fix(server): tighten asset visibility (#18699)

* tighten visibility

* update sql

* elevated access util function

* fix potential sync issue

* include in user stats

* include hidden assets in size usage

* filter visibility in search duplicates query

* stack visibility

server/src/queries/activity.repository.sql

@@ -73,3 +73,4 @@ where
   and "activity"."albumId" = $2
   and "activity"."isLiked" = $3
   and "assets"."deletedAt" is null
+  and "assets"."visibility" != 'locked'

server/src/queries/album.repository.sql

@@ -80,6 +80,7 @@ select
         where
           "albums_assets_assets"."albumsId" = "albums"."id"
           and "assets"."deletedAt" is null
+          and "assets"."visibility" in ('archive', 'timeline')
         order by
           "assets"."fileCreatedAt" desc
       ) as "asset"
@@ -178,7 +179,8 @@ from
   "assets"
   inner join "albums_assets_assets" as "album_assets" on "album_assets"."assetsId" = "assets"."id"
 where
-  "album_assets"."albumsId" in ($1)
+  "assets"."visibility" in ('archive', 'timeline')
+  and "album_assets"."albumsId" in ($1)
   and "assets"."deletedAt" is null
 group by
   "album_assets"."albumsId"

server/src/queries/asset.job.repository.sql

@@ -186,8 +186,8 @@ from
   inner join "smart_search" on "assets"."id" = "smart_search"."assetId"
   inner join "asset_job_status" as "job_status" on "job_status"."assetId" = "assets"."id"
 where
-  "assets"."visibility" != $1
+  "assets"."deletedAt" is null
-  and "assets"."deletedAt" is null
+  and "assets"."visibility" in ('archive', 'timeline')
   and "job_status"."duplicatesDetectedAt" is null
 
 -- AssetJobRepository.streamForEncodeClip
@@ -349,7 +349,7 @@ from
       "assets" as "stacked"
     where
       "stacked"."deletedAt" is not null
-      and "stacked"."visibility" != $1
+      and "stacked"."visibility" = $1
       and "stacked"."stackId" = "asset_stack"."id"
     group by
       "asset_stack"."id"

server/src/queries/asset.repository.sql

@@ -130,7 +130,6 @@ select
 from
   "assets"
   left join "exif" on "assets"."id" = "exif"."assetId"
-  left join "asset_stack" on "asset_stack"."id" = "assets"."stackId"
 where
   "assets"."id" = any ($1::uuid[])
 
@@ -240,10 +239,7 @@ with
       "assets"
     where
       "assets"."deletedAt" is null
-      and (
+      and "assets"."visibility" in ('archive', 'timeline')
-        "assets"."visibility" = $1
-        or "assets"."visibility" = $2
-      )
   )
 select
   "timeBucket",
@@ -300,21 +296,14 @@ with
         where
           "stacked"."stackId" = "assets"."stackId"
           and "stacked"."deletedAt" is null
-          and "stacked"."visibility" != $1
+          and "stacked"."visibility" = $1
         group by
           "stacked"."stackId"
       ) as "stacked_assets" on true
     where
       "assets"."deletedAt" is null
-      and (
+      and "assets"."visibility" in ('archive', 'timeline')
-        "assets"."visibility" = $2
+      and date_trunc('MONTH', "localDateTime" at time zone 'UTC') at time zone 'UTC' = $2
-        or "assets"."visibility" = $3
-      )
-      and date_trunc('MONTH', "localDateTime" at time zone 'UTC') at time zone 'UTC' = $4
-      and (
-        "assets"."visibility" = $5
-        or "assets"."visibility" = $6
-      )
       and not exists (
         select
         from
@@ -374,10 +363,10 @@ with
           "exif"."assetId" = "assets"."id"
       ) as "asset" on true
     where
-      "assets"."ownerId" = $1::uuid
+      "assets"."visibility" in ('archive', 'timeline')
+      and "assets"."ownerId" = $1::uuid
       and "assets"."duplicateId" is not null
       and "assets"."deletedAt" is null
-      and "assets"."visibility" != $2
       and "assets"."stackId" is null
     group by
       "assets"."duplicateId"
@@ -388,12 +377,12 @@ with
     from
       "duplicates"
     where
-      json_array_length("assets") = $3
+      json_array_length("assets") = $2
   ),
   "removed_unique" as (
     update "assets"
     set
-      "duplicateId" = $4
+      "duplicateId" = $3
     from
       "unique"
     where

server/src/queries/person.repository.sql

@@ -182,27 +182,42 @@ from
   "asset_faces"
   left join "assets" on "assets"."id" = "asset_faces"."assetId"
   and "asset_faces"."personId" = $1
-  and "assets"."visibility" != $2
+  and "assets"."visibility" = 'timeline'
   and "assets"."deletedAt" is null
 where
   "asset_faces"."deletedAt" is null
 
 -- PersonRepository.getNumberOfPeople
 select
-  count(distinct ("person"."id")) as "total",
+  coalesce(count(*), 0) as "total",
-  count(distinct ("person"."id")) filter (
+  coalesce(
-    where
+    count(*) filter (
-      "person"."isHidden" = $1
+      where
+        "isHidden" = $1
+    ),
+    0
   ) as "hidden"
 from
   "person"
-  inner join "asset_faces" on "asset_faces"."personId" = "person"."id"
-  inner join "assets" on "assets"."id" = "asset_faces"."assetId"
-  and "assets"."deletedAt" is null
-  and "assets"."visibility" != $2
 where
-  "person"."ownerId" = $3
+  exists (
-  and "asset_faces"."deletedAt" is null
+    select
+    from
+      "asset_faces"
+    where
+      "asset_faces"."personId" = "person"."id"
+      and "asset_faces"."deletedAt" is null
+      and exists (
+        select
+        from
+          "assets"
+        where
+          "assets"."id" = "asset_faces"."assetId"
+          and "assets"."visibility" = 'timeline'
+          and "assets"."deletedAt" is null
+      )
+  )
+  and "person"."ownerId" = $2
 
 -- PersonRepository.refreshFaces
 with

server/src/queries/search.repository.sql

@@ -102,23 +102,23 @@ with
       "assets"
       inner join "smart_search" on "assets"."id" = "smart_search"."assetId"
     where
-      "assets"."ownerId" = any ($2::uuid[])
+      "assets"."visibility" in ('archive', 'timeline')
+      and "assets"."ownerId" = any ($2::uuid[])
       and "assets"."deletedAt" is null
-      and "assets"."visibility" != $3
+      and "assets"."type" = $3
-      and "assets"."type" = $4
+      and "assets"."id" != $4::uuid
-      and "assets"."id" != $5::uuid
       and "assets"."stackId" is null
     order by
       "distance"
     limit
-      $6
+      $5
   )
 select
   *
 from
   "cte"
 where
-  "cte"."distance" <= $7
+  "cte"."distance" <= $6
 commit
 
 -- SearchRepository.searchFaces
@@ -241,7 +241,7 @@ from
   inner join "assets" on "assets"."id" = "exif"."assetId"
 where
   "ownerId" = any ($1::uuid[])
-  and "visibility" != $2
+  and "visibility" = $2
   and "deletedAt" is null
   and "state" is not null
 
@@ -253,7 +253,7 @@ from
   inner join "assets" on "assets"."id" = "exif"."assetId"
 where
   "ownerId" = any ($1::uuid[])
-  and "visibility" != $2
+  and "visibility" = $2
   and "deletedAt" is null
   and "city" is not null
 
@@ -265,7 +265,7 @@ from
   inner join "assets" on "assets"."id" = "exif"."assetId"
 where
   "ownerId" = any ($1::uuid[])
-  and "visibility" != $2
+  and "visibility" = $2
   and "deletedAt" is null
   and "make" is not null
 
@@ -277,6 +277,6 @@ from
   inner join "assets" on "assets"."id" = "exif"."assetId"
 where
   "ownerId" = any ($1::uuid[])
-  and "visibility" != $2
+  and "visibility" = $2
   and "deletedAt" is null
   and "model" is not null

server/src/queries/stack.repository.sql

@@ -52,6 +52,7 @@ select
         where
           "assets"."deletedAt" is null
           and "assets"."stackId" = "asset_stack"."id"
+          and "assets"."visibility" in ('archive', 'timeline')
       ) as agg
   ) as "assets"
 from
@@ -135,6 +136,7 @@ select
         where
           "assets"."deletedAt" is null
           and "assets"."stackId" = "asset_stack"."id"
+          and "assets"."visibility" in ('archive', 'timeline')
       ) as agg
   ) as "assets"
 from

server/src/queries/user.repository.sql

@@ -290,7 +290,7 @@ order by
 select
   "users"."id" as "userId",
   "users"."name" as "userName",
-  "users"."quotaSizeInBytes" as "quotaSizeInBytes",
+  "users"."quotaSizeInBytes",
   count(*) filter (
     where
       (
@@ -335,9 +335,8 @@ select
 from
   "users"
   left join "assets" on "assets"."ownerId" = "users"."id"
+  and "assets"."deletedAt" is null
   left join "exif" on "exif"."assetId" = "assets"."id"
-where
-  "assets"."deletedAt" is null
 group by
   "users"."id"
 order by

server/src/repositories/activity.repository.ts

@@ -5,6 +5,7 @@ import { InjectKysely } from 'nestjs-kysely';
 import { columns } from 'src/database';
 import { Activity, DB } from 'src/db';
 import { DummyValue, GenerateSql } from 'src/decorators';
+import { AssetVisibility } from 'src/enum';
 import { asUuid } from 'src/utils/database';
 
 export interface ActivitySearch {
@@ -76,6 +77,7 @@ export class ActivityRepository {
       .where('activity.albumId', '=', albumId)
       .where('activity.isLiked', '=', false)
       .where('assets.deletedAt', 'is', null)
+      .where('assets.visibility', '!=', sql.lit(AssetVisibility.LOCKED))
       .executeTakeFirstOrThrow();
 
     return count;

server/src/repositories/album.repository.ts

@@ -6,6 +6,7 @@ import { columns, Exif } from 'src/database';
 import { Albums, DB } from 'src/db';
 import { Chunked, ChunkedArray, ChunkedSet, DummyValue, GenerateSql } from 'src/decorators';
 import { AlbumUserCreateDto } from 'src/dtos/album.dto';
+import { withDefaultVisibility } from 'src/utils/database';
 
 export interface AlbumAssetCount {
   albumId: string;
@@ -58,6 +59,7 @@ const withAssets = (eb: ExpressionBuilder<DB, 'albums'>) => {
         .innerJoin('albums_assets_assets', 'albums_assets_assets.assetsId', 'assets.id')
         .whereRef('albums_assets_assets.albumsId', '=', 'albums.id')
         .where('assets.deletedAt', 'is', null)
+        .$call(withDefaultVisibility)
         .orderBy('assets.fileCreatedAt', 'desc')
         .as('asset'),
     )
@@ -121,6 +123,7 @@ export class AlbumRepository {
     return (
       this.db
         .selectFrom('assets')
+        .$call(withDefaultVisibility)
         .innerJoin('albums_assets_assets as album_assets', 'album_assets.assetsId', 'assets.id')
         .select('album_assets.albumsId as albumId')
         .select((eb) => eb.fn.min(sql<Date>`("assets"."localDateTime" AT TIME ZONE 'UTC'::text)::date`).as('startDate'))

server/src/repositories/asset-job.repository.ts

@@ -11,6 +11,7 @@ import {
   anyUuid,
   asUuid,
   toJson,
+  withDefaultVisibility,
   withExif,
   withExifInner,
   withFaces,
@@ -140,9 +141,9 @@ export class AssetJobRepository {
     return this.db
       .selectFrom('assets')
       .select(['assets.id'])
-      .where('assets.visibility', '!=', AssetVisibility.HIDDEN)
       .where('assets.deletedAt', 'is', null)
       .innerJoin('smart_search', 'assets.id', 'smart_search.assetId')
+      .$call(withDefaultVisibility)
       .$if(!force, (qb) =>
         qb
           .innerJoin('asset_job_status as job_status', 'job_status.assetId', 'assets.id')
@@ -226,7 +227,7 @@ export class AssetJobRepository {
             .select(['asset_stack.id', 'asset_stack.primaryAssetId'])
             .select((eb) => eb.fn<Asset[]>('array_agg', [eb.table('stacked')]).as('assets'))
             .where('stacked.deletedAt', 'is not', null)
-            .where('stacked.visibility', '!=', AssetVisibility.ARCHIVE)
+            .where('stacked.visibility', '=', AssetVisibility.TIMELINE)
             .whereRef('stacked.stackId', '=', 'asset_stack.id')
             .groupBy('asset_stack.id')
             .as('stacked_assets'),

server/src/repositories/asset.repository.ts

@@ -300,7 +300,6 @@ export class AssetRepository {
       .select(withFacesAndPeople)
       .select(withTags)
       .$call(withExif)
-      .leftJoin('asset_stack', 'asset_stack.id', 'assets.stackId')
       .where('assets.id', '=', anyUuid(ids))
       .execute();
   }
@@ -523,8 +522,8 @@ export class AssetRepository {
       .selectFrom('assets')
       .selectAll('assets')
       .$call(withExif)
+      .$call(withDefaultVisibility)
       .where('ownerId', '=', anyUuid(userIds))
-      .where('visibility', '!=', AssetVisibility.HIDDEN)
       .where('deletedAt', 'is', null)
       .orderBy((eb) => eb.fn('random'))
       .limit(take)
@@ -634,8 +633,6 @@ export class AssetRepository {
           )
           .$if(!!options.personId, (qb) => hasPeople(qb, [options.personId!]))
           .$if(!!options.userIds, (qb) => qb.where('assets.ownerId', '=', anyUuid(options.userIds!)))
-          .$if(options.visibility == undefined, withDefaultVisibility)
-          .$if(!!options.visibility, (qb) => qb.where('assets.visibility', '=', options.visibility!))
           .$if(options.isFavorite !== undefined, (qb) => qb.where('assets.isFavorite', '=', options.isFavorite!))
           .$if(!!options.withStacked, (qb) =>
             qb
@@ -656,7 +653,7 @@ export class AssetRepository {
                     .select(sql`array[stacked."stackId"::text, count('stacked')::text]`.as('stack'))
                     .whereRef('stacked.stackId', '=', 'assets.stackId')
                     .where('stacked.deletedAt', 'is', null)
-                    .where('stacked.visibility', '!=', AssetVisibility.ARCHIVE)
+                    .where('stacked.visibility', '=', AssetVisibility.TIMELINE)
                     .groupBy('stacked.stackId')
                     .as('stacked_assets'),
                 (join) => join.onTrue(),
@@ -709,6 +706,7 @@ export class AssetRepository {
         .with('duplicates', (qb) =>
           qb
             .selectFrom('assets')
+            .$call(withDefaultVisibility)
             .leftJoinLateral(
               (qb) =>
                 qb
@@ -727,7 +725,6 @@ export class AssetRepository {
             .where('assets.duplicateId', 'is not', null)
             .$narrowType<{ duplicateId: NotNull }>()
             .where('assets.deletedAt', 'is', null)
-            .where('assets.visibility', '!=', AssetVisibility.HIDDEN)
             .where('assets.stackId', 'is', null)
             .groupBy('assets.duplicateId'),
         )

server/src/repositories/person.repository.ts

@@ -38,11 +38,6 @@ export interface PersonStatistics {
   assets: number;
 }
 
-export interface PeopleStatistics {
-  total: number;
-  hidden: number;
-}
-
 export interface DeleteFacesOptions {
   sourceType: SourceType;
 }
@@ -151,7 +146,7 @@ export class PersonRepository {
       .innerJoin('assets', (join) =>
         join
           .onRef('asset_faces.assetId', '=', 'assets.id')
-          .on('assets.visibility', '!=', AssetVisibility.ARCHIVE)
+          .on('assets.visibility', '=', sql.lit(AssetVisibility.TIMELINE))
           .on('assets.deletedAt', 'is', null),
       )
       .where('person.ownerId', '=', userId)
@@ -341,7 +336,7 @@ export class PersonRepository {
         join
           .onRef('assets.id', '=', 'asset_faces.assetId')
           .on('asset_faces.personId', '=', personId)
-          .on('assets.visibility', '!=', AssetVisibility.ARCHIVE)
+          .on('assets.visibility', '=', sql.lit(AssetVisibility.TIMELINE))
           .on('assets.deletedAt', 'is', null),
       )
       .select((eb) => eb.fn.count(eb.fn('distinct', ['assets.id'])).as('count'))
@@ -354,35 +349,31 @@ export class PersonRepository {
   }
 
   @GenerateSql({ params: [DummyValue.UUID] })
-  async getNumberOfPeople(userId: string): Promise<PeopleStatistics> {
+  getNumberOfPeople(userId: string) {
-    const items = await this.db
+    const zero = sql.lit(0);
+    return this.db
       .selectFrom('person')
-      .innerJoin('asset_faces', 'asset_faces.personId', 'person.id')
+      .where((eb) =>
+        eb.exists((eb) =>
+          eb
+            .selectFrom('asset_faces')
+            .whereRef('asset_faces.personId', '=', 'person.id')
+            .where('asset_faces.deletedAt', 'is', null)
+            .where((eb) =>
+              eb.exists((eb) =>
+                eb
+                  .selectFrom('assets')
+                  .whereRef('assets.id', '=', 'asset_faces.assetId')
+                  .where('assets.visibility', '=', sql.lit(AssetVisibility.TIMELINE))
+                  .where('assets.deletedAt', 'is', null),
+              ),
+            ),
+        ),
+      )
       .where('person.ownerId', '=', userId)
-      .where('asset_faces.deletedAt', 'is', null)
+      .select((eb) => eb.fn.coalesce(eb.fn.countAll<number>(), zero).as('total'))
-      .innerJoin('assets', (join) =>
+      .select((eb) => eb.fn.coalesce(eb.fn.countAll<number>().filterWhere('isHidden', '=', true), zero).as('hidden'))
-        join
+      .executeTakeFirstOrThrow();
-          .onRef('assets.id', '=', 'asset_faces.assetId')
-          .on('assets.deletedAt', 'is', null)
-          .on('assets.visibility', '!=', AssetVisibility.ARCHIVE),
-      )
-      .select((eb) => eb.fn.count(eb.fn('distinct', ['person.id'])).as('total'))
-      .select((eb) =>
-        eb.fn
-          .count(eb.fn('distinct', ['person.id']))
-          .filterWhere('person.isHidden', '=', true)
-          .as('hidden'),
-      )
-      .executeTakeFirst();
-
-    if (items == undefined) {
-      return { total: 0, hidden: 0 };
-    }
-
-    return {
-      total: Number(items.total),
-      hidden: Number(items.hidden),
-    };
   }
 
   create(person: Insertable<Person>) {

server/src/repositories/search.repository.ts

@@ -7,7 +7,7 @@ import { DummyValue, GenerateSql } from 'src/decorators';
 import { MapAsset } from 'src/dtos/asset-response.dto';
 import { AssetStatus, AssetType, AssetVisibility, VectorIndex } from 'src/enum';
 import { probes } from 'src/repositories/database.repository';
-import { anyUuid, asUuid, searchAssetBuilder } from 'src/utils/database';
+import { anyUuid, asUuid, searchAssetBuilder, withDefaultVisibility } from 'src/utils/database';
 import { paginationHelper } from 'src/utils/pagination';
 import { isValidInteger } from 'src/validation';
 
@@ -268,6 +268,7 @@ export class SearchRepository {
         .with('cte', (qb) =>
           qb
             .selectFrom('assets')
+            .$call(withDefaultVisibility)
             .select([
               'assets.id as assetId',
               'assets.duplicateId',
@@ -276,7 +277,6 @@ export class SearchRepository {
             .innerJoin('smart_search', 'assets.id', 'smart_search.assetId')
             .where('assets.ownerId', '=', anyUuid(userIds))
             .where('assets.deletedAt', 'is', null)
-            .where('assets.visibility', '!=', AssetVisibility.HIDDEN)
             .where('assets.type', '=', type)
             .where('assets.id', '!=', asUuid(assetId))
             .where('assets.stackId', 'is', null)
@@ -472,7 +472,7 @@ export class SearchRepository {
       .distinctOn(field)
       .innerJoin('assets', 'assets.id', 'exif.assetId')
       .where('ownerId', '=', anyUuid(userIds))
-      .where('visibility', '!=', AssetVisibility.HIDDEN)
+      .where('visibility', '=', AssetVisibility.TIMELINE)
       .where('deletedAt', 'is', null)
       .where(field, 'is not', null);
   }

server/src/repositories/stack.repository.ts

@@ -5,7 +5,7 @@ import { InjectKysely } from 'nestjs-kysely';
 import { columns } from 'src/database';
 import { AssetStack, DB } from 'src/db';
 import { DummyValue, GenerateSql } from 'src/decorators';
-import { asUuid } from 'src/utils/database';
+import { asUuid, withDefaultVisibility } from 'src/utils/database';
 
 export interface StackSearch {
   ownerId: string;
@@ -34,7 +34,8 @@ const withAssets = (eb: ExpressionBuilder<DB, 'asset_stack'>, withTags = false)
       )
       .select((eb) => eb.fn.toJson('exifInfo').as('exifInfo'))
       .where('assets.deletedAt', 'is', null)
-      .whereRef('assets.stackId', '=', 'asset_stack.id'),
+      .whereRef('assets.stackId', '=', 'asset_stack.id')
+      .$call(withDefaultVisibility),
   ).as('assets');
 };
 

server/src/repositories/user.repository.ts

@@ -210,9 +210,9 @@ export class UserRepository {
   getUserStats() {
     return this.db
       .selectFrom('users')
-      .leftJoin('assets', 'assets.ownerId', 'users.id')
+      .leftJoin('assets', (join) => join.onRef('assets.ownerId', '=', 'users.id').on('assets.deletedAt', 'is', null))
       .leftJoin('exif', 'exif.assetId', 'assets.id')
-      .select(['users.id as userId', 'users.name as userName', 'users.quotaSizeInBytes as quotaSizeInBytes'])
+      .select(['users.id as userId', 'users.name as userName', 'users.quotaSizeInBytes'])
       .select((eb) => [
         eb.fn
           .countAll<number>()
@@ -256,7 +256,6 @@ export class UserRepository {
           )
           .as('usageVideos'),
       ])
-      .where('assets.deletedAt', 'is', null)
       .groupBy('users.id')
       .orderBy('users.createdAt', 'asc')
       .execute();

server/src/services/asset.service.ts

@@ -17,11 +17,16 @@ import { AuthDto } from 'src/dtos/auth.dto';
 import { AssetStatus, AssetVisibility, JobName, JobStatus, Permission, QueueName } from 'src/enum';
 import { BaseService } from 'src/services/base.service';
 import { ISidecarWriteJob, JobItem, JobOf } from 'src/types';
+import { requireElevatedPermission } from 'src/utils/access';
 import { getAssetFiles, getMyPartnerIds, onAfterUnlink, onBeforeLink, onBeforeUnlink } from 'src/utils/asset.util';
 
 @Injectable()
 export class AssetService extends BaseService {
   async getStatistics(auth: AuthDto, dto: AssetStatsDto) {
+    if (dto.visibility === AssetVisibility.LOCKED) {
+      requireElevatedPermission(auth);
+    }
+
     const stats = await this.assetRepository.getStatistics(auth.user.id, dto);
     return mapStats(stats);
   }

server/src/services/search.service.ts

@@ -14,8 +14,9 @@ import {
   SearchSuggestionType,
   SmartSearchDto,
 } from 'src/dtos/search.dto';
-import { AssetOrder } from 'src/enum';
+import { AssetOrder, AssetVisibility } from 'src/enum';
 import { BaseService } from 'src/services/base.service';
+import { requireElevatedPermission } from 'src/utils/access';
 import { getMyPartnerIds } from 'src/utils/asset.util';
 import { isSmartSearchEnabled } from 'src/utils/misc';
 
@@ -40,9 +41,11 @@ export class SearchService extends BaseService {
   }
 
   async searchMetadata(auth: AuthDto, dto: MetadataSearchDto): Promise<SearchResponseDto> {
-    let checksum: Buffer | undefined;
+    if (dto.visibility === AssetVisibility.LOCKED) {
-    const userIds = await this.getUserIdsToSearch(auth);
+      requireElevatedPermission(auth);
+    }
 
+    let checksum: Buffer | undefined;
     if (dto.checksum) {
       const encoding = dto.checksum.length === 28 ? 'base64' : 'hex';
       checksum = Buffer.from(dto.checksum, encoding);
@@ -50,6 +53,7 @@ export class SearchService extends BaseService {
 
     const page = dto.page ?? 1;
     const size = dto.size || 250;
+    const userIds = await this.getUserIdsToSearch(auth);
     const { hasNextPage, items } = await this.searchRepository.searchMetadata(
       { page, size },
       {
@@ -64,12 +68,20 @@ export class SearchService extends BaseService {
   }
 
   async searchRandom(auth: AuthDto, dto: RandomSearchDto): Promise<AssetResponseDto[]> {
+    if (dto.visibility === AssetVisibility.LOCKED) {
+      requireElevatedPermission(auth);
+    }
+
     const userIds = await this.getUserIdsToSearch(auth);
     const items = await this.searchRepository.searchRandom(dto.size || 250, { ...dto, userIds });
     return items.map((item) => mapAsset(item, { auth }));
   }
 
   async searchSmart(auth: AuthDto, dto: SmartSearchDto): Promise<SearchResponseDto> {
+    if (dto.visibility === AssetVisibility.LOCKED) {
+      requireElevatedPermission(auth);
+    }
+
     const { machineLearning } = await this.getConfig({ withCache: false });
     if (!isSmartSearchEnabled(machineLearning)) {
       throw new BadRequestException('Smart search is not enabled');

server/src/services/timeline.service.ts

@@ -4,6 +4,7 @@ import { TimeBucketAssetDto, TimeBucketDto, TimeBucketsResponseDto } from 'src/d
 import { AssetVisibility, Permission } from 'src/enum';
 import { TimeBucketOptions } from 'src/repositories/asset.repository';
 import { BaseService } from 'src/services/base.service';
+import { requireElevatedPermission } from 'src/utils/access';
 import { getMyPartnerIds } from 'src/utils/asset.util';
 
 @Injectable()
@@ -44,6 +45,10 @@ export class TimelineService extends BaseService {
   }
 
   private async timeBucketChecks(auth: AuthDto, dto: TimeBucketDto) {
+    if (dto.visibility === AssetVisibility.LOCKED) {
+      requireElevatedPermission(auth);
+    }
+
     if (dto.albumId) {
       await this.requireAccess({ auth, permission: Permission.ALBUM_READ, ids: [dto.albumId] });
     } else {

server/src/utils/access.ts

@@ -304,3 +304,9 @@ const checkOtherAccess = async (access: AccessRepository, request: OtherAccessRe
     }
   }
 };
+
+export const requireElevatedPermission = (auth: AuthDto) => {
+  if (!auth.session?.hasElevatedPermission) {
+    throw new UnauthorizedException('Elevated permission is required');
+  }
+};

server/src/utils/database.ts

@@ -153,17 +153,12 @@ export function toJson<DB, TB extends keyof DB & string, T extends TB | Expressi
 }
 
 export const ASSET_CHECKSUM_CONSTRAINT = 'UQ_assets_owner_checksum';
-// TODO come up with a better query that only selects the fields we need
 
 export function withDefaultVisibility<O>(qb: SelectQueryBuilder<DB, 'assets', O>) {
-  return qb.where((qb) =>
+  return qb.where('assets.visibility', 'in', [sql.lit(AssetVisibility.ARCHIVE), sql.lit(AssetVisibility.TIMELINE)]);
-    qb.or([
-      qb('assets.visibility', '=', AssetVisibility.TIMELINE),
-      qb('assets.visibility', '=', AssetVisibility.ARCHIVE),
-    ]),
-  );
 }
 
+// TODO come up with a better query that only selects the fields we need
 export function withExif<O>(qb: SelectQueryBuilder<DB, 'assets', O>) {
   return qb
     .leftJoin('exif', 'assets.id', 'exif.assetId')