From 3d3b1f10c471fe3de504283beb1a41731c9c4b88 Mon Sep 17 00:00:00 2001
From: Michael Mayer <michael@photoprism.app>
Date: Fri, 7 Oct 2022 21:35:01 +0200
Subject: [PATCH] Sharing: Allow to search for photos in shared albums

Signed-off-by: Michael Mayer <michael@photoprism.app>
---
 frontend/src/component/navigation.vue | 29 ++++++++++++++-------------
 frontend/src/pages/album/photos.vue   |  3 ++-
 internal/search/photos.go             | 10 +++++----
 internal/search/photos_geo.go         | 10 +++++----
 4 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/frontend/src/component/navigation.vue b/frontend/src/component/navigation.vue
index 29aeba60b..fd99294d4 100644
--- a/frontend/src/component/navigation.vue
+++ b/frontend/src/component/navigation.vue
@@ -292,6 +292,20 @@
           </v-list-tile-content>
         </v-list-tile>
 
+        <v-list-tile v-if="isRestricted" v-show="$config.feature('places')" to="/states" class="nav-states" @click.stop="">
+          <v-list-tile-action :title="$gettext('States')">
+            <v-icon>near_me</v-icon>
+          </v-list-tile-action>
+
+          <v-list-tile-content>
+            <v-list-tile-title class="p-flex-menuitem" @click.stop="">
+              <translate key="States">States</translate>
+              <span v-show="config.count.states > 0"
+                    :class="`nav-count ${rtl ? '--rtl' : ''}`">{{ config.count.states | abbreviateCount }}</span>
+            </v-list-tile-title>
+          </v-list-tile-content>
+        </v-list-tile>
+
         <template v-if="canSearchPlaces">
         <v-list-tile v-if="isMini" v-show="canSearchPlaces && $config.feature('places')" :to="{ name: 'places' }" class="nav-places"
                      @click.stop="">
@@ -330,19 +344,6 @@
           </v-list-tile>
         </v-list-group>
         </template>
-        <v-list-tile v-else v-show="$config.feature('places')" to="/states" class="nav-states" @click.stop="">
-          <v-list-tile-action :title="$gettext('States')">
-            <v-icon>near_me</v-icon>
-          </v-list-tile-action>
-
-          <v-list-tile-content>
-            <v-list-tile-title class="p-flex-menuitem" @click.stop="">
-              <translate key="States">States</translate>
-              <span v-show="config.count.states > 0"
-                    :class="`nav-count ${rtl ? '--rtl' : ''}`">{{ config.count.states | abbreviateCount }}</span>
-            </v-list-tile-title>
-          </v-list-tile-content>
-        </v-list-tile>
 
         <v-list-tile v-show="$config.feature('labels')" to="/labels" class="nav-labels" @click.stop="">
           <v-list-tile-action :title="$gettext('Labels')">
@@ -683,7 +684,7 @@ export default {
       appNameSuffix = appNameParts.slice(1, 9).join(" ");
     }
 
-    const isRestricted= this.$config.deny("photos", "access_library");
+    const isRestricted = this.$config.deny("photos", "access_library");
 
     return {
       canSearchPlaces: this.$config.allow("places", "search"),
diff --git a/frontend/src/pages/album/photos.vue b/frontend/src/pages/album/photos.vue
index a0d3e6e91..3e6fd2ee0 100644
--- a/frontend/src/pages/album/photos.vue
+++ b/frontend/src/pages/album/photos.vue
@@ -81,6 +81,7 @@ export default {
       canEdit: this.$config.allow("photos", "update") && this.$config.feature("edit"),
       hasPlaces: this.$config.allow("places", "view") && this.$config.feature("places"),
       canSearchPlaces: this.$config.allow("places", "search") && this.$config.feature("places"),
+      canAccessLibrary: this.$config.allow("photos", "access_library"),
       subscriptions: [],
       listen: false,
       dirty: false,
@@ -176,7 +177,7 @@ export default {
         return;
       }
 
-      if (this.canSearchPlaces && photo.CellID && photo.CellID !== "zz") {
+      if (this.canAccessLibrary && photo.CellID && photo.CellID !== "zz") {
         this.$router.push({name: "places_query", params: {q: photo.CellID}});
       } else if (this.uid) {
         this.$router.push({name: "places_scope", params: {s: this.uid, q: photo.CellID}});
diff --git a/internal/search/photos.go b/internal/search/photos.go
index 3ef1e537a..30a6a2225 100644
--- a/internal/search/photos.go
+++ b/internal/search/photos.go
@@ -122,13 +122,15 @@ func searchPhotos(f form.SearchPhotos, sess *entity.Session, resultCols string)
 
 		// Limit results for external users.
 		if f.Scope == "" && acl.Resources.DenyAll(acl.ResourcePhotos, aclRole, acl.Permissions{acl.AccessAll, acl.AccessLibrary}) {
+			sharedAlbums := "photos.photo_uid IN (SELECT photo_uid FROM photos_albums WHERE hidden = 0 AND missing = 0 AND album_uid IN (?)) OR "
+
 			if sess.IsVisitor() || sess.NotRegistered() {
-				s = s.Where("photos.published_at > ?", entity.TimeStamp())
+				s = s.Where(sharedAlbums+"photos.published_at > ?", sess.SharedUIDs(), entity.TimeStamp())
 			} else if user.BasePath == "" {
-				s = s.Where("photos.created_by = ? OR photos.published_at > ?", user.UserUID, entity.TimeStamp())
+				s = s.Where(sharedAlbums+"photos.created_by = ? OR photos.published_at > ?", sess.SharedUIDs(), user.UserUID, entity.TimeStamp())
 			} else {
-				s = s.Where("photos.created_by = ? OR photos.published_at > ? OR photos.photo_path = ? OR photos.photo_path LIKE ?",
-					user.UserUID, entity.TimeStamp(), user.BasePath, user.BasePath+"/%")
+				s = s.Where(sharedAlbums+"photos.created_by = ? OR photos.published_at > ? OR photos.photo_path = ? OR photos.photo_path LIKE ?",
+					sess.SharedUIDs(), user.UserUID, entity.TimeStamp(), user.BasePath, user.BasePath+"/%")
 			}
 		}
 	}
diff --git a/internal/search/photos_geo.go b/internal/search/photos_geo.go
index d04d4c847..99c91ad9b 100644
--- a/internal/search/photos_geo.go
+++ b/internal/search/photos_geo.go
@@ -121,13 +121,15 @@ func UserPhotosGeo(f form.SearchPhotosGeo, sess *entity.Session) (results GeoRes
 
 		// Limit results for external users.
 		if f.Scope == "" && acl.Resources.DenyAll(acl.ResourcePlaces, aclRole, acl.Permissions{acl.AccessAll, acl.AccessLibrary}) {
+			sharedAlbums := "photos.photo_uid IN (SELECT photo_uid FROM photos_albums WHERE hidden = 0 AND missing = 0 AND album_uid IN (?)) OR "
+
 			if sess.IsVisitor() || sess.NotRegistered() {
-				s = s.Where("photos.published_at > ?", entity.TimeStamp())
+				s = s.Where(sharedAlbums+"photos.published_at > ?", sess.SharedUIDs(), entity.TimeStamp())
 			} else if user.BasePath == "" {
-				s = s.Where("photos.created_by = ? OR photos.published_at > ?", user.UserUID, entity.TimeStamp())
+				s = s.Where(sharedAlbums+"photos.created_by = ? OR photos.published_at > ?", sess.SharedUIDs(), user.UserUID, entity.TimeStamp())
 			} else {
-				s = s.Where("photos.created_by = ? OR photos.published_at > ? OR photos.photo_path = ? OR photos.photo_path LIKE ?",
-					user.UserUID, entity.TimeStamp(), user.BasePath, user.BasePath+"/%")
+				s = s.Where(sharedAlbums+"photos.created_by = ? OR photos.published_at > ? OR photos.photo_path = ? OR photos.photo_path LIKE ?",
+					sess.SharedUIDs(), user.UserUID, entity.TimeStamp(), user.BasePath, user.BasePath+"/%")
 			}
 		}
 	}