From c89ac5b5e500d36cd716c84e13b3f316feef636e Mon Sep 17 00:00:00 2001
From: Daimolean <92239625+wuzihao051119@users.noreply.github.com>
Date: Mon, 2 Jun 2025 09:58:07 +0800
Subject: [PATCH] fix(server): cannot share album to owner (#18802)

* fix(server): create shared album

* add test

* trigger ci

* resolve conversation
---
 e2e/src/api/specs/album.e2e-spec.ts       |  9 +++++++++
 server/src/services/album.service.spec.ts | 11 +++++++++++
 server/src/services/album.service.ts      |  4 ++++
 3 files changed, 24 insertions(+)

diff --git a/e2e/src/api/specs/album.e2e-spec.ts b/e2e/src/api/specs/album.e2e-spec.ts
index 65a94122fa9..eedf70dc58e 100644
--- a/e2e/src/api/specs/album.e2e-spec.ts
+++ b/e2e/src/api/specs/album.e2e-spec.ts
@@ -428,6 +428,15 @@ describe('/albums', () => {
         order: AssetOrder.Desc,
       });
     });
+
+    it('should not be able to share album with owner', async () => {
+      const { status, body } = await request(app)
+        .post('/albums')
+        .send({ albumName: 'New album', albumUsers: [{ role: AlbumUserRole.Editor, userId: user1.userId }] })
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('Cannot share album with owner'));
+    });
   });
 
   describe('PUT /albums/:id/assets', () => {
diff --git a/server/src/services/album.service.spec.ts b/server/src/services/album.service.spec.ts
index c2b792d0918..f3bb7d1d5c1 100644
--- a/server/src/services/album.service.spec.ts
+++ b/server/src/services/album.service.spec.ts
@@ -210,6 +210,17 @@ describe(AlbumService.name, () => {
         false,
       );
     });
+
+    it('should throw an error if the userId is the ownerId', async () => {
+      mocks.user.get.mockResolvedValue(userStub.admin);
+      await expect(
+        sut.create(authStub.admin, {
+          albumName: 'Empty album',
+          albumUsers: [{ userId: userStub.admin.id, role: AlbumUserRole.EDITOR }],
+        }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+      expect(mocks.album.create).not.toHaveBeenCalled();
+    });
   });
 
   describe('update', () => {
diff --git a/server/src/services/album.service.ts b/server/src/services/album.service.ts
index d4e6ab7ffd1..83d95355054 100644
--- a/server/src/services/album.service.ts
+++ b/server/src/services/album.service.ts
@@ -93,6 +93,10 @@ export class AlbumService extends BaseService {
       if (!exists) {
         throw new BadRequestException('User not found');
       }
+
+      if (userId == auth.user.id) {
+        throw new BadRequestException('Cannot share album with owner');
+      }
     }
 
     const allowedAssetIdsSet = await this.checkAccess({