admin/PolyMPR
1
0
Fork 0
Code Issues 14 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity

refactor(notes): replace AuthenticatedState with withRules, simplify handlers

Browse Source 
refactor: add withRules wrapper to API routes

Use withRules to enforce permissions instead of manual checks.
Remove FORBIDDEN constant, simplify handlers, import withRules,
adjust GET/POST/PUT/DELETE handlers.
Centralizes auth logic.

refactor: replace manual auth checks with withRules wrapper for routes

refactor(student routes): replace manual employee checks with withRules wrapper
This commit is contained in:
Djalim Simaila
2026-04-27 19:31:20 +02:00
parent e2d22ff4b3
commit 9368e68622
12 changed files with 334 additions and 486 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/(apps)/students/api/promotions.ts
+6 -21
View File
@@ -1,35 +1,20 @@
import { FreshContext, Handlers } from "$fresh/server.ts";
import { Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { promotions } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { withRules } from "$root/defaults/withRules.ts";
export const handler: Handlers<null, AuthenticatedState> = {
// #13 GET /promotions
async GET(
_request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return new Response(JSON.stringify([]), {
headers: { "content-type": "application/json" },
});
}
GET: withRules(["student_read"])(async (_request, _context) => {
const rows = await db.select().from(promotions);
return new Response(JSON.stringify(rows), {
headers: { "content-type": "application/json" },
});
},
}),
// #14 POST /promotions
async POST(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return new Response(null, { status: 403 });
}
POST: withRules(["student_write"])(async (request, _context) => {
const body: { idPromo: string; annee: string } = await request.json();
if (!body.idPromo || !body.annee) {
@@ -45,5 +30,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
status: 201,
headers: { "content-type": "application/json" },
});
},
}),
};