GKaszewski/libertas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add user roles and storage quota management

Browse Source
This commit is contained in:
Gabriel Kaszewski
2025-11-02 17:17:13 +01:00
parent 596313b8c5
commit f49d9179f5
10 changed files with 183 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libertas_api/src/factory.rs
View File

@@ -32,9 +32,14 @@ pub async fn build_app_state(config: Config) -> CoreResult<AppState> {
let hasher = Arc::new(Argon2Hasher::default());
let tokenizer = Arc::new(JwtGenerator::new(config.jwt_secret.clone()));
let user_service = Arc::new(UserServiceImpl::new(user_repo, hasher, tokenizer.clone()));
let user_service = Arc::new(UserServiceImpl::new(
user_repo.clone(),
hasher,
tokenizer.clone(),
));
let media_service = Arc::new(MediaServiceImpl::new(
media_repo.clone(),
user_repo.clone(),
config.clone(),
nats_client.clone(),
));

18
libertas_api/src/services/album_service.rs
View File

@@ -3,6 +3,7 @@ use std::sync::Arc;
use async_trait::async_trait;
use chrono::Utc;
use libertas_core::{
authz,
error::{CoreError, CoreResult},
models::Album,
repositories::{AlbumRepository, MediaRepository},
@@ -65,9 +66,7 @@ impl AlbumService for AlbumServiceImpl {
.await?
.ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
// Security check: Only owner (for now) can see album details
if album.owner_id != user_id {
// Later, this would also check share permissions
if !authz::is_owner(user_id, &album) {
return Err(CoreError::Auth("Access denied to album".to_string()));
}
@@ -75,12 +74,16 @@ impl AlbumService for AlbumServiceImpl {
}
async fn add_media_to_album(&self, data: AddMediaToAlbumData, user_id: Uuid) -> CoreResult<()> {
// 1. Verify the user owns the album
if !self.is_album_owner(user_id, data.album_id).await? {
let album = self
.album_repo
.find_by_id(data.album_id)
.await?
.ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
if !authz::is_owner(user_id, &album) {
return Err(CoreError::Auth("User does not own this album".to_string()));
}
// 2. Bonus: Verify the user owns all media items
for media_id in &data.media_ids {
let media = self
.media_repo
@@ -88,7 +91,7 @@ impl AlbumService for AlbumServiceImpl {
.await?
.ok_or(CoreError::NotFound("Media".to_string(), *media_id))?;
if media.owner_id != user_id {
if !authz::is_owner(user_id, &media) {
return Err(CoreError::Auth(format!(
"Access denied to media item {}",
media_id
@@ -96,7 +99,6 @@ impl AlbumService for AlbumServiceImpl {
}
}
// 3. Call the repository to add them
self.album_repo
.add_media_to_album(data.album_id, &data.media_ids)
.await

39
libertas_api/src/services/media_service.rs
View File

@@ -4,10 +4,11 @@ use async_trait::async_trait;
use chrono::Datelike;
use futures::stream::StreamExt;
use libertas_core::{
authz,
config::Config,
error::{CoreError, CoreResult},
models::Media,
repositories::MediaRepository,
repositories::{MediaRepository, UserRepository},
schema::UploadMediaData,
services::MediaService,
};
@@ -18,6 +19,7 @@ use uuid::Uuid;
pub struct MediaServiceImpl {
repo: Arc<dyn MediaRepository>,
user_repo: Arc<dyn UserRepository>,
config: Config,
nats_client: async_nats::Client,
}
@@ -25,11 +27,13 @@ pub struct MediaServiceImpl {
impl MediaServiceImpl {
pub fn new(
repo: Arc<dyn MediaRepository>,
user_repo: Arc<dyn UserRepository>,
config: Config,
nats_client: async_nats::Client,
) -> Self {
Self {
repo,
user_repo,
config,
nats_client,
}
@@ -39,6 +43,12 @@ impl MediaServiceImpl {
#[async_trait]
impl MediaService for MediaServiceImpl {
async fn upload_media(&self, mut data: UploadMediaData<'_>) -> CoreResult<Media> {
let user = self
.user_repo
.find_by_id(data.owner_id)
.await?
.ok_or(CoreError::NotFound("User".to_string(), data.owner_id))?;
let mut hasher = Sha256::new();
let mut file_bytes = Vec::new();
@@ -47,6 +57,14 @@ impl MediaService for MediaServiceImpl {
hasher.update(&chunk);
file_bytes.extend_from_slice(&chunk);
}
let file_size = file_bytes.len() as i64;
if user.storage_used + file_size > user.storage_quota {
return Err(CoreError::Auth(format!(
"Storage quota exceeded. Used: {}, Quota: {}",
user.storage_used, user.storage_quota
)));
}
let hash = format!("{:x}", hasher.finalize());
@@ -97,6 +115,9 @@ impl MediaService for MediaServiceImpl {
};
self.repo.create(&media_model).await?;
self.user_repo
.update_storage_used(user.id, file_size)
.await?;
let job_payload = json!({ "media_id": media_model.id });
self.nats_client
@@ -114,7 +135,13 @@ impl MediaService for MediaServiceImpl {
.await?
.ok_or(CoreError::NotFound("Media".to_string(), id))?;
if media.owner_id != user_id {
let user = self
.user_repo
.find_by_id(user_id)
.await?
.ok_or(CoreError::NotFound("User".to_string(), user_id))?;
if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
return Err(CoreError::Auth("Access denied".to_string()));
}
@@ -132,7 +159,13 @@ impl MediaService for MediaServiceImpl {
.await?
.ok_or(CoreError::NotFound("Media".to_string(), id))?;
if media.owner_id != user_id {
let user = self
.user_repo
.find_by_id(user_id)
.await?
.ok_or(CoreError::NotFound("User".to_string(), user_id))?;
if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
return Err(CoreError::Auth("Access denied".to_string()));
}

5
libertas_api/src/services/user_service.rs
View File

@@ -3,7 +3,7 @@ use std::sync::Arc;
use async_trait::async_trait;
use libertas_core::{
error::{CoreError, CoreResult},
models::User,
models::{Role, User},
repositories::UserRepository,
schema::{CreateUserData, LoginUserData},
services::UserService,
@@ -57,6 +57,9 @@ impl UserService for UserServiceImpl {
hashed_password,
created_at: chrono::Utc::now(),
updated_at: chrono::Utc::now(),
role: Role::User,
storage_quota: 10 * 1024 * 1024 * 1024, // 10 GB
storage_used: 0,
};
self.repo.create(user.clone()).await?;