feat: add user roles and storage quota management
This commit is contained in:
@@ -3,6 +3,7 @@ use std::sync::Arc;
|
||||
use async_trait::async_trait;
|
||||
use chrono::Utc;
|
||||
use libertas_core::{
|
||||
authz,
|
||||
error::{CoreError, CoreResult},
|
||||
models::Album,
|
||||
repositories::{AlbumRepository, MediaRepository},
|
||||
@@ -65,9 +66,7 @@ impl AlbumService for AlbumServiceImpl {
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
|
||||
|
||||
// Security check: Only owner (for now) can see album details
|
||||
if album.owner_id != user_id {
|
||||
// Later, this would also check share permissions
|
||||
if !authz::is_owner(user_id, &album) {
|
||||
return Err(CoreError::Auth("Access denied to album".to_string()));
|
||||
}
|
||||
|
||||
@@ -75,12 +74,16 @@ impl AlbumService for AlbumServiceImpl {
|
||||
}
|
||||
|
||||
async fn add_media_to_album(&self, data: AddMediaToAlbumData, user_id: Uuid) -> CoreResult<()> {
|
||||
// 1. Verify the user owns the album
|
||||
if !self.is_album_owner(user_id, data.album_id).await? {
|
||||
let album = self
|
||||
.album_repo
|
||||
.find_by_id(data.album_id)
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
|
||||
|
||||
if !authz::is_owner(user_id, &album) {
|
||||
return Err(CoreError::Auth("User does not own this album".to_string()));
|
||||
}
|
||||
|
||||
// 2. Bonus: Verify the user owns all media items
|
||||
for media_id in &data.media_ids {
|
||||
let media = self
|
||||
.media_repo
|
||||
@@ -88,7 +91,7 @@ impl AlbumService for AlbumServiceImpl {
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Media".to_string(), *media_id))?;
|
||||
|
||||
if media.owner_id != user_id {
|
||||
if !authz::is_owner(user_id, &media) {
|
||||
return Err(CoreError::Auth(format!(
|
||||
"Access denied to media item {}",
|
||||
media_id
|
||||
@@ -96,7 +99,6 @@ impl AlbumService for AlbumServiceImpl {
|
||||
}
|
||||
}
|
||||
|
||||
// 3. Call the repository to add them
|
||||
self.album_repo
|
||||
.add_media_to_album(data.album_id, &data.media_ids)
|
||||
.await
|
||||
|
||||
@@ -4,10 +4,11 @@ use async_trait::async_trait;
|
||||
use chrono::Datelike;
|
||||
use futures::stream::StreamExt;
|
||||
use libertas_core::{
|
||||
authz,
|
||||
config::Config,
|
||||
error::{CoreError, CoreResult},
|
||||
models::Media,
|
||||
repositories::MediaRepository,
|
||||
repositories::{MediaRepository, UserRepository},
|
||||
schema::UploadMediaData,
|
||||
services::MediaService,
|
||||
};
|
||||
@@ -18,6 +19,7 @@ use uuid::Uuid;
|
||||
|
||||
pub struct MediaServiceImpl {
|
||||
repo: Arc<dyn MediaRepository>,
|
||||
user_repo: Arc<dyn UserRepository>,
|
||||
config: Config,
|
||||
nats_client: async_nats::Client,
|
||||
}
|
||||
@@ -25,11 +27,13 @@ pub struct MediaServiceImpl {
|
||||
impl MediaServiceImpl {
|
||||
pub fn new(
|
||||
repo: Arc<dyn MediaRepository>,
|
||||
user_repo: Arc<dyn UserRepository>,
|
||||
config: Config,
|
||||
nats_client: async_nats::Client,
|
||||
) -> Self {
|
||||
Self {
|
||||
repo,
|
||||
user_repo,
|
||||
config,
|
||||
nats_client,
|
||||
}
|
||||
@@ -39,6 +43,12 @@ impl MediaServiceImpl {
|
||||
#[async_trait]
|
||||
impl MediaService for MediaServiceImpl {
|
||||
async fn upload_media(&self, mut data: UploadMediaData<'_>) -> CoreResult<Media> {
|
||||
let user = self
|
||||
.user_repo
|
||||
.find_by_id(data.owner_id)
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("User".to_string(), data.owner_id))?;
|
||||
|
||||
let mut hasher = Sha256::new();
|
||||
let mut file_bytes = Vec::new();
|
||||
|
||||
@@ -47,6 +57,14 @@ impl MediaService for MediaServiceImpl {
|
||||
hasher.update(&chunk);
|
||||
file_bytes.extend_from_slice(&chunk);
|
||||
}
|
||||
let file_size = file_bytes.len() as i64;
|
||||
|
||||
if user.storage_used + file_size > user.storage_quota {
|
||||
return Err(CoreError::Auth(format!(
|
||||
"Storage quota exceeded. Used: {}, Quota: {}",
|
||||
user.storage_used, user.storage_quota
|
||||
)));
|
||||
}
|
||||
|
||||
let hash = format!("{:x}", hasher.finalize());
|
||||
|
||||
@@ -97,6 +115,9 @@ impl MediaService for MediaServiceImpl {
|
||||
};
|
||||
|
||||
self.repo.create(&media_model).await?;
|
||||
self.user_repo
|
||||
.update_storage_used(user.id, file_size)
|
||||
.await?;
|
||||
|
||||
let job_payload = json!({ "media_id": media_model.id });
|
||||
self.nats_client
|
||||
@@ -114,7 +135,13 @@ impl MediaService for MediaServiceImpl {
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Media".to_string(), id))?;
|
||||
|
||||
if media.owner_id != user_id {
|
||||
let user = self
|
||||
.user_repo
|
||||
.find_by_id(user_id)
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("User".to_string(), user_id))?;
|
||||
|
||||
if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
|
||||
return Err(CoreError::Auth("Access denied".to_string()));
|
||||
}
|
||||
|
||||
@@ -132,7 +159,13 @@ impl MediaService for MediaServiceImpl {
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("Media".to_string(), id))?;
|
||||
|
||||
if media.owner_id != user_id {
|
||||
let user = self
|
||||
.user_repo
|
||||
.find_by_id(user_id)
|
||||
.await?
|
||||
.ok_or(CoreError::NotFound("User".to_string(), user_id))?;
|
||||
|
||||
if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
|
||||
return Err(CoreError::Auth("Access denied".to_string()));
|
||||
}
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@ use std::sync::Arc;
|
||||
use async_trait::async_trait;
|
||||
use libertas_core::{
|
||||
error::{CoreError, CoreResult},
|
||||
models::User,
|
||||
models::{Role, User},
|
||||
repositories::UserRepository,
|
||||
schema::{CreateUserData, LoginUserData},
|
||||
services::UserService,
|
||||
@@ -57,6 +57,9 @@ impl UserService for UserServiceImpl {
|
||||
hashed_password,
|
||||
created_at: chrono::Utc::now(),
|
||||
updated_at: chrono::Utc::now(),
|
||||
role: Role::User,
|
||||
storage_quota: 10 * 1024 * 1024 * 1024, // 10 GB
|
||||
storage_used: 0,
|
||||
};
|
||||
|
||||
self.repo.create(user.clone()).await?;
|
||||
|
||||
Reference in New Issue
Block a user