From 49bcc3083ace414d004e14e74ca5ca387657bdae Mon Sep 17 00:00:00 2001
From: Djalim Simaila <DjalimS.pro@outlook.fr>
Date: Tue, 5 May 2026 15:29:02 +0200
Subject: [PATCH] fix: faculty users are now recognized as employees

---
 defaults/interfaces.ts                                 |  5 +++++
 routes/(apps)/admin/api/enseignements.ts               |  6 +++---
 .../api/enseignements/[idProf]/[idModule]/[idPromo].ts |  6 +++---
 routes/(apps)/admin/api/modules.ts                     |  4 ++--
 .../api/ue-modules/[idModule]/[idUE]/[idPromo].ts      |  8 ++++----
 routes/(apps)/mobility/api/mobilites.ts                |  7 +++----
 routes/(apps)/mobility/api/mobilites/[idMob].ts        |  6 +++---
 .../(apps)/mobility/api/mobilites/[idMob]/contrat.ts   |  4 ++--
 routes/(apps)/notes/api/ajustements.ts                 |  4 ++--
 .../(apps)/notes/api/ajustements/[numEtud]/[idUE].ts   |  8 ++++----
 routes/(apps)/notes/partials/index.tsx                 | 10 +++++-----
 routes/(apps)/stages/api/stages.ts                     |  4 ++--
 routes/(apps)/stages/api/stages/[idStage].ts           |  6 +++---
 routes/(apps)/students/api/promotions.ts               |  6 +++---
 routes/(apps)/students/api/promotions/[idPromo].ts     |  8 ++++----
 routes/(apps)/students/api/students.ts                 |  6 +++---
 routes/(apps)/students/api/students/[numEtud].ts       |  8 ++++----
 routes/(apps)/students/api/students/import-csv.ts      |  4 ++--
 routes/(apps)/students/partials/index.tsx              | 10 +++++-----
 19 files changed, 62 insertions(+), 58 deletions(-)

diff --git a/defaults/interfaces.ts b/defaults/interfaces.ts
index 951201a..3b8c152 100644
--- a/defaults/interfaces.ts
+++ b/defaults/interfaces.ts
@@ -63,6 +63,11 @@ export interface LoginJWT {
   user: CasContent;
 }
 
+export function isEmployee(session: CasContent): boolean {
+  return session.eduPersonPrimaryAffiliation === "employee" ||
+    session.eduPersonPrimaryAffiliation === "faculty";
+}
+
 export type EmptyObject = Record<string | number | symbol, never>;
 
 // deno-lint-ignore no-explicit-any
diff --git a/routes/(apps)/admin/api/enseignements.ts b/routes/(apps)/admin/api/enseignements.ts
index bae6a2c..4fab7a9 100644
--- a/routes/(apps)/admin/api/enseignements.ts
+++ b/routes/(apps)/admin/api/enseignements.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { enseignements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const _NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(JSON.stringify([]), {
         headers: { "content-type": "application/json" },
       });
@@ -40,7 +40,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
diff --git a/routes/(apps)/admin/api/enseignements/[idProf]/[idModule]/[idPromo].ts b/routes/(apps)/admin/api/enseignements/[idProf]/[idModule]/[idPromo].ts
index 27cc6e2..f547512 100644
--- a/routes/(apps)/admin/api/enseignements/[idProf]/[idModule]/[idPromo].ts
+++ b/routes/(apps)/admin/api/enseignements/[idProf]/[idModule]/[idPromo].ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { enseignements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -18,7 +18,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -50,7 +50,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
diff --git a/routes/(apps)/admin/api/modules.ts b/routes/(apps)/admin/api/modules.ts
index 4519db3..4d62610 100644
--- a/routes/(apps)/admin/api/modules.ts
+++ b/routes/(apps)/admin/api/modules.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { modules } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -21,7 +21,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 
diff --git a/routes/(apps)/admin/api/ue-modules/[idModule]/[idUE]/[idPromo].ts b/routes/(apps)/admin/api/ue-modules/[idModule]/[idUE]/[idPromo].ts
index b71396d..7fcdf47 100644
--- a/routes/(apps)/admin/api/ue-modules/[idModule]/[idUE]/[idPromo].ts
+++ b/routes/(apps)/admin/api/ue-modules/[idModule]/[idUE]/[idPromo].ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ueModules } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -58,7 +58,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -111,7 +111,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
diff --git a/routes/(apps)/mobility/api/mobilites.ts b/routes/(apps)/mobility/api/mobilites.ts
index 8485a07..531b555 100644
--- a/routes/(apps)/mobility/api/mobilites.ts
+++ b/routes/(apps)/mobility/api/mobilites.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const VALID_STATUSES = [
@@ -46,15 +46,14 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    const isEmployee =
-      context.state.session.eduPersonPrimaryAffiliation === "employee";
+    const employeeCheck = isEmployee(context.state.session);
 
     try {
       const body = await request.json();
       const { numEtud, duree, ecole, pays, status, idStage } = body;
 
       // Students can only create mobilites for themselves
-      if (!isEmployee && numEtud !== undefined) {
+      if (!employeeCheck && numEtud !== undefined) {
         // Students cannot set idStage or status
         if (idStage || (status && status !== "contracts_received")) {
           return new Response(null, { status: 403 });
diff --git a/routes/(apps)/mobility/api/mobilites/[idMob].ts b/routes/(apps)/mobility/api/mobilites/[idMob].ts
index e774c3c..6b52192 100644
--- a/routes/(apps)/mobility/api/mobilites/[idMob].ts
+++ b/routes/(apps)/mobility/api/mobilites/[idMob].ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const VALID_STATUSES = [
@@ -49,7 +49,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -115,7 +115,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
diff --git a/routes/(apps)/mobility/api/mobilites/[idMob]/contrat.ts b/routes/(apps)/mobility/api/mobilites/[idMob]/contrat.ts
index 391c2ef..f1f0aa5 100644
--- a/routes/(apps)/mobility/api/mobilites/[idMob]/contrat.ts
+++ b/routes/(apps)/mobility/api/mobilites/[idMob]/contrat.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const CONTRACTS_DIR = "uploads/contracts";
@@ -118,7 +118,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 
diff --git a/routes/(apps)/notes/api/ajustements.ts b/routes/(apps)/notes/api/ajustements.ts
index b40e61e..3084031 100644
--- a/routes/(apps)/notes/api/ajustements.ts
+++ b/routes/(apps)/notes/api/ajustements.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 
diff --git a/routes/(apps)/notes/api/ajustements/[numEtud]/[idUE].ts b/routes/(apps)/notes/api/ajustements/[numEtud]/[idUE].ts
index b527cdc..ddd5fbd 100644
--- a/routes/(apps)/notes/api/ajustements/[numEtud]/[idUE].ts
+++ b/routes/(apps)/notes/api/ajustements/[numEtud]/[idUE].ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -18,7 +18,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -100,7 +100,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
diff --git a/routes/(apps)/notes/partials/index.tsx b/routes/(apps)/notes/partials/index.tsx
index e5d80ce..613e03a 100644
--- a/routes/(apps)/notes/partials/index.tsx
+++ b/routes/(apps)/notes/partials/index.tsx
@@ -3,16 +3,16 @@ import {
   makePartials,
 } from "$root/defaults/makePartials.tsx";
 import { FreshContext } from "$fresh/server.ts";
-import { State } from "$root/defaults/interfaces.ts";
+import { isEmployee, State } from "$root/defaults/interfaces.ts";
 
 // deno-lint-ignore require-await
 export async function Index(
   _request: Request,
   context: FreshContext<State>,
 ) {
-  const isEmployee =
-    (context.state as unknown as { session: Record<string, string> }).session
-      .eduPersonPrimaryAffiliation === "employee";
+  const employeeCheck = isEmployee(
+    (context.state as unknown as { session: Record<string, string> }).session,
+  );
 
   return (
     <div class="page-content">
@@ -25,7 +25,7 @@ export async function Index(
         </strong>
         .
       </p>
-      {isEmployee
+      {employeeCheck
         ? (
           <p>
             Consultez les{" "}
diff --git a/routes/(apps)/stages/api/stages.ts b/routes/(apps)/stages/api/stages.ts
index 602381c..dad93c1 100644
--- a/routes/(apps)/stages/api/stages.ts
+++ b/routes/(apps)/stages/api/stages.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { stages } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -38,7 +38,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 
diff --git a/routes/(apps)/stages/api/stages/[idStage].ts b/routes/(apps)/stages/api/stages/[idStage].ts
index 2fea148..23f8c9e 100644
--- a/routes/(apps)/stages/api/stages/[idStage].ts
+++ b/routes/(apps)/stages/api/stages/[idStage].ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites, stages } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -41,7 +41,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -98,7 +98,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
diff --git a/routes/(apps)/students/api/promotions.ts b/routes/(apps)/students/api/promotions.ts
index 8e87820..d91dedb 100644
--- a/routes/(apps)/students/api/promotions.ts
+++ b/routes/(apps)/students/api/promotions.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { promotions } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 
 export const handler: Handlers<null, AuthenticatedState> = {
   // #13 GET /promotions
@@ -9,7 +9,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(JSON.stringify([]), {
         headers: { "content-type": "application/json" },
       });
@@ -26,7 +26,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 
diff --git a/routes/(apps)/students/api/promotions/[idPromo].ts b/routes/(apps)/students/api/promotions/[idPromo].ts
index 53f1d95..bd42165 100644
--- a/routes/(apps)/students/api/promotions/[idPromo].ts
+++ b/routes/(apps)/students/api/promotions/[idPromo].ts
@@ -10,7 +10,7 @@ import {
   ueModules,
   ues,
 } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -27,7 +27,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -49,7 +49,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -76,7 +76,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
diff --git a/routes/(apps)/students/api/students.ts b/routes/(apps)/students/api/students.ts
index e2e5d38..7601f1e 100644
--- a/routes/(apps)/students/api/students.ts
+++ b/routes/(apps)/students/api/students.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -10,7 +10,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(JSON.stringify([]), {
         headers: { "content-type": "application/json" },
       });
@@ -33,7 +33,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 
diff --git a/routes/(apps)/students/api/students/[numEtud].ts b/routes/(apps)/students/api/students/[numEtud].ts
index 6d2c0e6..3974266 100644
--- a/routes/(apps)/students/api/students/[numEtud].ts
+++ b/routes/(apps)/students/api/students/[numEtud].ts
@@ -7,7 +7,7 @@ import {
   stages,
   students,
 } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -86,7 +86,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
diff --git a/routes/(apps)/students/api/students/import-csv.ts b/routes/(apps)/students/api/students/import-csv.ts
index 1e233a0..8cc2543 100644
--- a/routes/(apps)/students/api/students/import-csv.ts
+++ b/routes/(apps)/students/api/students/import-csv.ts
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 
 // #9 POST /students/import-csv
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -9,7 +9,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 
diff --git a/routes/(apps)/students/partials/index.tsx b/routes/(apps)/students/partials/index.tsx
index c696b94..b1a05c4 100644
--- a/routes/(apps)/students/partials/index.tsx
+++ b/routes/(apps)/students/partials/index.tsx
@@ -3,16 +3,16 @@ import {
   makePartials,
 } from "$root/defaults/makePartials.tsx";
 import { FreshContext } from "$fresh/server.ts";
-import { State } from "$root/defaults/interfaces.ts";
+import { isEmployee, State } from "$root/defaults/interfaces.ts";
 
 // deno-lint-ignore require-await
 export async function Index(
   _request: Request,
   context: FreshContext<State>,
 ) {
-  const isEmployee =
-    (context.state as unknown as { session: Record<string, string> }).session
-      .eduPersonPrimaryAffiliation === "employee";
+  const employeeStatus = isEmployee(
+    (context.state as unknown as { session: Record<string, string> }).session,
+  );
 
   return (
     <div class="page-content">
@@ -25,7 +25,7 @@ export async function Index(
         </strong>
         .
       </p>
-      {isEmployee && (
+      {employeeStatus && (
         <p>
           Consultez la{" "}
           <a href="/students/consult" f-partial="/students/partials/consult">