feat: implement album sharing functionality with permissions management

2025-11-02 17:39:11 +01:00
parent f49d9179f5
commit a36b59a5fb
11 changed files with 263 additions and 31 deletions
--- a/libertas_api/src/services/media_service.rs
+++ b/libertas_api/src/services/media_service.rs
@@ -8,7 +8,7 @@ use libertas_core::{
    config::Config,
    error::{CoreError, CoreResult},
    models::Media,
-    repositories::{MediaRepository, UserRepository},
+    repositories::{AlbumShareRepository, MediaRepository, UserRepository},
    schema::UploadMediaData,
    services::MediaService,
 };
@@ -20,6 +20,7 @@ use uuid::Uuid;
 pub struct MediaServiceImpl {
    repo: Arc<dyn MediaRepository>,
    user_repo: Arc<dyn UserRepository>,
+    album_share_repo: Arc<dyn AlbumShareRepository>,
    config: Config,
    nats_client: async_nats::Client,
 }
@@ -28,12 +29,14 @@ impl MediaServiceImpl {
    pub fn new(
        repo: Arc<dyn MediaRepository>,
        user_repo: Arc<dyn UserRepository>,
+        album_share_repo: Arc<dyn AlbumShareRepository>,
        config: Config,
        nats_client: async_nats::Client,
    ) -> Self {
        Self {
            repo,
            user_repo,
+            album_share_repo,
            config,
            nats_client,
        }
@@ -141,11 +144,20 @@ impl MediaService for MediaServiceImpl {
            .await?
            .ok_or(CoreError::NotFound("User".to_string(), user_id))?;

-        if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
-            return Err(CoreError::Auth("Access denied".to_string()));
+        if authz::is_owner(user_id, &media) || authz::is_admin(&user) {
+            return Ok(media);
        }

-        Ok(media)
+        let is_shared = self
+            .album_share_repo
+            .is_media_in_shared_album(id, user_id)
+            .await?;
+
+        if is_shared {
+            return Ok(media);
+        }
+
+        Err(CoreError::Auth("Access denied".to_string()))
    }

    async fn list_user_media(&self, user_id: Uuid) -> CoreResult<Vec<Media>> {
@@ -165,10 +177,19 @@ impl MediaService for MediaServiceImpl {
            .await?
            .ok_or(CoreError::NotFound("User".to_string(), user_id))?;

-        if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
-            return Err(CoreError::Auth("Access denied".to_string()));
+        if authz::is_owner(user_id, &media) || authz::is_admin(&user) {
+            return Ok(media.storage_path);
        }

-        Ok(media.storage_path)
+        let is_shared = self
+            .album_share_repo
+            .is_media_in_shared_album(id, user_id)
+            .await?;
+
+        if is_shared {
+            return Ok(media.storage_path);
+        }
+
+        Err(CoreError::Auth("Access denied".to_string()))
    }
 }