getAlbumIfAllowed($uid, $albumId); // Check permission if (null === $album) { throw new \Exception("Album {$albumId} not found"); } // WHERE these are items with this album $query->innerJoin('m', 'photos_albums_files', 'paf', $query->expr()->andX( $query->expr()->eq('paf.album_id', $query->createNamedParameter($album['album_id'])), $query->expr()->eq('paf.file_id', 'm.fileid'), )); } /** Get list of albums */ public function getAlbums(string $uid, bool $shared = false) { $query = $this->connection->getQueryBuilder(); // SELECT everything from albums $count = $query->func()->count($query->createFunction('DISTINCT m.fileid'), 'count'); $query->select('pa.*', $count)->from('photos_albums', 'pa'); if ($shared) { $ids = $this->getSelfCollaborators($uid); $query->innerJoin('pa', $this->collaboratorsTable(), 'pc', $query->expr()->andX( $query->expr()->eq('pa.album_id', 'pc.album_id'), $query->expr()->in('pc.collaborator_id', $query->createNamedParameter($ids, IQueryBuilder::PARAM_STR_ARRAY)), )); } else { $query->where( $query->expr()->eq('user', $query->createNamedParameter($uid)), ); } // WHERE these are items with this album $query->leftJoin('pa', 'photos_albums_files', 'paf', $query->expr()->andX( $query->expr()->eq('paf.album_id', 'pa.album_id'), )); // WHERE these items are memories indexed photos $query->leftJoin('paf', 'memories', 'm', $query->expr()->eq('m.fileid', 'paf.file_id')); // WHERE these photos are in the filecache $query->leftJoin('m', 'filecache', 'f', $query->expr()->eq('m.fileid', 'f.fileid')); // GROUP and ORDER by $query->groupBy('pa.album_id'); $query->orderBy('pa.created', 'DESC'); $query->addOrderBy('pa.album_id', 'DESC'); // tie-breaker // FETCH all albums $albums = $query->executeQuery()->fetchAll(); // Post process foreach ($albums as &$row) { $row['album_id'] = (int) $row['album_id']; $row['created'] = (int) $row['created']; $row['last_added_photo'] = (int) $row['last_added_photo']; } return $albums; } /** * Convert days response to months response. * The dayId is used to group the days into months. */ public function daysToMonths(array &$days) { $months = []; foreach ($days as &$day) { $dayId = $day['dayid']; $time = $dayId * 86400; $monthid = strtotime(date('Ym', $time).'01') / 86400; if (empty($months) || $months[\count($months) - 1]['dayid'] !== $monthid) { $months[] = [ 'dayid' => $monthid, 'count' => 0, ]; } $months[\count($months) - 1]['count'] += $day['count']; } return $months; } /** Convert list of month IDs to list of dayIds */ public function monthIdToDayIds(int $monthId) { $dayIds = []; $firstDay = (int) $monthId; $lastDay = strtotime(date('Ymt', $firstDay * 86400)) / 86400; for ($i = $firstDay; $i <= $lastDay; ++$i) { $dayIds[] = (string) $i; } return $dayIds; } /** * Check if an album has a file. * * @return bool|string owner of file */ public function albumHasFile(int $albumId, int $fileId) { $query = $this->connection->getQueryBuilder(); $query->select('owner')->from('photos_albums_files')->where( $query->expr()->andX( $query->expr()->eq('file_id', $query->createNamedParameter($fileId, IQueryBuilder::PARAM_INT)), $query->expr()->eq('album_id', $query->createNamedParameter($albumId, IQueryBuilder::PARAM_INT)), ) ); return $query->executeQuery()->fetchOne(); } /** * Check if a file belongs to a user through an album. * * @return bool|string owner of file */ public function albumHasUserFile(string $uid, int $fileId) { $query = $this->connection->getQueryBuilder(); $query->select('paf.owner')->from('photos_albums_files', 'paf')->where( $query->expr()->andX( $query->expr()->eq('paf.file_id', $query->createNamedParameter($fileId, IQueryBuilder::PARAM_INT)), $query->expr()->orX( $query->expr()->eq('pa.album_id', 'paf.album_id'), $query->expr()->eq('pc.album_id', 'paf.album_id'), ), ) ); // Check if user-owned album or shared album $query->leftJoin('paf', 'photos_albums', 'pa', $query->expr()->andX( $query->expr()->eq('pa.album_id', 'paf.album_id'), $query->expr()->eq('pa.user', $query->createNamedParameter($uid)), )); // Join to shared album $ids = $this->getSelfCollaborators($uid); $query->leftJoin('paf', $this->collaboratorsTable(), 'pc', $query->expr()->andX( $query->expr()->eq('pc.album_id', 'paf.album_id'), $query->expr()->in('pc.collaborator_id', $query->createNamedParameter($ids, IQueryBuilder::PARAM_STR_ARRAY)), )); return $query->executeQuery()->fetchOne(); } /** * Get album if allowed. Also check if album is shared with user. * * @param string $uid UID of CURRENT user * @param string $albumId $user/$name where $user is the OWNER of the album */ public function getAlbumIfAllowed(string $uid, string $albumId) { $album = null; // Split name and uid $parts = explode('/', $albumId); if (2 === \count($parts)) { $albumUid = $parts[0]; $albumName = $parts[1]; // Check if owner $query = $this->connection->getQueryBuilder(); $query->select('*')->from('photos_albums')->where( $query->expr()->andX( $query->expr()->eq('name', $query->createNamedParameter($albumName)), $query->expr()->eq('user', $query->createNamedParameter($albumUid)), ) ); $album = $query->executeQuery()->fetch(); } // Album not found: it could be a link token at best if (!$album) { return $this->getAlbumByLink($albumId); } // Check if user is owner if ($albumUid === $uid) { return $album; } // Check in collaborators instead $albumNumId = (int) $album['album_id']; if ($this->userIsAlbumCollaborator($uid, $albumNumId)) { return $album; } return null; } /** * Check if user is a collaborator by numeric ID. * Also checks if a group is a collaborator. * Does not check if the user is the owner. * * @param string $uid User ID * @param int $albumId Album ID (numeric) */ public function userIsAlbumCollaborator(string $uid, int $albumId): bool { $query = $this->connection->getQueryBuilder(); $ids = $this->getSelfCollaborators($uid); $query->select('album_id')->from($this->collaboratorsTable())->where( $query->expr()->andX( $query->expr()->eq('album_id', $query->createNamedParameter($albumId, IQueryBuilder::PARAM_INT)), $query->expr()->in('collaborator_id', $query->createNamedParameter($ids, IQueryBuilder::PARAM_STR_ARRAY)), ) ); return false !== $query->executeQuery()->fetchOne(); } /** * Get album object by token. * Returns false if album link does not exist. */ public function getAlbumByLink(string $token) { $query = $this->connection->getQueryBuilder(); $query->select('*')->from('photos_albums', 'pa') ->innerJoin('pa', $this->collaboratorsTable(), 'pc', $query->expr()->andX( $query->expr()->eq('pc.album_id', 'pa.album_id'), $query->expr()->eq('collaborator_id', $query->createNamedParameter($token)), $query->expr()->eq('collaborator_type', $query->createNamedParameter(3)), // = TYPE_LINK )) ; return $query->executeQuery()->fetch() ?: null; } /** * Get list of photos in album. */ public function getAlbumPhotos(int $albumId, ?int $limit) { $query = $this->connection->getQueryBuilder(); $query->select('file_id')->from('photos_albums_files', 'paf')->where( $query->expr()->eq('album_id', $query->createNamedParameter($albumId, IQueryBuilder::PARAM_INT)) ); $query->innerJoin('paf', 'filecache', 'fc', $query->expr()->eq('fc.fileid', 'paf.file_id')); if (null !== $limit) { $query->setMaxResults($limit); } $result = $query->executeQuery()->fetchAll(); foreach ($result as &$row) { $row['fileid'] = (int) $row['file_id']; } return $result; } /** Get list of collaborator ids including user id and groups */ private function getSelfCollaborators(string $uid) { // Get groups for the user $groupManager = \OC::$server->get(\OCP\IGroupManager::class); $user = \OC::$server->get(\OCP\IUserManager::class)->get($uid); $groups = $groupManager->getUserGroupIds($user); // And albums shared with user $groups[] = $uid; return $groups; } /** Get the name of the collaborators table */ private function collaboratorsTable() { // https://github.com/nextcloud/photos/commit/20e3e61ad577014e5f092a292c90a8476f630355 $appManager = \OC::$server->get(\OCP\App\IAppManager::class); $photosVersion = $appManager->getAppVersion('photos'); if (version_compare($photosVersion, '2.0.1', '>=')) { return 'photos_albums_collabs'; } return 'photos_collaborators'; } }