Implement authorization service and refactor services to use it
- Added `AuthorizationService` and its implementation `AuthorizationServiceImpl` to handle permission checks across various services. - Refactored `AlbumServiceImpl`, `MediaServiceImpl`, `PersonServiceImpl`, and `TagServiceImpl` to utilize the new authorization service for permission checks. - Removed direct permission checks from services and replaced them with calls to the `AuthorizationService`. - Updated repository interfaces to include new methods for checking media permissions in shared albums. - Enhanced the `authz` module with new permission types for better granularity in access control. - Adjusted the `AppState` struct to include the new `authorization_service`.
This commit is contained in:
@@ -1,17 +1,22 @@
|
||||
use std::sync::Arc;
|
||||
|
||||
use libertas_core::{
|
||||
config::{AppConfig},
|
||||
config::AppConfig,
|
||||
error::{CoreError, CoreResult},
|
||||
};
|
||||
use libertas_infra::factory::{
|
||||
build_album_repository, build_album_share_repository, build_database_pool, build_face_region_repository, build_media_metadata_repository, build_media_repository, build_person_repository, build_person_share_repository, build_tag_repository, build_user_repository
|
||||
build_album_repository, build_album_share_repository, build_database_pool,
|
||||
build_face_region_repository, build_media_metadata_repository, build_media_repository,
|
||||
build_person_repository, build_person_share_repository, build_tag_repository,
|
||||
build_user_repository,
|
||||
};
|
||||
|
||||
use crate::{
|
||||
security::{Argon2Hasher, JwtGenerator},
|
||||
services::{
|
||||
album_service::AlbumServiceImpl, media_service::MediaServiceImpl, person_service::PersonServiceImpl, tag_service::TagServiceImpl, user_service::UserServiceImpl
|
||||
album_service::AlbumServiceImpl, authorization_service::AuthorizationServiceImpl,
|
||||
media_service::MediaServiceImpl, person_service::PersonServiceImpl,
|
||||
tag_service::TagServiceImpl, user_service::UserServiceImpl,
|
||||
},
|
||||
state::AppState,
|
||||
};
|
||||
@@ -33,11 +38,22 @@ pub async fn build_app_state(config: AppConfig) -> CoreResult<AppState> {
|
||||
let tag_repo = build_tag_repository(&config.database, db_pool.clone()).await?;
|
||||
let person_repo = build_person_repository(&config.database, db_pool.clone()).await?;
|
||||
let face_region_repo = build_face_region_repository(&config.database, db_pool.clone()).await?;
|
||||
let person_share_repo = build_person_share_repository(&config.database, db_pool.clone()).await?;
|
||||
let person_share_repo =
|
||||
build_person_share_repository(&config.database, db_pool.clone()).await?;
|
||||
|
||||
let hasher = Arc::new(Argon2Hasher::default());
|
||||
let tokenizer = Arc::new(JwtGenerator::new(config.jwt_secret.clone()));
|
||||
|
||||
let authorization_service = Arc::new(AuthorizationServiceImpl::new(
|
||||
media_repo.clone(),
|
||||
album_repo.clone(),
|
||||
album_share_repo.clone(),
|
||||
person_repo.clone(),
|
||||
person_share_repo.clone(),
|
||||
face_region_repo.clone(),
|
||||
user_repo.clone(),
|
||||
));
|
||||
|
||||
let user_service = Arc::new(UserServiceImpl::new(
|
||||
user_repo.clone(),
|
||||
hasher,
|
||||
@@ -47,25 +63,25 @@ pub async fn build_app_state(config: AppConfig) -> CoreResult<AppState> {
|
||||
let media_service = Arc::new(MediaServiceImpl::new(
|
||||
media_repo.clone(),
|
||||
user_repo.clone(),
|
||||
album_share_repo.clone(),
|
||||
media_metadata_repo.clone(),
|
||||
authorization_service.clone(),
|
||||
config.clone(),
|
||||
nats_client.clone(),
|
||||
));
|
||||
let album_service = Arc::new(AlbumServiceImpl::new(
|
||||
album_repo,
|
||||
media_repo.clone(),
|
||||
album_share_repo,
|
||||
album_repo.clone(),
|
||||
album_share_repo.clone(),
|
||||
authorization_service.clone(),
|
||||
));
|
||||
let tag_service = Arc::new(TagServiceImpl::new(
|
||||
tag_repo,
|
||||
media_repo.clone(),
|
||||
tag_repo.clone(),
|
||||
authorization_service.clone(),
|
||||
));
|
||||
let person_service = Arc::new(PersonServiceImpl::new(
|
||||
person_repo,
|
||||
face_region_repo,
|
||||
media_repo.clone(),
|
||||
person_share_repo,
|
||||
person_repo.clone(),
|
||||
face_region_repo.clone(),
|
||||
person_share_repo.clone(),
|
||||
authorization_service.clone(),
|
||||
));
|
||||
|
||||
Ok(AppState {
|
||||
@@ -74,6 +90,7 @@ pub async fn build_app_state(config: AppConfig) -> CoreResult<AppState> {
|
||||
album_service,
|
||||
tag_service,
|
||||
person_service,
|
||||
authorization_service,
|
||||
token_generator: tokenizer,
|
||||
nats_client,
|
||||
config,
|
||||
|
||||
Reference in New Issue
Block a user