feat: add user roles and storage quota management

libertas_api/src/services/album_service.rs

@@ -3,6 +3,7 @@ use std::sync::Arc;
 use async_trait::async_trait;
 use chrono::Utc;
 use libertas_core::{
+    authz,
     error::{CoreError, CoreResult},
     models::Album,
     repositories::{AlbumRepository, MediaRepository},
@@ -65,9 +66,7 @@ impl AlbumService for AlbumServiceImpl {
             .await?
             .ok_or(CoreError::NotFound("Album".to_string(), album_id))?;
 
-        // Security check: Only owner (for now) can see album details
-        if album.owner_id != user_id {
-            // Later, this would also check share permissions
+        if !authz::is_owner(user_id, &album) {
             return Err(CoreError::Auth("Access denied to album".to_string()));
         }
 
@@ -75,12 +74,16 @@ impl AlbumService for AlbumServiceImpl {
     }
 
     async fn add_media_to_album(&self, data: AddMediaToAlbumData, user_id: Uuid) -> CoreResult<()> {
-        // 1. Verify the user owns the album
-        if !self.is_album_owner(user_id, data.album_id).await? {
+        let album = self
+            .album_repo
+            .find_by_id(data.album_id)
+            .await?
+            .ok_or(CoreError::NotFound("Album".to_string(), data.album_id))?;
+
+        if !authz::is_owner(user_id, &album) {
             return Err(CoreError::Auth("User does not own this album".to_string()));
         }
 
-        // 2. Bonus: Verify the user owns all media items
         for media_id in &data.media_ids {
             let media = self
                 .media_repo
@@ -88,7 +91,7 @@ impl AlbumService for AlbumServiceImpl {
                 .await?
                 .ok_or(CoreError::NotFound("Media".to_string(), *media_id))?;
 
-            if media.owner_id != user_id {
+            if !authz::is_owner(user_id, &media) {
                 return Err(CoreError::Auth(format!(
                     "Access denied to media item {}",
                     media_id
@@ -96,7 +99,6 @@ impl AlbumService for AlbumServiceImpl {
             }
         }
 
-        // 3. Call the repository to add them
         self.album_repo
             .add_media_to_album(data.album_id, &data.media_ids)
             .await