feat: implement album sharing functionality with permissions management
This commit is contained in:
@@ -6,7 +6,7 @@ use libertas_core::{
|
||||
authz,
|
||||
error::{CoreError, CoreResult},
|
||||
models::Album,
|
||||
repositories::{AlbumRepository, MediaRepository},
|
||||
repositories::{AlbumRepository, AlbumShareRepository, MediaRepository},
|
||||
schema::{AddMediaToAlbumData, CreateAlbumData, ShareAlbumData},
|
||||
services::AlbumService,
|
||||
};
|
||||
@@ -15,25 +15,21 @@ use uuid::Uuid;
|
||||
pub struct AlbumServiceImpl {
|
||||
album_repo: Arc<dyn AlbumRepository>,
|
||||
media_repo: Arc<dyn MediaRepository>,
|
||||
album_share_repo: Arc<dyn AlbumShareRepository>,
|
||||
}
|
||||
|
||||
impl AlbumServiceImpl {
|
||||
pub fn new(album_repo: Arc<dyn AlbumRepository>, media_repo: Arc<dyn MediaRepository>) -> Self {
|
||||
pub fn new(
|
||||
album_repo: Arc<dyn AlbumRepository>,
|
||||
media_repo: Arc<dyn MediaRepository>,
|
||||
album_share_repo: Arc<dyn AlbumShareRepository>,
|
||||
) -> Self {
|
||||
Self {
|
||||
album_repo,
|
||||
media_repo,
|
||||
album_share_repo,
|
||||
}
|
||||
}
|
||||
|
||||
async fn is_album_owner(&self, user_id: Uuid, album_id: Uuid) -> CoreResult<bool> {
|
||||
let album = self
|
||||
.album_repo
|
||||
.find_by_id(album_id)
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
|
||||
|
||||
Ok(album.owner_id == user_id)
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
@@ -66,7 +62,12 @@ impl AlbumService for AlbumServiceImpl {
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
|
||||
|
||||
if !authz::is_owner(user_id, &album) {
|
||||
let share_permission = self
|
||||
.album_share_repo
|
||||
.get_user_permission(album_id, user_id)
|
||||
.await?;
|
||||
|
||||
if !authz::can_view_album(user_id, &album, share_permission) {
|
||||
return Err(CoreError::Auth("Access denied to album".to_string()));
|
||||
}
|
||||
|
||||
@@ -80,8 +81,15 @@ impl AlbumService for AlbumServiceImpl {
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
|
||||
|
||||
if !authz::is_owner(user_id, &album) {
|
||||
return Err(CoreError::Auth("User does not own this album".to_string()));
|
||||
let share_permission = self
|
||||
.album_share_repo
|
||||
.get_user_permission(data.album_id, user_id)
|
||||
.await?;
|
||||
|
||||
if !authz::can_contribute_to_album(user_id, &album, share_permission) {
|
||||
return Err(CoreError::Auth(
|
||||
"User does not have permission to add media to this album".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
for media_id in &data.media_ids {
|
||||
@@ -108,8 +116,27 @@ impl AlbumService for AlbumServiceImpl {
|
||||
self.album_repo.list_by_user(user_id).await
|
||||
}
|
||||
|
||||
async fn share_album(&self, _data: ShareAlbumData, _owner_id: Uuid) -> CoreResult<()> {
|
||||
// This is not part of the MVP, but part of the trait
|
||||
unimplemented!("Sharing will be implemented in a future phase")
|
||||
async fn share_album(&self, data: ShareAlbumData, owner_id: Uuid) -> CoreResult<()> {
|
||||
let album = self
|
||||
.album_repo
|
||||
.find_by_id(data.album_id)
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
|
||||
|
||||
if !authz::is_owner(owner_id, &album) {
|
||||
return Err(CoreError::Auth(
|
||||
"Only the album owner can share the album".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
if data.target_user_id == owner_id {
|
||||
return Err(CoreError::Validation(
|
||||
"Cannot share album with oneself".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
self.album_share_repo
|
||||
.create_or_update_share(data.album_id, data.target_user_id, data.permission)
|
||||
.await
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user