GKaszewski/libertas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement album sharing functionality with permissions management

Browse Source
This commit is contained in:
Gabriel Kaszewski
2025-11-02 17:39:11 +01:00
parent f49d9179f5
commit a36b59a5fb
11 changed files with 263 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
libertas_api/src/services/album_service.rs
View File

@@ -6,7 +6,7 @@ use libertas_core::{
authz,
error::{CoreError, CoreResult},
models::Album,
repositories::{AlbumRepository, MediaRepository},
repositories::{AlbumRepository, AlbumShareRepository, MediaRepository},
schema::{AddMediaToAlbumData, CreateAlbumData, ShareAlbumData},
services::AlbumService,
};
@@ -15,25 +15,21 @@ use uuid::Uuid;
pub struct AlbumServiceImpl {
album_repo: Arc<dyn AlbumRepository>,
media_repo: Arc<dyn MediaRepository>,
album_share_repo: Arc<dyn AlbumShareRepository>,
}
impl AlbumServiceImpl {
pub fn new(album_repo: Arc<dyn AlbumRepository>, media_repo: Arc<dyn MediaRepository>) -> Self {
pub fn new(
album_repo: Arc<dyn AlbumRepository>,
media_repo: Arc<dyn MediaRepository>,
album_share_repo: Arc<dyn AlbumShareRepository>,
) -> Self {
Self {
album_repo,
media_repo,
album_share_repo,
}
}
async fn is_album_owner(&self, user_id: Uuid, album_id: Uuid) -> CoreResult<bool> {
let album = self
.album_repo
.find_by_id(album_id)
.await?
.ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
Ok(album.owner_id == user_id)
}
}
#[async_trait]
@@ -66,7 +62,12 @@ impl AlbumService for AlbumServiceImpl {
.await?
.ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
if !authz::is_owner(user_id, &album) {
let share_permission = self
.album_share_repo
.get_user_permission(album_id, user_id)
.await?;
if !authz::can_view_album(user_id, &album, share_permission) {
return Err(CoreError::Auth("Access denied to album".to_string()));
}
@@ -80,8 +81,15 @@ impl AlbumService for AlbumServiceImpl {
.await?
.ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
if !authz::is_owner(user_id, &album) {
return Err(CoreError::Auth("User does not own this album".to_string()));
let share_permission = self
.album_share_repo
.get_user_permission(data.album_id, user_id)
.await?;
if !authz::can_contribute_to_album(user_id, &album, share_permission) {
return Err(CoreError::Auth(
"User does not have permission to add media to this album".to_string(),
));
}
for media_id in &data.media_ids {
@@ -108,8 +116,27 @@ impl AlbumService for AlbumServiceImpl {
self.album_repo.list_by_user(user_id).await
}
async fn share_album(&self, _data: ShareAlbumData, _owner_id: Uuid) -> CoreResult<()> {
// This is not part of the MVP, but part of the trait
unimplemented!("Sharing will be implemented in a future phase")
async fn share_album(&self, data: ShareAlbumData, owner_id: Uuid) -> CoreResult<()> {
let album = self
.album_repo
.find_by_id(data.album_id)
.await?
.ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
if !authz::is_owner(owner_id, &album) {
return Err(CoreError::Auth(
"Only the album owner can share the album".to_string(),
));
}
if data.target_user_id == owner_id {
return Err(CoreError::Validation(
"Cannot share album with oneself".to_string(),
));
}
self.album_share_repo
.create_or_update_share(data.album_id, data.target_user_id, data.permission)
.await
}
}

35
libertas_api/src/services/media_service.rs
View File

@@ -8,7 +8,7 @@ use libertas_core::{
config::Config,
error::{CoreError, CoreResult},
models::Media,
repositories::{MediaRepository, UserRepository},
repositories::{AlbumShareRepository, MediaRepository, UserRepository},
schema::UploadMediaData,
services::MediaService,
};
@@ -20,6 +20,7 @@ use uuid::Uuid;
pub struct MediaServiceImpl {
repo: Arc<dyn MediaRepository>,
user_repo: Arc<dyn UserRepository>,
album_share_repo: Arc<dyn AlbumShareRepository>,
config: Config,
nats_client: async_nats::Client,
}
@@ -28,12 +29,14 @@ impl MediaServiceImpl {
pub fn new(
repo: Arc<dyn MediaRepository>,
user_repo: Arc<dyn UserRepository>,
album_share_repo: Arc<dyn AlbumShareRepository>,
config: Config,
nats_client: async_nats::Client,
) -> Self {
Self {
repo,
user_repo,
album_share_repo,
config,
nats_client,
}
@@ -141,11 +144,20 @@ impl MediaService for MediaServiceImpl {
.await?
.ok_or(CoreError::NotFound("User".to_string(), user_id))?;
if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
return Err(CoreError::Auth("Access denied".to_string()));
if authz::is_owner(user_id, &media) || authz::is_admin(&user) {
return Ok(media);
}
Ok(media)
let is_shared = self
.album_share_repo
.is_media_in_shared_album(id, user_id)
.await?;
if is_shared {
return Ok(media);
}
Err(CoreError::Auth("Access denied".to_string()))
}
async fn list_user_media(&self, user_id: Uuid) -> CoreResult<Vec<Media>> {
@@ -165,10 +177,19 @@ impl MediaService for MediaServiceImpl {
.await?
.ok_or(CoreError::NotFound("User".to_string(), user_id))?;
if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
return Err(CoreError::Auth("Access denied".to_string()));
if authz::is_owner(user_id, &media) || authz::is_admin(&user) {
return Ok(media.storage_path);
}
Ok(media.storage_path)
let is_shared = self
.album_share_repo
.is_media_in_shared_album(id, user_id)
.await?;
if is_shared {
return Ok(media.storage_path);
}
Err(CoreError::Auth("Access denied".to_string()))
}
}