feat: enhance album and media management with update and delete functionalities

2025-11-02 18:46:26 +01:00
parent a36b59a5fb
commit 13bb9e6b3e
14 changed files with 334 additions and 43 deletions
--- a/libertas_api/src/services/album_service.rs
+++ b/libertas_api/src/services/album_service.rs
@@ -7,7 +7,7 @@ use libertas_core::{
    error::{CoreError, CoreResult},
    models::Album,
    repositories::{AlbumRepository, AlbumShareRepository, MediaRepository},
-    schema::{AddMediaToAlbumData, CreateAlbumData, ShareAlbumData},
+    schema::{AddMediaToAlbumData, CreateAlbumData, ShareAlbumData, UpdateAlbumData},
    services::AlbumService,
 };
 use uuid::Uuid;
@@ -139,4 +139,70 @@ impl AlbumService for AlbumServiceImpl {
            .create_or_update_share(data.album_id, data.target_user_id, data.permission)
            .await
    }
+
+    async fn update_album(
+        &self,
+        album_id: Uuid,
+        user_id: Uuid,
+        data: UpdateAlbumData<'_>,
+    ) -> CoreResult<Album> {
+        let mut album = self
+            .album_repo
+            .find_by_id(album_id)
+            .await?
+            .ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
+
+        let share_permission = self
+            .album_share_repo
+            .get_user_permission(album_id, user_id)
+            .await?;
+
+        if !authz::can_contribute_to_album(user_id, &album, share_permission) {
+            return Err(CoreError::Auth(
+                "User does not have permission to update this album".to_string(),
+            ));
+        }
+
+        if let Some(name) = data.name {
+            if name.is_empty() {
+                return Err(CoreError::Validation(
+                    "Album name cannot be empty".to_string(),
+                ));
+            }
+            album.name = name.to_string();
+        }
+
+        if let Some(description) = data.description {
+            album.description = description.map(|s| s.to_string());
+        }
+
+        if let Some(is_public) = data.is_public {
+            if !authz::is_owner(user_id, &album) && is_public {
+                return Err(CoreError::Auth(
+                    "Only the owner can make an album public".to_string(),
+                ));
+            }
+            album.is_public = is_public;
+        }
+
+        self.album_repo.update(album.clone()).await?;
+
+        Ok(album)
+    }
+
+    async fn delete_album(&self, album_id: Uuid, user_id: Uuid) -> CoreResult<()> {
+        let album = self
+            .album_repo
+            .find_by_id(album_id)
+            .await?
+            .ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
+
+        if !authz::is_owner(user_id, &album) {
+            return Err(CoreError::Auth(
+                "Only the album owner can delete the album".to_string(),
+            ));
+        }
+
+        self.album_repo.delete(album_id).await
+    }
 }