Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shared albums should not consider the require_link property. #1480

Merged
merged 11 commits into from
Sep 11, 2022
Merged

Shared albums should not consider the require_link property. #1480

merged 11 commits into from
Sep 11, 2022

Conversation

ildyria
Copy link
Member

@ildyria ildyria commented Aug 23, 2022

Fixes #1478

/**
 *  - the user is the admin, or
 *  - the user is the owner, or
 *  - the album does not require a direct link and is shared with the user, or
 *  - the album does not require a direct link, is public and has no password set, or
 *  - the album does not require a direct link, is public and has been unlocked
 */

After further thoughts, this is pretty counter intuitive. We should have fixed that one a long time ago. :)

@ildyria ildyria requested review from nagmat84 and a team August 23, 2022 10:02
@ildyria
Copy link
Member Author

ildyria commented Aug 23, 2022

I am not sure if I missed some other conditions.

@ildyria ildyria added the bug Something isn't working label Aug 23, 2022
@codecov
Copy link

codecov bot commented Aug 23, 2022
edited
Loading

Codecov Report

Merging #1480 (aa23932) into master (e18c16b) will decrease coverage by 0.76%.
The diff coverage is 100.00%.

nagmat84
nagmat84 requested changes Aug 23, 2022
View reviewed changes
Copy link
Collaborator

@nagmat84 nagmat84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You missed the conditions in line 82 and 360.

Moreover, I am in strong favor of tests which checks the new behavior. At the moment, we seem to have reached a point which is rather bug-free with respect to security issues (i.e. accidentally leaking a photo which should stay hidden). Any change in the SQL queries might break that and hence, tests would be wonderful.

Or we could just wait until #1462 is ready. As I detailed out in #1478 there might actually be other users who rely on exactly this feature, i.e. that albums can also be hidden from users with whom they are shared. (Although, I lack the imagination of a meaningful use-case for that.)

I am still wondering if we should make "hidden" a per-share option. @kamil4 raised the same question in #1357 (comment), 3rd bullet point. This being said, I am not sure, if we should change the behavior now or simply wait until #1462. At least, the implementation works as designed and intended.

app/Policies/AlbumQueryPolicy.php Show resolved Hide resolved
@ildyria ildyria marked this pull request as draft August 27, 2022 12:26
@ildyria ildyria added this to the 4.6.1 milestone Sep 6, 2022
@ildyria ildyria mentioned this pull request Sep 6, 2022
Merged
@ildyria ildyria requested review from nagmat84 and a team September 6, 2022 14:39
@ildyria ildyria marked this pull request as ready for review September 6, 2022 14:39
@ildyria
Copy link
Member Author

ildyria commented Sep 6, 2022
edited
Loading

As per requested finished the PR changes and added tests. :)

@ildyria ildyria closed this in #1510 Sep 6, 2022
@ildyria ildyria reopened this Sep 7, 2022
@ildyria
Copy link
Member Author

ildyria commented Sep 7, 2022
edited
Loading

IDK what happened O.o but this is definitively not something I wanted to close. :'D

@ildyria ildyria mentioned this pull request Sep 8, 2022
Merged
nagmat84
nagmat84 approved these changes Sep 11, 2022
View reviewed changes
Copy link
Collaborator

@nagmat84 nagmat84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but untested. I only checked all the boolean conditions in the query (which was difficult enough 😆) and could not spot any remaining error.

@ildyria I assume you have tested it yourself and found no regression?

@ildyria
Copy link
Member Author

ildyria commented Sep 11, 2022

@ildyria I assume you have tested it yourself and found no regression?

Yes.

@ildyria
Copy link
Member Author

ildyria commented Sep 11, 2022

Also the tests you added are making it pretty tight to create regressions :)

@ildyria ildyria merged commit ed4240e into master Sep 11, 2022
@ildyria ildyria deleted the fix-1478 branch September 11, 2022 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nagmat84 nagmat84 nagmat84 approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
4.6.1
2 participants
@ildyria @nagmat84