Deduplicate logic across controllers, auth, and schema fixes

src/main/kotlin/com/android/trisolarisserver/controller/ControllerAccess.kt

@@ -0,0 +1,42 @@
+package com.android.trisolarisserver.controller
+
+import com.android.trisolarisserver.component.PropertyAccess
+import com.android.trisolarisserver.models.property.AppUser
+import com.android.trisolarisserver.models.property.Role
+import com.android.trisolarisserver.repo.AppUserRepo
+import com.android.trisolarisserver.security.MyPrincipal
+import org.springframework.http.HttpStatus
+import org.springframework.web.server.ResponseStatusException
+import java.util.UUID
+
+internal fun requirePrincipal(principal: MyPrincipal?): MyPrincipal {
+    return principal ?: throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Missing principal")
+}
+
+internal fun requireUser(appUserRepo: AppUserRepo, principal: MyPrincipal?): AppUser {
+    val resolved = requirePrincipal(principal)
+    return appUserRepo.findById(resolved.userId).orElseThrow {
+        ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
+    }
+}
+
+internal fun requireMember(
+    propertyAccess: PropertyAccess,
+    propertyId: UUID,
+    principal: MyPrincipal?
+): MyPrincipal {
+    val resolved = requirePrincipal(principal)
+    propertyAccess.requireMember(propertyId, resolved.userId)
+    return resolved
+}
+
+internal fun requireRole(
+    propertyAccess: PropertyAccess,
+    propertyId: UUID,
+    principal: MyPrincipal?,
+    vararg roles: Role
+): MyPrincipal {
+    val resolved = requireMember(propertyAccess, propertyId, principal)
+    propertyAccess.requireAnyRole(propertyId, resolved.userId, *roles)
+    return resolved
+}