feat: add user roles and storage quota management

2025-11-02 17:17:13 +01:00
parent 596313b8c5
commit f49d9179f5
10 changed files with 183 additions and 30 deletions
--- a/libertas_api/src/services/media_service.rs
+++ b/libertas_api/src/services/media_service.rs
@@ -4,10 +4,11 @@ use async_trait::async_trait;
 use chrono::Datelike;
 use futures::stream::StreamExt;
 use libertas_core::{
+    authz,
    config::Config,
    error::{CoreError, CoreResult},
    models::Media,
-    repositories::MediaRepository,
+    repositories::{MediaRepository, UserRepository},
    schema::UploadMediaData,
    services::MediaService,
 };
@@ -18,6 +19,7 @@ use uuid::Uuid;

 pub struct MediaServiceImpl {
    repo: Arc<dyn MediaRepository>,
+    user_repo: Arc<dyn UserRepository>,
    config: Config,
    nats_client: async_nats::Client,
 }
@@ -25,11 +27,13 @@ pub struct MediaServiceImpl {
 impl MediaServiceImpl {
    pub fn new(
        repo: Arc<dyn MediaRepository>,
+        user_repo: Arc<dyn UserRepository>,
        config: Config,
        nats_client: async_nats::Client,
    ) -> Self {
        Self {
            repo,
+            user_repo,
            config,
            nats_client,
        }
@@ -39,6 +43,12 @@ impl MediaServiceImpl {
 #[async_trait]
 impl MediaService for MediaServiceImpl {
    async fn upload_media(&self, mut data: UploadMediaData<'_>) -> CoreResult<Media> {
+        let user = self
+            .user_repo
+            .find_by_id(data.owner_id)
+            .await?
+            .ok_or(CoreError::NotFound("User".to_string(), data.owner_id))?;
+
        let mut hasher = Sha256::new();
        let mut file_bytes = Vec::new();

@@ -47,6 +57,14 @@ impl MediaService for MediaServiceImpl {
            hasher.update(&chunk);
            file_bytes.extend_from_slice(&chunk);
        }
+        let file_size = file_bytes.len() as i64;
+
+        if user.storage_used + file_size > user.storage_quota {
+            return Err(CoreError::Auth(format!(
+                "Storage quota exceeded. Used: {}, Quota: {}",
+                user.storage_used, user.storage_quota
+            )));
+        }

        let hash = format!("{:x}", hasher.finalize());

@@ -97,6 +115,9 @@ impl MediaService for MediaServiceImpl {
        };

        self.repo.create(&media_model).await?;
+        self.user_repo
+            .update_storage_used(user.id, file_size)
+            .await?;

        let job_payload = json!({ "media_id": media_model.id });
        self.nats_client
@@ -114,7 +135,13 @@ impl MediaService for MediaServiceImpl {
            .await?
            .ok_or(CoreError::NotFound("Media".to_string(), id))?;

-        if media.owner_id != user_id {
+        let user = self
+            .user_repo
+            .find_by_id(user_id)
+            .await?
+            .ok_or(CoreError::NotFound("User".to_string(), user_id))?;
+
+        if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
            return Err(CoreError::Auth("Access denied".to_string()));
        }

@@ -132,7 +159,13 @@ impl MediaService for MediaServiceImpl {
            .await?
            .ok_or(CoreError::NotFound("Media".to_string(), id))?;

-        if media.owner_id != user_id {
+        let user = self
+            .user_repo
+            .find_by_id(user_id)
+            .await?
+            .ok_or(CoreError::NotFound("User".to_string(), user_id))?;
+
+        if !authz::is_owner(user_id, &media) && !authz::is_admin(&user) {
            return Err(CoreError::Auth("Access denied".to_string()));
        }