From 73c5fcb2f7fec4b00421803a0f9df2023e14de9a Mon Sep 17 00:00:00 2001
From: ildyria <beviguier@gmail.com>
Date: Thu, 23 Apr 2026 21:53:29 +0200
Subject: [PATCH] Improved support gor group authorization for Album delete &
 edit operations

---
 app/Policies/AlbumPolicy.php | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/app/Policies/AlbumPolicy.php b/app/Policies/AlbumPolicy.php
index 79732fb013a..a33a6ba08e9 100644
--- a/app/Policies/AlbumPolicy.php
+++ b/app/Policies/AlbumPolicy.php
@@ -285,9 +285,11 @@ public function canDelete(User $user, ?AbstractAlbum $abstract_album = null): bo
 		if (
 			AccessPermission::query()
 			->where(APC::BASE_ALBUM_ID, '=', $abstract_album->parent_id)
-			->where(APC::USER_ID, '=', $user->id)
+			->where(fn ($query) => $query->where(APC::USER_ID, '=', $user->id)
+					->orWhereIn(APC::USER_GROUP_ID, $user->user_groups->pluck('id'))
+			)
 			->where(APC::GRANTS_DELETE, '=', true)
-			->count() === 1
+			->count() >= 1
 		) {
 			return true;
 		}
@@ -379,9 +381,13 @@ public function canEditById(User $user, array $album_ids): bool
 
 		if (
 			AccessPermission::query()
+			->select(APC::BASE_ALBUM_ID)
 			->whereIn(APC::BASE_ALBUM_ID, $album_ids)
-			->where(APC::USER_ID, '=', $user->id)
+			->where(fn ($query) => $query->where(APC::USER_ID, '=', $user->id)
+					->orWhereIn(APC::USER_GROUP_ID, $user->user_groups->pluck('id'))
+			)
 			->where(APC::GRANTS_EDIT, '=', true)
+			->distinct()
 			->count() === $num_albums
 		) {
 			return true;
@@ -430,9 +436,13 @@ public function canDeleteById(User $user, array $album_ids): bool
 
 		if (
 			AccessPermission::query()
+			->select(APC::BASE_ALBUM_ID)
 			->whereIn(APC::BASE_ALBUM_ID, $album_ids)
-			->where(APC::USER_ID, '=', $user->id)
+			->where(fn ($query) => $query->where(APC::USER_ID, '=', $user->id)
+					->orWhereIn(APC::USER_GROUP_ID, $user->user_groups->pluck('id'))
+			)
 			->where(APC::GRANTS_DELETE, '=', true)
+			->distinct()
 			->count() === $num_albums
 		) {
 			return true;