feat(authz): Project.canCreateModel and Project.canMoveToWorkspace policies (#4342)

* feat(authz): Project.canCreateModel policy

* feat(authz): Project.canMoveToWorkspace policy

* fix(authz): expose policies as permissions objects

* chore(authz): actually use the policies lol

* chore(authz): add tests for new policies

* fix(authz): skip affected test

* fix(authz): pr comments

* fix(authz): better errors, better tests

* chore(authz): remove references to deleted error

packages/server/modules/workspaces/services/workspaceLimits.ts

@@ -0,0 +1,29 @@
+import { GetPaginatedProjectModelsTotalCount } from '@/modules/core/domain/branches/operations'
+import {
+  GetWorkspaceModelCount,
+  QueryAllWorkspaceProjects
+} from '@/modules/workspaces/domain/operations'
+
+// TODO: Optimize with single model count query per regional db
+export const getWorkspaceModelCountFactory =
+  (deps: {
+    queryAllWorkspaceProjects: QueryAllWorkspaceProjects
+    getPaginatedProjectModelsTotalCount: GetPaginatedProjectModelsTotalCount
+  }): GetWorkspaceModelCount =>
+  async ({ workspaceId }) => {
+    let modelCount = 0
+
+    for await (const projects of deps.queryAllWorkspaceProjects({ workspaceId })) {
+      for (const project of projects) {
+        modelCount =
+          modelCount +
+          (await deps.getPaginatedProjectModelsTotalCount(project.id, {
+            filter: {
+              onlyWithVersions: true
+            }
+          }))
+      }
+    }
+
+    return modelCount
+  }