feat: Add public album routes and enhance authorization checks for media and albums

libertas_api/src/services/album_service.rs

@@ -5,7 +5,7 @@ use chrono::Utc;
 use libertas_core::{
     authz::{self, Permission},
     error::{CoreError, CoreResult},
-    models::Album,
+    models::{Album, PublicAlbumBundle},
     repositories::{AlbumRepository, AlbumShareRepository},
     schema::{AddMediaToAlbumData, CreateAlbumData, ShareAlbumData, UpdateAlbumData},
     services::{AlbumService, AuthorizationService},
@@ -57,7 +57,7 @@ impl AlbumService for AlbumServiceImpl {
 
     async fn get_album_details(&self, album_id: Uuid, user_id: Uuid) -> CoreResult<Album> {
         self.auth_service
-            .check_permission(user_id, Permission::ViewAlbum(album_id))
+            .check_permission(Some(user_id), Permission::ViewAlbum(album_id))
             .await?;
 
         let album = self
@@ -71,12 +71,12 @@ impl AlbumService for AlbumServiceImpl {
 
     async fn add_media_to_album(&self, data: AddMediaToAlbumData, user_id: Uuid) -> CoreResult<()> {
         self.auth_service
-            .check_permission(user_id, Permission::AddToAlbum(data.album_id))
+            .check_permission(Some(user_id), Permission::AddToAlbum(data.album_id))
             .await?;
 
         for media_id in &data.media_ids {
             self.auth_service
-                .check_permission(*media_id, Permission::ViewMedia(*media_id))
+                .check_permission(Some(user_id), Permission::ViewMedia(*media_id))
                 .await?;
         }
 
@@ -91,7 +91,7 @@ impl AlbumService for AlbumServiceImpl {
 
     async fn share_album(&self, data: ShareAlbumData, owner_id: Uuid) -> CoreResult<()> {
         self.auth_service
-            .check_permission(owner_id, Permission::ShareAlbum(data.album_id))
+            .check_permission(Some(owner_id), Permission::ShareAlbum(data.album_id))
             .await?;
 
         if data.target_user_id == owner_id {
@@ -112,7 +112,7 @@ impl AlbumService for AlbumServiceImpl {
         data: UpdateAlbumData<'_>,
     ) -> CoreResult<Album> {
         self.auth_service
-            .check_permission(user_id, Permission::EditAlbum(album_id))
+            .check_permission(Some(user_id), Permission::EditAlbum(album_id))
             .await?;
 
         let mut album = self
@@ -150,9 +150,24 @@ impl AlbumService for AlbumServiceImpl {
 
     async fn delete_album(&self, album_id: Uuid, user_id: Uuid) -> CoreResult<()> {
         self.auth_service
-            .check_permission(user_id, Permission::DeleteAlbum(album_id))
+            .check_permission(Some(user_id), Permission::DeleteAlbum(album_id))
             .await?;
 
         self.album_repo.delete(album_id).await
     }
+
+    async fn get_public_album_bundle(&self, album_id: Uuid) -> CoreResult<PublicAlbumBundle> {
+        let album = self
+            .album_repo
+            .find_by_id(album_id)
+            .await?
+            .ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
+
+        if !album.is_public {
+            return Err(CoreError::Auth("Album is not public".to_string()));
+        }
+
+        let media = self.album_repo.list_media_by_album_id(album_id).await?;
+        Ok(PublicAlbumBundle { album, media })
+    }
 }