phase 3.2 & 4.1

backend/app/boards/permissions.py

@@ -0,0 +1,29 @@
+"""Permission validation middleware for boards."""
+
+from uuid import UUID
+
+from fastapi import HTTPException, status
+from sqlalchemy.orm import Session
+
+from app.boards.repository import BoardRepository
+
+
+def validate_board_ownership(board_id: UUID, user_id: UUID, db: Session) -> None:
+    """
+    Validate that the user owns the board.
+
+    Args:
+        board_id: Board UUID
+        user_id: User UUID
+        db: Database session
+
+    Raises:
+        HTTPException: 404 if board not found or not owned by user
+    """
+    repo = BoardRepository(db)
+
+    if not repo.board_exists(board_id, user_id):
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Board {board_id} not found or access denied",
+        )