From 59094f80baea8d728127b46f2b862f55b29b6fcd Mon Sep 17 00:00:00 2001
From: androidlover5842 <androidlover5842@gmail.com>
Date: Tue, 27 Jan 2026 19:11:48 +0530
Subject: [PATCH] Make room images list public and fix tag schema

---
 .../config/RoomImageTagSchemaFix.kt           | 80 +++++++++++++++++++
 .../trisolarisserver/controller/RoomImages.kt |  2 -
 .../security/FirebaseAuthFilter.kt            |  1 +
 .../security/SecurityConfig.kt                |  1 +
 4 files changed, 82 insertions(+), 2 deletions(-)
 create mode 100644 src/main/kotlin/com/android/trisolarisserver/config/RoomImageTagSchemaFix.kt

diff --git a/src/main/kotlin/com/android/trisolarisserver/config/RoomImageTagSchemaFix.kt b/src/main/kotlin/com/android/trisolarisserver/config/RoomImageTagSchemaFix.kt
new file mode 100644
index 0000000..0223308
--- /dev/null
+++ b/src/main/kotlin/com/android/trisolarisserver/config/RoomImageTagSchemaFix.kt
@@ -0,0 +1,80 @@
+package com.android.trisolarisserver.config
+
+import org.slf4j.LoggerFactory
+import org.springframework.boot.ApplicationArguments
+import org.springframework.boot.ApplicationRunner
+import org.springframework.jdbc.core.JdbcTemplate
+import org.springframework.stereotype.Component
+
+@Component
+class RoomImageTagSchemaFix(
+    private val jdbcTemplate: JdbcTemplate
+) : ApplicationRunner {
+
+    private val logger = LoggerFactory.getLogger(RoomImageTagSchemaFix::class.java)
+
+    override fun run(args: ApplicationArguments) {
+        val version = jdbcTemplate.queryForObject("select version()", String::class.java) ?: return
+        if (!version.contains("PostgreSQL", ignoreCase = true)) {
+            return
+        }
+
+        val hasOldRoomImageId = jdbcTemplate.queryForObject(
+            """
+            select count(*)
+            from information_schema.columns
+            where table_name = 'room_image_tag'
+              and column_name = 'room_image_id'
+            """.trimIndent(),
+            Int::class.java
+        ) ?: 0
+
+        if (hasOldRoomImageId > 0) {
+            logger.info("Dropping legacy room_image_tag table")
+            jdbcTemplate.execute("drop table if exists room_image_tag cascade")
+        }
+
+        val hasRoomImageTag = jdbcTemplate.queryForObject(
+            """
+            select count(*)
+            from information_schema.tables
+            where table_name = 'room_image_tag'
+            """.trimIndent(),
+            Int::class.java
+        ) ?: 0
+
+        if (hasRoomImageTag == 0) {
+            logger.info("Creating room_image_tag table")
+            jdbcTemplate.execute(
+                """
+                create table room_image_tag (
+                  id uuid primary key,
+                  name text not null unique,
+                  created_at timestamptz not null
+                )
+                """.trimIndent()
+            )
+        }
+
+        val hasLink = jdbcTemplate.queryForObject(
+            """
+            select count(*)
+            from information_schema.tables
+            where table_name = 'room_image_tag_link'
+            """.trimIndent(),
+            Int::class.java
+        ) ?: 0
+
+        if (hasLink == 0) {
+            logger.info("Creating room_image_tag_link table")
+            jdbcTemplate.execute(
+                """
+                create table room_image_tag_link (
+                  room_image_id uuid not null,
+                  tag_id uuid not null
+                )
+                """.trimIndent()
+            )
+        }
+    }
+}
diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/RoomImages.kt b/src/main/kotlin/com/android/trisolarisserver/controller/RoomImages.kt
index 80afe90..7586edd 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/RoomImages.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/RoomImages.kt
@@ -54,8 +54,6 @@ class RoomImages(
         @PathVariable roomId: UUID,
         @AuthenticationPrincipal principal: MyPrincipal?
     ): List<RoomImageResponse> {
-        requirePrincipal(principal)
-        propertyAccess.requireMember(propertyId, principal!!.userId)
         ensureRoom(propertyId, roomId)
         return roomImageRepo.findByRoomIdOrdered(roomId)
             .map { it.toResponse(publicBaseUrl) }
diff --git a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt
index 6064425..38e1013 100644
--- a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt
@@ -26,6 +26,7 @@ class FirebaseAuthFilter(
             return true
         }
         return path.matches(Regex("^/properties/[^/]+/rooms/[^/]+/images/[^/]+/file$"))
+            || path.matches(Regex("^/properties/[^/]+/rooms/[^/]+/images$"))
             || path.matches(Regex("^/properties/[^/]+/room-types$"))
             || path == "/image-tags"
     }
diff --git a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
index 367c98d..afffff0 100644
--- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
@@ -27,6 +27,7 @@ class SecurityConfig(
             .authorizeHttpRequests {
                 it.requestMatchers("/", "/health", "/auth/**").permitAll()
                 it.requestMatchers("/properties/*/rooms/*/images/*/file").permitAll()
+                it.requestMatchers("/properties/*/rooms/*/images").permitAll()
                 it.requestMatchers("/properties/*/room-types").permitAll()
                 it.requestMatchers("/image-tags").permitAll()
                 it.anyRequest().authenticated()