refactor(notes): replace AuthenticatedState with withRules, simplify handlers
refactor: add withRules wrapper to API routes Use withRules to enforce permissions instead of manual checks. Remove FORBIDDEN constant, simplify handlers, import withRules, adjust GET/POST/PUT/DELETE handlers. Centralizes auth logic. refactor: replace manual auth checks with withRules wrapper for routes refactor(student routes): replace manual employee checks with withRules wrapper
This commit is contained in:
@@ -2,6 +2,7 @@ import { FreshContext, Handlers } from "$fresh/server.ts";
|
||||
import { db } from "$root/databases/db.ts";
|
||||
import { ueModules } from "$root/databases/schema.ts";
|
||||
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
|
||||
import { withRules } from "$root/defaults/withRules.ts";
|
||||
import { and, eq } from "npm:drizzle-orm@0.45.2";
|
||||
|
||||
const NOT_FOUND = new Response(
|
||||
@@ -9,8 +10,6 @@ const NOT_FOUND = new Response(
|
||||
{ status: 404, headers: { "content-type": "application/json" } },
|
||||
);
|
||||
|
||||
const FORBIDDEN = new Response(null, { status: 403 });
|
||||
|
||||
const BAD_REQUEST = new Response(
|
||||
JSON.stringify({ error: "Paramètres invalides" }),
|
||||
{ status: 400, headers: { "content-type": "application/json" } },
|
||||
@@ -18,29 +17,24 @@ const BAD_REQUEST = new Response(
|
||||
|
||||
export const handler: Handlers<null, AuthenticatedState> = {
|
||||
// #39 GET /ue-modules/{idModule}/{idUE}/{idPromo}
|
||||
async GET(
|
||||
_request: Request,
|
||||
context: FreshContext<AuthenticatedState>,
|
||||
): Promise<Response> {
|
||||
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
|
||||
return FORBIDDEN;
|
||||
}
|
||||
GET: withRules(["note_read"])(async (_request, context) => {
|
||||
const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
|
||||
.params;
|
||||
const idUE = Number(
|
||||
(context as FreshContext<AuthenticatedState>).params.idUE,
|
||||
);
|
||||
|
||||
const idModule = context.params.idModule;
|
||||
const idUE = Number(context.params.idUE);
|
||||
const idPromo = context.params.idPromo;
|
||||
|
||||
if (isNaN(idUE)) {
|
||||
return BAD_REQUEST;
|
||||
}
|
||||
if (isNaN(idUE)) return BAD_REQUEST;
|
||||
|
||||
const ueModuleAssociation = await db
|
||||
.select()
|
||||
.from(ueModules)
|
||||
.where(
|
||||
eq(ueModules.idModule, idModule),
|
||||
eq(ueModules.idUE, idUE),
|
||||
eq(ueModules.idPromo, idPromo),
|
||||
and(
|
||||
eq(ueModules.idModule, idModule),
|
||||
eq(ueModules.idUE, idUE),
|
||||
eq(ueModules.idPromo, idPromo),
|
||||
),
|
||||
)
|
||||
.then((rows) => rows[0] ?? null);
|
||||
|
||||
@@ -49,24 +43,17 @@ export const handler: Handlers<null, AuthenticatedState> = {
|
||||
return new Response(JSON.stringify(ueModuleAssociation), {
|
||||
headers: { "content-type": "application/json" },
|
||||
});
|
||||
},
|
||||
}),
|
||||
|
||||
// #40 PUT /ue-modules/{idModule}/{idUE}/{idPromo}
|
||||
async PUT(
|
||||
request: Request,
|
||||
context: FreshContext<AuthenticatedState>,
|
||||
): Promise<Response> {
|
||||
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
|
||||
return FORBIDDEN;
|
||||
}
|
||||
PUT: withRules(["note_write"])(async (request, context) => {
|
||||
const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
|
||||
.params;
|
||||
const idUE = Number(
|
||||
(context as FreshContext<AuthenticatedState>).params.idUE,
|
||||
);
|
||||
|
||||
const idModule = context.params.idModule;
|
||||
const idUE = Number(context.params.idUE);
|
||||
const idPromo = context.params.idPromo;
|
||||
|
||||
if (isNaN(idUE)) {
|
||||
return BAD_REQUEST;
|
||||
}
|
||||
if (isNaN(idUE)) return BAD_REQUEST;
|
||||
|
||||
const body: { coeff: number } = await request.json();
|
||||
|
||||
@@ -98,28 +85,19 @@ export const handler: Handlers<null, AuthenticatedState> = {
|
||||
idPromo: updated.idPromo,
|
||||
coeff: updated.coeff,
|
||||
}),
|
||||
{
|
||||
headers: { "content-type": "application/json" },
|
||||
},
|
||||
{ headers: { "content-type": "application/json" } },
|
||||
);
|
||||
},
|
||||
}),
|
||||
|
||||
// #41 DELETE /ue-modules/{idModule}/{idUE}/{idPromo}
|
||||
async DELETE(
|
||||
_request: Request,
|
||||
context: FreshContext<AuthenticatedState>,
|
||||
): Promise<Response> {
|
||||
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
|
||||
return FORBIDDEN;
|
||||
}
|
||||
DELETE: withRules(["note_write"])(async (_request, context) => {
|
||||
const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
|
||||
.params;
|
||||
const idUE = Number(
|
||||
(context as FreshContext<AuthenticatedState>).params.idUE,
|
||||
);
|
||||
|
||||
const idModule = context.params.idModule;
|
||||
const idUE = Number(context.params.idUE);
|
||||
const idPromo = context.params.idPromo;
|
||||
|
||||
if (isNaN(idUE)) {
|
||||
return BAD_REQUEST;
|
||||
}
|
||||
if (isNaN(idUE)) return BAD_REQUEST;
|
||||
|
||||
const [deleted] = await db
|
||||
.delete(ueModules)
|
||||
@@ -135,5 +113,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
|
||||
if (!deleted) return NOT_FOUND;
|
||||
|
||||
return new Response(null, { status: 204 });
|
||||
},
|
||||
}),
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user