fix: remove from album

2026-04-28 12:13:09 -07:00 · 2026-04-08 21:10:06 -04:00
2 changed files with 1 additions and 13 deletions
--- a/server/src/services/album.service.ts
+++ b/server/src/services/album.service.ts
@@ -265,13 +265,11 @@ export class AlbumService extends BaseService {
  }

  async removeAssets(auth: AuthDto, id: string, dto: BulkIdsDto): Promise<BulkIdResponseDto[]> {
-    await this.requireAccess({ auth, permission: Permission.AlbumAssetDelete, ids: [id] });
-
    const album = await this.findOrFail(id, { withAssets: false });
    const results = await removeAssets(
      auth,
      { access: this.accessRepository, bulk: this.albumRepository },
-      { parentId: id, assetIds: dto.ids, canAlwaysRemove: Permission.AlbumDelete },
+      { parentId: id, assetIds: dto.ids, canAlwaysRemove: Permission.AlbumUpdate },
    );

    const removedIds = results.filter(({ success }) => success).map(({ id }) => id);
--- a/server/src/utils/access.ts
+++ b/server/src/utils/access.ts
@@ -223,16 +223,6 @@ const checkOtherAccess = async (access: AccessRepository, request: OtherAccessRe
      return setUnion(isOwner, isShared);
    }

-    case Permission.AlbumAssetDelete: {
-      const isOwner = await access.album.checkOwnerAccess(auth.user.id, ids);
-      const isShared = await access.album.checkSharedAlbumAccess(
-        auth.user.id,
-        setDifference(ids, isOwner),
-        AlbumUserRole.Editor,
-      );
-      return setUnion(isOwner, isShared);
-    }
-
    case Permission.AssetUpload: {
      return ids.has(auth.user.id) ? new Set([auth.user.id]) : new Set<string>();
    }