Add owner_id check to resolve_hash_to_path

Filter asset references by owner visibility so the /view endpoint only resolves hashes for assets the requesting user can access. Adds table-driven tests for owner visibility cases. Amp-Thread-ID: https://ampcode.com/threads/T-019ce377-8bde-7048-bc28-a9df063409f9 Co-authored-by: Amp <amp@ampcode.com>
2026-03-13 09:10:12 +00:00 · 2026-03-12 13:03:47 -07:00
parent aa6bd95596
commit 6587a7394e
3 changed files with 52 additions and 3 deletions
--- a/app/assets/services/asset_management.py
+++ b/app/assets/services/asset_management.py
@@ -282,9 +282,13 @@ def list_assets_page(

 def resolve_hash_to_path(
    asset_hash: str,
+    owner_id: str = "",
 ) -> DownloadResolutionResult | None:
    """Resolve a blake3 hash to an on-disk file path.

+    Only references visible to *owner_id* are considered (owner-less
+    references are always visible).
+
    Returns a DownloadResolutionResult with abs_path, content_type, and
    download_name, or None if no asset or live path is found.
    """
@@ -293,11 +297,15 @@ def resolve_hash_to_path(
        if not asset:
            return None
        refs = list_references_by_asset_id(session, asset_id=asset.id)
-        abs_path = select_best_live_path(refs)
+        visible = [
+            r for r in refs
+            if r.owner_id == "" or r.owner_id == owner_id
+        ]
+        abs_path = select_best_live_path(visible)
        if not abs_path:
            return None
        display_name = os.path.basename(abs_path)
-        for ref in refs:
+        for ref in visible:
            if ref.file_path == abs_path and ref.name:
                display_name = ref.name
                break