private shares and revokation works

app/services/map_service.py

@@ -6,12 +6,28 @@ from fastapi import HTTPException, status
 
 from app.models.map import Map
 from app.models.user import User
+from app.models.map_share import MapShare
 from app.schemas.map import MapCreate, MapUpdate
 
 
 def get_user_maps(db: Session, user_id: UUID) -> List[Map]:
-    """Get all maps owned by a user."""
-    return db.query(Map).filter(Map.owner_id == user_id).order_by(Map.updated_at.desc()).all()
+    """Get all maps owned by or shared with a user."""
+    # Get owned maps
+    owned_maps = db.query(Map).filter(Map.owner_id == user_id).all()
+
+    # Get shared maps
+    shared_map_ids = db.query(MapShare.map_id).filter(MapShare.user_id == user_id).all()
+    shared_map_ids = [share.map_id for share in shared_map_ids]
+
+    shared_maps = []
+    if shared_map_ids:
+        shared_maps = db.query(Map).filter(Map.id.in_(shared_map_ids)).all()
+
+    # Combine and sort by updated_at
+    all_maps = owned_maps + shared_maps
+    all_maps.sort(key=lambda m: m.updated_at, reverse=True)
+
+    return all_maps
 
 
 def get_map_by_id(db: Session, map_id: UUID, user: Optional[User] = None) -> Map:
@@ -26,7 +42,15 @@ def get_map_by_id(db: Session, map_id: UUID, user: Optional[User] = None) -> Map
 
     # If user is provided, check authorization
     if user:
-        if map_obj.owner_id != user.id and not user.is_admin:
+        # Check if user is owner, admin, or has been granted access via share
+        is_owner = map_obj.owner_id == user.id
+        is_admin = user.is_admin
+        has_share_access = db.query(MapShare).filter(
+            MapShare.map_id == map_id,
+            MapShare.user_id == user.id
+        ).first() is not None
+
+        if not (is_owner or is_admin or has_share_access):
             raise HTTPException(
                 status_code=status.HTTP_403_FORBIDDEN,
                 detail="You don't have permission to access this map"