GKaszewski/libertas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement album sharing functionality with permissions management

Browse Source
This commit is contained in:
Gabriel Kaszewski
2025-11-02 17:39:11 +01:00
parent f49d9179f5
commit a36b59a5fb
11 changed files with 263 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libertas_api/migrations/20251102161826_create_album_shares_table.sql Normal file
View File

@@ -0,0 +1,10 @@
CREATE TYPE album_permission AS ENUM ('view', 'contribute');
CREATE TABLE album_shares (
album_id UUID NOT NULL REFERENCES albums (id) ON DELETE CASCADE,
user_id UUID NOT NULL REFERENCES users (id) ON DELETE CASCADE,
permission album_permission NOT NULL,
PRIMARY KEY (album_id, user_id)
);
CREATE INDEX idx_album_shares_user_id ON album_shares (user_id);

11
libertas_api/src/factory.rs
View File

@@ -5,7 +5,8 @@ use libertas_core::{
error::{CoreError, CoreResult}, error::{CoreError, CoreResult},
}; };
use libertas_infra::factory::{ use libertas_infra::factory::{
build_album_repository, build_database_pool, build_media_repository, build_user_repository, build_album_repository, build_album_share_repository, build_database_pool,
build_media_repository, build_user_repository,
}; };
use crate::{ use crate::{
@@ -28,6 +29,7 @@ pub async fn build_app_state(config: Config) -> CoreResult<AppState> {
let user_repo = build_user_repository(&config.database, db_pool.clone()).await?; let user_repo = build_user_repository(&config.database, db_pool.clone()).await?;
let media_repo = build_media_repository(&config.database, db_pool.clone()).await?; let media_repo = build_media_repository(&config.database, db_pool.clone()).await?;
let album_repo = build_album_repository(&config.database, db_pool.clone()).await?; let album_repo = build_album_repository(&config.database, db_pool.clone()).await?;
let album_share_repo = build_album_share_repository(&config.database, db_pool.clone()).await?;
let hasher = Arc::new(Argon2Hasher::default()); let hasher = Arc::new(Argon2Hasher::default());
let tokenizer = Arc::new(JwtGenerator::new(config.jwt_secret.clone())); let tokenizer = Arc::new(JwtGenerator::new(config.jwt_secret.clone()));
@@ -40,10 +42,15 @@ pub async fn build_app_state(config: Config) -> CoreResult<AppState> {
let media_service = Arc::new(MediaServiceImpl::new( let media_service = Arc::new(MediaServiceImpl::new(
media_repo.clone(), media_repo.clone(),
user_repo.clone(), user_repo.clone(),
album_share_repo.clone(),
config.clone(), config.clone(),
nats_client.clone(), nats_client.clone(),
)); ));
let album_service = Arc::new(AlbumServiceImpl::new(album_repo, media_repo)); let album_service = Arc::new(AlbumServiceImpl::new(
album_repo,
media_repo,
album_share_repo,
));
Ok(AppState { Ok(AppState {
user_service, user_service,

29
libertas_api/src/handlers/album_handlers.rs
View File

@@ -3,7 +3,10 @@ use axum::{
extract::{Path, State}, extract::{Path, State},
http::StatusCode, http::StatusCode,
}; };
use libertas_core::schema::{AddMediaToAlbumData, CreateAlbumData}; use libertas_core::{
models::AlbumPermission,
schema::{AddMediaToAlbumData, CreateAlbumData, ShareAlbumData},
};
use serde::Deserialize; use serde::Deserialize;
use uuid::Uuid; use uuid::Uuid;
@@ -57,8 +60,32 @@ async fn add_media_to_album(
Ok(StatusCode::OK) Ok(StatusCode::OK)
} }
#[derive(Deserialize)]
pub struct ShareAlbumRequest {
target_user_id: Uuid,
permission: AlbumPermission,
}
async fn share_album(
State(state): State<AppState>,
UserId(owner_id): UserId, // The person sharing must be authenticated
Path(album_id): Path<Uuid>,
Json(payload): Json<ShareAlbumRequest>,
) -> Result<StatusCode, ApiError> {
let data = ShareAlbumData {
album_id,
target_user_id: payload.target_user_id,
permission: payload.permission,
};
state.album_service.share_album(data, owner_id).await?;
Ok(StatusCode::OK)
}
pub fn album_routes() -> Router<AppState> { pub fn album_routes() -> Router<AppState> {
Router::new() Router::new()
.route("/", axum::routing::post(create_album)) .route("/", axum::routing::post(create_album))
.route("/{album_id}/media", axum::routing::post(add_media_to_album)) .route("/{album_id}/media", axum::routing::post(add_media_to_album))
.route("/{album_id}/share", axum::routing::post(share_album))
} }

63
libertas_api/src/services/album_service.rs
View File

@@ -6,7 +6,7 @@ use libertas_core::{
authz, authz,
error::{CoreError, CoreResult}, error::{CoreError, CoreResult},
models::Album, models::Album,
repositories::{AlbumRepository, MediaRepository}, repositories::{AlbumRepository, AlbumShareRepository, MediaRepository},
schema::{AddMediaToAlbumData, CreateAlbumData, ShareAlbumData}, schema::{AddMediaToAlbumData, CreateAlbumData, ShareAlbumData},
services::AlbumService, services::AlbumService,
}; };
@@ -15,25 +15,21 @@ use uuid::Uuid;
pub struct AlbumServiceImpl { pub struct AlbumServiceImpl {
album_repo: Arc<dyn AlbumRepository>, album_repo: Arc<dyn AlbumRepository>,
media_repo: Arc<dyn MediaRepository>, media_repo: Arc<dyn MediaRepository>,
album_share_repo: Arc<dyn AlbumShareRepository>,
} }
impl AlbumServiceImpl { impl AlbumServiceImpl {
pub fn new(album_repo: Arc<dyn AlbumRepository>, media_repo: Arc<dyn MediaRepository>) -> Self { pub fn new(
album_repo: Arc<dyn AlbumRepository>,
media_repo: Arc<dyn MediaRepository>,
album_share_repo: Arc<dyn AlbumShareRepository>,
) -> Self {
Self { Self {
album_repo, album_repo,
media_repo, media_repo,
album_share_repo,
} }
} }
async fn is_album_owner(&self, user_id: Uuid, album_id: Uuid) -> CoreResult<bool> {
let album = self
.album_repo
.find_by_id(album_id)
.await?
.ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
Ok(album.owner_id == user_id)
}
} }
#[async_trait] #[async_trait]
@@ -66,7 +62,12 @@ impl AlbumService for AlbumServiceImpl {
.await? .await?
.ok_or(CoreError::NotFound("Album".to_string(), album_id))?; .ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
if !authz::is_owner(user_id, &album) { let share_permission = self
.album_share_repo
.get_user_permission(album_id, user_id)
.await?;
if !authz::can_view_album(user_id, &album, share_permission) {
return Err(CoreError::Auth("Access denied to album".to_string())); return Err(CoreError::Auth("Access denied to album".to_string()));
} }
@@ -80,8 +81,15 @@ impl AlbumService for AlbumServiceImpl {
.await? .await?
.ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?; .ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
if !authz::is_owner(user_id, &album) { let share_permission = self
return Err(CoreError::Auth("User does not own this album".to_string())); .album_share_repo
.get_user_permission(data.album_id, user_id)
.await?;
if !authz::can_contribute_to_album(user_id, &album, share_permission) {
return Err(CoreError::Auth(
"User does not have permission to add media to this album".to_string(),
));
} }
for media_id in &data.media_ids { for media_id in &data.media_ids {
@@ -108,8 +116,27 @@ impl AlbumService for AlbumServiceImpl {
self.album_repo.list_by_user(user_id).await self.album_repo.list_by_user(user_id).await
} }
async fn share_album(&self, _data: ShareAlbumData, _owner_id: Uuid) -> CoreResult<()> { async fn share_album(&self, data: ShareAlbumData, owner_id: Uuid) -> CoreResult<()> {
// This is not part of the MVP, but part of the trait let album = self
unimplemented!("Sharing will be implemented in a future phase") .album_repo
.find_by_id(data.album_id)
.await?
.ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
if !authz::is_owner(owner_id, &album) {
return Err(CoreError::Auth(
"Only the album owner can share the album".to_string(),
));
}
if data.target_user_id == owner_id {
return Err(CoreError::Validation(
"Cannot share album with oneself".to_string(),
));
}
self.album_share_repo
.create_or_update_share(data.album_id, data.target_user_id, data.permission)
.await
} }
} }

35
libertas_api/src/services/media_service.rs
View File

@@ -8,7 +8,7 @@ use libertas_core::{
config::Config, config::Config,
error::{CoreError, CoreResult}, error::{CoreError, CoreResult},
models::Media, models::Media,
repositories::{MediaRepository, UserRepository}, repositories::{AlbumShareRepository, MediaRepository, UserRepository},
schema::UploadMediaData, schema::UploadMediaData,
services::MediaService, services::MediaService,
}; };
@@ -20,6 +20,7 @@ use uuid::Uuid;
pub struct MediaServiceImpl { pub struct MediaServiceImpl {
repo: Arc<dyn MediaRepository>, repo: Arc<dyn MediaRepository>,
user_repo: Arc<dyn UserRepository>, user_repo: Arc<dyn UserRepository>,
album_share_repo: Arc<dyn AlbumShareRepository>,
config: Config, config: Config,
nats_client: async_nats::Client, nats_client: async_nats::Client,
} }
@@ -28,12 +29,14 @@ impl MediaServiceImpl {
pub fn new( pub fn new(
repo: Arc<dyn MediaRepository>, repo: Arc<dyn MediaRepository>,
user_repo: Arc<dyn UserRepository>, user_repo: Arc<dyn UserRepository>,
album_share_repo: Arc<dyn AlbumShareRepository>,
config: Config, config: Config,
nats_client: async_nats::Client, nats_client: async_nats::Client,
) -> Self { ) -> Self {
Self { Self {
repo, repo,
user_repo, user_repo,
album_share_repo,
config, config,
nats_client, nats_client,
} }
@@ -141,11 +144,20 @@ impl MediaService for MediaServiceImpl {
.await? .await?
.ok_or(CoreError::NotFound("User".to_string(), user_id))?; .ok_or(CoreError::NotFound("User".to_string(), user_id))?;
if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) { if authz::is_owner(user_id, &media) || authz::is_admin(&user) {
return Err(CoreError::Auth("Access denied".to_string())); return Ok(media);
} }
Ok(media) let is_shared = self
.album_share_repo
.is_media_in_shared_album(id, user_id)
.await?;
if is_shared {
return Ok(media);
}
Err(CoreError::Auth("Access denied".to_string()))
} }
async fn list_user_media(&self, user_id: Uuid) -> CoreResult<Vec<Media>> { async fn list_user_media(&self, user_id: Uuid) -> CoreResult<Vec<Media>> {
@@ -165,10 +177,19 @@ impl MediaService for MediaServiceImpl {
.await? .await?
.ok_or(CoreError::NotFound("User".to_string(), user_id))?; .ok_or(CoreError::NotFound("User".to_string(), user_id))?;
if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) { if authz::is_owner(user_id, &media) || authz::is_admin(&user) {
return Err(CoreError::Auth("Access denied".to_string())); return Ok(media.storage_path);
} }
Ok(media.storage_path) let is_shared = self
.album_share_repo
.is_media_in_shared_album(id, user_id)
.await?;
if is_shared {
return Ok(media.storage_path);
}
Err(CoreError::Auth("Access denied".to_string()))
} }
} }

18
libertas_core/src/authz.rs
View File

@@ -1,6 +1,6 @@
use uuid::Uuid; use uuid::Uuid;
use crate::models::{Album, Media, Role, User}; use crate::models::{Album, AlbumPermission, Media, Role, User};
pub trait Ownable { pub trait Ownable {
fn owner_id(&self) -> Uuid; fn owner_id(&self) -> Uuid;
@@ -23,3 +23,19 @@ pub fn is_admin(user: &User) -> bool {
pub fn is_owner(user_id: Uuid, entity: &impl Ownable) -> bool { pub fn is_owner(user_id: Uuid, entity: &impl Ownable) -> bool {
user_id == entity.owner_id() user_id == entity.owner_id()
} }
pub fn can_view_album(
user_id: Uuid,
album: &Album,
share_permission: Option<AlbumPermission>,
) -> bool {
is_owner(user_id, album) || share_permission.is_some()
}
pub fn can_contribute_to_album(
user_id: Uuid,
album: &Album,
share_permission: Option<AlbumPermission>,
) -> bool {
is_owner(user_id, album) || share_permission == Some(AlbumPermission::Contribute)
}

6
libertas_core/src/models.rs
View File

@@ -1,3 +1,5 @@
use serde::Deserialize;
#[derive(Debug, Clone, PartialEq, Eq, sqlx::Type)] #[derive(Debug, Clone, PartialEq, Eq, sqlx::Type)]
#[sqlx(rename_all = "lowercase")] #[sqlx(rename_all = "lowercase")]
#[sqlx(type_name = "TEXT")] #[sqlx(type_name = "TEXT")]
@@ -75,7 +77,9 @@ pub struct AlbumMedia {
pub media_id: uuid::Uuid, pub media_id: uuid::Uuid,
} }
#[derive(Clone, Copy)] #[derive(Debug, Clone, Copy, sqlx::Type, PartialEq, Eq, Deserialize)]
#[sqlx(rename_all = "lowercase")]
#[sqlx(type_name = "album_permission")]
pub enum AlbumPermission { pub enum AlbumPermission {
View, View,
Contribute, Contribute,

20
libertas_core/src/repositories.rs
View File

@@ -3,7 +3,7 @@ use uuid::Uuid;
use crate::{ use crate::{
error::CoreResult, error::CoreResult,
models::{Album, Media, User}, models::{Album, AlbumPermission, Media, User},
}; };
#[async_trait] #[async_trait]
@@ -37,3 +37,21 @@ pub trait AlbumRepository: Send + Sync {
async fn list_by_user(&self, user_id: Uuid) -> CoreResult<Vec<Album>>; async fn list_by_user(&self, user_id: Uuid) -> CoreResult<Vec<Album>>;
async fn add_media_to_album(&self, album_id: Uuid, media_ids: &[Uuid]) -> CoreResult<()>; async fn add_media_to_album(&self, album_id: Uuid, media_ids: &[Uuid]) -> CoreResult<()>;
} }
#[async_trait]
pub trait AlbumShareRepository: Send + Sync {
async fn create_or_update_share(
&self,
album_id: Uuid,
user_id: Uuid,
permission: AlbumPermission,
) -> CoreResult<()>;
async fn get_user_permission(
&self,
album_id: Uuid,
user_id: Uuid,
) -> CoreResult<Option<AlbumPermission>>;
async fn is_media_in_shared_album(&self, media_id: Uuid, user_id: Uuid) -> CoreResult<bool>;
}

14
libertas_infra/src/factory.rs
View File

@@ -73,3 +73,17 @@ pub async fn build_album_repository(
)), )),
} }
} }
pub async fn build_album_share_repository(
_db_config: &DatabaseConfig,
pool: DatabasePool,
) -> CoreResult<Arc<dyn libertas_core::repositories::AlbumShareRepository>> {
match pool {
DatabasePool::Postgres(pg_pool) => Ok(Arc::new(
crate::repositories::album_share_repository::PostgresAlbumShareRepository::new(pg_pool),
)),
DatabasePool::Sqlite(_sqlite_pool) => Err(CoreError::Database(
"Sqlite album share repository not implemented".to_string(),
)),
}
}

87
libertas_infra/src/repositories/album_share_repository.rs Normal file
View File

@@ -0,0 +1,87 @@
use async_trait::async_trait;
use libertas_core::{
error::{CoreError, CoreResult},
models::AlbumPermission,
repositories::AlbumShareRepository,
};
use sqlx::PgPool;
use uuid::Uuid;
#[derive(Clone)]
pub struct PostgresAlbumShareRepository {
pool: PgPool,
}
impl PostgresAlbumShareRepository {
pub fn new(pool: PgPool) -> Self {
Self { pool }
}
}
#[async_trait]
impl AlbumShareRepository for PostgresAlbumShareRepository {
async fn create_or_update_share(
&self,
album_id: Uuid,
user_id: Uuid,
permission: AlbumPermission,
) -> CoreResult<()> {
sqlx::query!(
r#"
INSERT INTO album_shares (album_id, user_id, permission)
VALUES ($1, $2, $3)
ON CONFLICT (album_id, user_id)
DO UPDATE SET permission = $3
"#,
album_id,
user_id,
permission as AlbumPermission,
)
.execute(&self.pool)
.await
.map_err(|e| CoreError::Database(e.to_string()))?;
Ok(())
}
async fn get_user_permission(
&self,
album_id: Uuid,
user_id: Uuid,
) -> CoreResult<Option<AlbumPermission>> {
let result = sqlx::query!(
r#"
SELECT permission as "permission: AlbumPermission"
FROM album_shares
WHERE album_id = $1 AND user_id = $2
"#,
album_id,
user_id
)
.fetch_optional(&self.pool)
.await
.map_err(|e| CoreError::Database(e.to_string()))?;
Ok(result.map(|row| row.permission))
}
async fn is_media_in_shared_album(&self, media_id: Uuid, user_id: Uuid) -> CoreResult<bool> {
let result = sqlx::query!(
r#"
SELECT EXISTS (
SELECT 1
FROM album_media am
JOIN album_shares ash ON am.album_id = ash.album_id
WHERE am.media_id = $1 AND ash.user_id = $2
)
"#,
media_id,
user_id
)
.fetch_one(&self.pool)
.await
.map_err(|e| CoreError::Database(e.to_string()))?;
Ok(result.exists.unwrap_or(false))
}
}

1
libertas_infra/src/repositories/mod.rs
View File

@@ -1,3 +1,4 @@
pub mod album_repository; pub mod album_repository;
pub mod album_share_repository;
pub mod media_repository; pub mod media_repository;
pub mod user_repository; pub mod user_repository;