From e388b708fe9d22b39e75ba548423a92f5a8f5e23 Mon Sep 17 00:00:00 2001
From: Christian McHugh <mchugh19@hotmail.com>
Date: Thu, 7 Dec 2023 18:31:29 +0000
Subject: [PATCH] Require user when querying album name from DB

Signed-off-by: Christian McHugh <mchugh19@hotmail.com>
---
 lib/Album/AlbumMapper.php          | 10 ++++++----
 lib/Command/AlbumAddCommand.php    |  2 +-
 lib/Command/AlbumCreateCommand.php |  2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/Album/AlbumMapper.php b/lib/Album/AlbumMapper.php
index 39537bbfe..c70c41182 100644
--- a/lib/Album/AlbumMapper.php
+++ b/lib/Album/AlbumMapper.php
@@ -113,16 +113,18 @@ public function getForUser(string $userId): array {
 	
 	/**
 	 * @param string $albumName
+	 * @param string $userName
 	 * @return AlbumInfo
 	 */
-	public function getByName(string $albumName): ?AlbumInfo {
+	public function getByName(string $albumName, string $userName): ?AlbumInfo {
 		$query = $this->connection->getQueryBuilder();
-		$query->select("album_id", "user", "location", "created", "last_added_photo")
+		$query->select("album_id", "location", "created", "last_added_photo")
 				->from("photos_albums")
-				->where($query->expr()->eq('name', $query->createNamedParameter($albumName)));
+				->where($query->expr()->eq('name', $query->createNamedParameter($albumName)))
+				->andWhere($query->expr()->eq('user', $query->createNamedParameter($userName)));
 		$row = $query->executeQuery()->fetch();
 		if ($row) {
-			return new AlbumInfo((int)$row['album_id'], $row['user'], $albumName, $row['location'], (int)$row['created'], (int)$row['last_added_photo']);
+			return new AlbumInfo((int)$row['album_id'], $userName, $albumName, $row['location'], (int)$row['created'], (int)$row['last_added_photo']);
 		} else {
 			return null;
 		}
diff --git a/lib/Command/AlbumAddCommand.php b/lib/Command/AlbumAddCommand.php
index 9ffa14332..3d62396c7 100644
--- a/lib/Command/AlbumAddCommand.php
+++ b/lib/Command/AlbumAddCommand.php
@@ -83,7 +83,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			return 1;
 		}
 
-		$album = $this->albumMapper->getByName($albumString);
+		$album = $this->albumMapper->getByName($albumString, $userString);
 		if (!$album) {
 			throw new \Exception("Album $albumString was not found");
 		}
diff --git a/lib/Command/AlbumCreateCommand.php b/lib/Command/AlbumCreateCommand.php
index 11a42b168..99053b3a2 100644
--- a/lib/Command/AlbumCreateCommand.php
+++ b/lib/Command/AlbumCreateCommand.php
@@ -71,7 +71,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 		}
 		$userID = $user->getUID();
 
-		$album = $this->albumMapper->getByName($albumString);
+		$album = $this->albumMapper->getByName($albumString, $userString);
 		if ($album) {
 			throw new \Exception("Album $albumString already exists and cannot be created.");
 		}