feat: Implement person and tag management services

- Added `Person` and `Tag` models to the core library.
- Created `PersonService` and `TagService` traits with implementations for managing persons and tags.
- Introduced repositories for `Person`, `Tag`, `FaceRegion`, and `PersonShare` with PostgreSQL support.
- Updated authorization logic to include permissions for accessing and editing persons.
- Enhanced the schema to support new models and relationships.
- Implemented database migrations for new tables related to persons and tags.
- Added request and response structures for API interactions with persons and tags.

libertas_api/src/services/mod.rs

@@ -1,3 +1,5 @@
 pub mod album_service;
 pub mod media_service;
 pub mod user_service;
+pub mod tag_service;
+pub mod person_service;

libertas_api/src/services/person_service.rs

@@ -0,0 +1,228 @@
+use std::sync::Arc;
+
+use async_trait::async_trait;
+use libertas_core::{authz, error::{CoreError, CoreResult}, models::{FaceRegion, Media, Person, PersonPermission}, repositories::{FaceRegionRepository, MediaRepository, PersonRepository, PersonShareRepository}, services::PersonService};
+use uuid::Uuid;
+
+pub struct PersonServiceImpl {
+    person_repo: Arc<dyn PersonRepository>,
+    face_repo: Arc<dyn FaceRegionRepository>,
+    media_repo: Arc<dyn MediaRepository>,
+    person_share_repo: Arc<dyn PersonShareRepository>,
+}
+
+impl PersonServiceImpl {
+    pub fn new(
+        person_repo: Arc<dyn PersonRepository>,
+        face_repo: Arc<dyn FaceRegionRepository>,
+        media_repo: Arc<dyn MediaRepository>,
+        person_share_repo: Arc<dyn PersonShareRepository>,
+    ) -> Self {
+        Self {
+            person_repo,
+            face_repo,
+            media_repo,
+            person_share_repo,
+        }
+    }
+
+    async fn get_and_authorize_person_owner(
+        &self,
+        person_id: Uuid,
+        user_id: Uuid,
+    ) -> CoreResult<Person> {
+        let person = self
+        .person_repo
+        .find_by_id(person_id)
+        .await?
+        .ok_or(CoreError::NotFound("Person".to_string(), person_id))?;
+
+        if person.owner_id != user_id {
+            return Err(CoreError::Auth(
+                "User must be the owner to perform this action".to_string(),
+            ));
+        }
+        
+        Ok(person)
+    }
+
+    async fn get_and_authorize_person_access(
+        &self,
+        person_id: Uuid,
+        user_id: Uuid,
+    ) -> CoreResult<Person> {
+        let person = self
+        .person_repo
+        .find_by_id(person_id)
+        .await?
+        .ok_or(CoreError::NotFound("Person".to_string(), person_id))?;
+
+        let share_permission = self.person_share_repo.get_user_permission(person_id, user_id).await?;
+
+        if !authz::can_access_person(user_id, &person, share_permission) {
+           return Err(CoreError::Auth(
+                "User does not have permission to access this person".to_string(),
+            ));
+        }
+
+        Ok(person)
+    }
+
+    async fn get_and_authorize_person_usage(
+        &self,
+        person_id: Uuid,
+        user_id: Uuid,
+    ) -> CoreResult<Person> {
+        let person = self
+        .person_repo
+        .find_by_id(person_id)
+        .await?
+        .ok_or(CoreError::NotFound("Person".to_string(), person_id))?;
+
+        let share_permission = self.person_share_repo.get_user_permission(person_id, user_id).await?;
+
+        if !authz::can_edit_person(user_id, &person, share_permission) {
+           return Err(CoreError::Auth(
+                "User does not have permission to use this person".to_string(),
+            ));
+        }
+
+        Ok(person)
+    }
+
+    async fn authorize_media_access(
+        &self,
+        media_id: Uuid,
+        user_id: Uuid,
+    ) -> CoreResult<Media> {
+        let media = self.media_repo.find_by_id(media_id).await?.ok_or(CoreError::NotFound("Media".to_string(), media_id))?;
+
+        if !authz::is_owner(user_id, &media) {
+           return Err(CoreError::Auth(
+                "User does not have permission to access this media".to_string(),
+            ));
+        }
+
+        Ok(media)
+    }
+}
+
+#[async_trait]
+impl PersonService for PersonServiceImpl {
+    async fn create_person(
+        &self,
+        name: &str,
+        owner_id: Uuid,
+    ) -> CoreResult<Person> {
+        let person = Person {
+            id: Uuid::new_v4(),
+            owner_id,
+            name: name.to_string(),
+            thumbnail_media_id: None,
+        };
+
+        self.person_repo.create(person.clone()).await?;
+
+        Ok(person)
+    }
+
+    async fn get_person(&self, person_id: Uuid, user_id: Uuid) -> CoreResult<Person> {
+        self.get_and_authorize_person_access(person_id, user_id).await
+    }
+
+    async fn list_people(&self, user_id: Uuid) -> CoreResult<Vec<Person>> {
+        let mut owned_people = self.person_repo.list_by_user(user_id).await?;
+
+        let shared_people_with_perms = self
+        .person_share_repo
+        .list_people_shared_with_user(user_id)
+        .await?;
+
+        let shared_people = shared_people_with_perms
+        .into_iter()
+        .map(|(person, _permission)| person)
+        .collect::<Vec<Person>>();
+
+        owned_people.extend(shared_people);
+
+        Ok(owned_people)
+    }
+
+    async fn update_person(
+        &self,
+        person_id: Uuid,
+        name: &str,
+        user_id: Uuid,
+    ) -> CoreResult<Person> {
+        let mut person = self.get_and_authorize_person_owner(person_id, user_id).await?;
+        person.name = name.to_string();
+        self.person_repo.update(person.clone()).await?;
+        Ok(person)
+    }
+
+    async fn delete_person(&self, person_id: Uuid, user_id: Uuid) -> CoreResult<()> {
+        self.get_and_authorize_person_owner(person_id, user_id).await?;
+        self.person_repo.delete(person_id).await
+    }
+
+    async fn assign_face_to_person(
+        &self,
+        face_region_id: Uuid,
+        person_id: Uuid,
+        user_id: Uuid,
+    ) -> CoreResult<FaceRegion> {
+        self.get_and_authorize_person_usage(person_id, user_id).await?;
+
+        let mut face = self
+        .face_repo
+        .find_by_id(face_region_id)
+        .await?
+        .ok_or(CoreError::NotFound("FaceRegion".to_string(), face_region_id))?;
+
+        self.authorize_media_access(face.media_id, user_id).await?;
+
+        self.face_repo
+            .update_person_id(face_region_id, person_id)
+            .await?;
+        face.person_id = Some(person_id);
+
+        Ok(face)
+    }
+
+    async fn list_faces_for_media(
+        &self,
+        media_id: Uuid,
+        user_id: Uuid,
+    ) -> CoreResult<Vec<FaceRegion>> {
+        self.authorize_media_access(media_id, user_id).await?;
+
+        self.face_repo.find_by_media_id(media_id).await
+    }
+
+    async fn share_person(
+        &self,
+        person_id: Uuid,
+        target_user_id: Uuid,
+        permission: PersonPermission,
+        owner_id: Uuid,
+    ) -> CoreResult<()> {
+        self.get_and_authorize_person_owner(person_id, owner_id).await?;
+
+        self.person_share_repo
+            .create_or_update_share(person_id, target_user_id, permission)
+            .await
+    }
+
+    async fn unshare_person(
+        &self,
+        person_id: Uuid,
+        target_user_id: Uuid,
+        owner_id: Uuid,
+    ) -> CoreResult<()> {
+        self.get_and_authorize_person_owner(person_id, owner_id).await?;
+
+        self.person_share_repo
+            .remove_share(person_id, target_user_id)
+            .await
+    }
+}

libertas_api/src/services/tag_service.rs

@@ -0,0 +1,92 @@
+use std::sync::Arc;
+
+use async_trait::async_trait;
+use libertas_core::{authz, error::{CoreError, CoreResult}, models::{Media, Tag}, repositories::{MediaRepository, TagRepository}, services::TagService};
+use uuid::Uuid;
+
+pub struct TagServiceImpl {
+    tag_repo: Arc<dyn TagRepository>,
+    media_repo: Arc<dyn MediaRepository>,
+}
+
+impl TagServiceImpl {
+    pub fn new(
+        tag_repo: Arc<dyn TagRepository>,
+        media_repo: Arc<dyn MediaRepository>,
+    ) -> Self {
+        Self {
+            tag_repo,
+            media_repo,
+        }
+    }
+
+    async fn authorize_media_access(
+        &self,
+        media_id: Uuid,
+        user_id: Uuid,
+    ) -> CoreResult<Media> {
+        let media = self.media_repo.find_by_id(media_id).await?.ok_or(CoreError::NotFound("Media".to_string(), media_id))?;
+
+        if !authz::is_owner(user_id, &media) {
+           return Err(CoreError::Auth(
+                "User does not have permission to access this media".to_string(),
+            ));
+        }
+
+        Ok(media)
+    }
+}
+
+#[async_trait]
+impl TagService for TagServiceImpl {
+    async fn add_tags_to_media(
+        &self,
+        media_id: Uuid,
+        tag_names: &[String],
+        user_id: Uuid,
+
+    ) -> CoreResult<Vec<Tag>> {
+        self.authorize_media_access(media_id, user_id).await?;
+
+        let mut tag_ids = Vec::new();
+        let tags = self.tag_repo.find_or_create_tags(tag_names).await?;
+        for tag in &tags {
+            tag_ids.push(tag.id);
+        }
+
+        self.tag_repo.add_tags_to_media(media_id, &tag_ids).await?;
+
+        Ok(tags)
+    }
+
+    async fn remove_tags_from_media(
+        &self,
+        media_id: Uuid,
+        tag_names: &[String],
+        user_id: Uuid,
+    ) -> CoreResult<()> {
+        self.authorize_media_access(media_id, user_id).await?;
+
+        let tags = self.tag_repo.find_or_create_tags(tag_names).await?;
+        let mut tag_ids = Vec::new();
+        for tag in &tags {
+            tag_ids.push(tag.id);
+        }
+
+        self.tag_repo.remove_tags_from_media(media_id, &tag_ids).await?;
+
+        Ok(())
+    }
+
+    async fn list_tags_for_media(
+        &self,
+        media_id: Uuid,
+        user_id: Uuid,
+    ) -> CoreResult<Vec<Tag>> {
+        self.authorize_media_access(media_id, user_id).await?;
+
+        let tags = self.tag_repo.list_tags_for_media(media_id).await?;
+
+        Ok(tags)
+    }
+}