admin/PolyMPR
1
0
Fork 0
Code Issues 14 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity

Update role enum and access control Remove isRouteAnAPI(route: string):

Browse Source 
boolean

Refactor role determination logic to use `eduPersonPrimaryAffiliation`
and `amuComposante`. This simplifies checking for Polytech affiliation
and identifies roles like professor, administration, and student more
accurately. The API access control is updated to reflect the new role
names.
This commit is contained in:
Anys
2026-01-07 22:56:06 +01:00
parent 718e7f9d76
commit 229e72da88
2 changed files with 9 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
defaults/interfaces.ts
+1 -1
View File
@@ -4,7 +4,7 @@ import { AsyncRoute } from "$fresh/src/server/types.ts";
interface AuthenticatedState { interface AuthenticatedState {
isAuthenticated: true; isAuthenticated: true;
isFromPolytech: boolean; isFromPolytech: boolean;
role: "etudiants" | "personnels" | "autres"; role: "etudiant" | "professeur" | "administration" | "autre";
session: CasContent; session: CasContent;
} }
routes/_middleware.ts
+8 -27
View File
@@ -26,14 +26,6 @@ function isRoutePublic(route: string): boolean {
); );
} }
/**
* Checks if the given route is an API route.
* @param route The route to check.
* @returns `true` if the route is an API route, `false` otherwise.
*/
function isRouteAnAPI(route: string): boolean {
return route.includes("/api/");
}
/** /**
* Get the given user's key, creating it if not already existing. * Get the given user's key, creating it if not already existing.
* @param user The key's user. * @param user The key's user.
@@ -82,26 +74,21 @@ export const handler: MiddlewareHandler<State>[] = [
getJwtPayload(cookies["sessionToken"]) as LoginJWT getJwtPayload(cookies["sessionToken"]) as LoginJWT
).user; ).user;
const isFromPolytech = Object.values(session.memberOf).some( const isFromPolytech = session.amuComposante.includes("polytech");
(value) =>
typeof value === "string" && value.includes("cn=amu:ufr:polytech"),
);
context.state.isFromPolytech = isFromPolytech; context.state.isFromPolytech = isFromPolytech;
if (isFromPolytech) { if (isFromPolytech) {
context.state.session = session; context.state.session = session;
if (Object.values(session.memberOf).some( if (session.eduPersonPrimaryAffiliation.includes("faculty")) {
(value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:personnels") context.state.role = "professeur"
)) { } else if (session.eduPersonPrimaryAffiliation.includes("employee")) {
context.state.role = "personnels"; context.state.role = "administration"
} else if (Object.values(session.memberOf).some( } else if (session.eduPersonPrimaryAffiliation.includes("student")) {
(value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:etudiants") context.state.role = "etudiant";
)) {
context.state.role = "etudiants";
} else { } else {
context.state.role = "autres"; context.state.role = "autre";
} }
} }
} }
@@ -139,12 +126,6 @@ export const handler: MiddlewareHandler<State>[] = [
}, },
}); });
} }
if (isRouteAnAPI(url.pathname) && !(context.state.role == "personnels")) {
return new Response(null, {
status: 403,
});
}
} }
return await context.next(); return await context.next();