Use report function of global handler during import. * Removed a lot of explicit log commands and added exceptions to image handlers. * Removed friendly model name. * Status reports for streamed response and synced front-end. * Removed an annoying log entry. * Slighlty improved deletion of albums. * Added dummy source map file to avoid exception logs in Lychee. * Improved exception if base album is not found. * Removed one issue reported by SonarCloud * Update app/Actions/Diagnostics/Configuration.php Co-authored-by: Benoît Viguier <ildyria@users.noreply.github.com> * Update app/Actions/Update/Apply.php Co-authored-by: Benoît Viguier <ildyria@users.noreply.github.com> * Update resources/views/logs/list.blade.php Co-authored-by: Benoît Viguier <ildyria@users.noreply.github.com> * Update app/Actions/Import/Exec.php Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Update app/Actions/Import/Exec.php Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Synced front-end * Added middleware for trusted proxies again. * Renamed "setPublic" to "setProtectionPolicy" and synced frontend. * Renamed "setStar" to "toggleStar". * Removed all unnecessary actions which were bloated wrappers around a single LOC. * Added reverse proxy configuration to .env file * Apply suggestions from code review Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Incorporated suggestions by @kamil4 from code review. * Update app/Http/Controllers/ImportController.php Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Rephrased a comment due to review by @kamil4. * Renamed method. * Fixed setNSWF due to review by @kamil4 * Cleaned up toggleStar for photos. * Apply suggestions from code review Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Update app/Http/Middleware/MigrationStatus.php Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Apply suggestions from code review Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Fixed comment as pointed out by @kamil4. * Apply suggestions from code review Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Apply suggestions from code review Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Update app/Rules/AlbumIDListRule.php Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Fixed an unnecessary type conversion and comment spotted by @kamil4. * Sync of frontend. * Added PhotoResyncedException to AddDuplicateStrategy * Ensure that Albums::get always returns a proper object for smart albums. * Added forgotten file * Synced frontend * Removed empty file. * update composer to use nested-set:^6 instead of version 5 * Fixed a missing blank. * Disable HTTP content zipping only for specific URLs * Synced front-end * Fixed error handler part 1. * Put exception handler on steriods. * Some minor fixes due to review comments. * Added a DTO for PositionData * Created DTO AlbumTree as suggested by @kamil4 * Fixed some IDE complains about wrong annotations for exceptions * Fixed settings and synced frontend * Make custom `toJson` clear the error message. * Fix github functions. * Fixed JsonRequestFunctions * Added a second, potential error message to the unit tests. * Fixed some already fixed errors again (probably a failed merge). * Fixed translation of legacy IDs * Sync of frontend. * Fixed detection of expired sessions. * Synced front-end after @kamil4's latest changes. * Added a dedicated exception for required password. * Update app/Exceptions/Handler.php Co-authored-by: Kamil Iskra <kamil.01482@iskra.name> * Put search results into a special `SearchAlbum` * Synced frontend * Synced frontend again. * Synced sub-module after merge into master Co-authored-by: kamil4 <kamil.01482@iskra.name> Co-authored-by: Benoît Viguier <ildyria@users.noreply.github.com> Co-authored-by: ildyria <beviguier@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Moving photos from an admin album to an user one causes ownership errors
Steps to reproduce the issue
Output of the diagnostics
Browser and system
Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0
The text was updated successfully, but these errors were encountered: