admin/PolyMPR
1
0
Fork 0
Code Issues 14 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity

refactor(notes): replace AuthenticatedState with withRules, simplify handlers

Browse Source 
refactor: add withRules wrapper to API routes

Use withRules to enforce permissions instead of manual checks.
Remove FORBIDDEN constant, simplify handlers, import withRules,
adjust GET/POST/PUT/DELETE handlers.
Centralizes auth logic.

refactor: replace manual auth checks with withRules wrapper for routes

refactor(student routes): replace manual employee checks with withRules wrapper
This commit is contained in:
Djalim Simaila
2026-04-27 19:31:20 +02:00
parent e2d22ff4b3
commit 9368e68622
12 changed files with 334 additions and 486 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/(apps)/notes/api/ajustements.ts
+51 -68
View File
@@ -1,83 +1,66 @@
import { FreshContext, Handlers } from "$fresh/server.ts";
import { Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { ajustements } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { eq } from "npm:drizzle-orm@0.45.2";
export const handler: Handlers<null, AuthenticatedState> = {
export const handler: Handlers = {
// #48 GET /ajustements
async GET(request) {
try {
const url = new URL(request.url);
const numEtudParam = url.searchParams.get("numEtud");
const idUEParam = url.searchParams.get("idUE");
GET: withRules(["note_read"])(async (request, _context) => {
const url = new URL(request.url);
const numEtudParam = url.searchParams.get("numEtud");
const idUEParam = url.searchParams.get("idUE");
let query = db.select().from(ajustements).$dynamic();
let query = db.select().from(ajustements).$dynamic();
if (numEtudParam) {
const numEtud = parseInt(numEtudParam);
if (isNaN(numEtud)) {
return new Response("Paramètre numEtud invalide", { status: 400 });
}
query = query.where(eq(ajustements.numEtud, numEtud));
if (numEtudParam) {
const numEtud = parseInt(numEtudParam);
if (isNaN(numEtud)) {
return new Response("Paramètre numEtud invalide", { status: 400 });
}
if (idUEParam) {
const idUE = parseInt(idUEParam);
if (isNaN(idUE)) {
return new Response("Paramètre idUE invalide", { status: 400 });
}
query = query.where(eq(ajustements.idUE, idUE));
}
const result = await query;
return new Response(JSON.stringify(result), {
status: 200,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
console.error("Error fetching ajustements:", error);
return new Response("Failed to fetch data", { status: 500 });
query = query.where(eq(ajustements.numEtud, numEtud));
}
},
if (idUEParam) {
const idUE = parseInt(idUEParam);
if (isNaN(idUE)) {
return new Response("Paramètre idUE invalide", { status: 400 });
}
query = query.where(eq(ajustements.idUE, idUE));
}
const result = await query;
return new Response(JSON.stringify(result), {
status: 200,
headers: { "Content-Type": "application/json" },
});
}),
// #49 POST /ajustements
async POST(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return new Response(null, { status: 403 });
POST: withRules(["note_write"])(async (request, _context) => {
const body: { numEtud: number; idUE: number; valeur: number } =
await request.json();
if (!body.numEtud || !body.idUE || body.valeur === undefined) {
return new Response(
JSON.stringify({ error: "Champs requis: numEtud, idUE, valeur" }),
{ status: 400, headers: { "content-type": "application/json" } },
);
}
try {
const body: { numEtud: number; idUE: number; valeur: number } =
await request.json();
const [created] = await db
.insert(ajustements)
.values({
numEtud: body.numEtud,
idUE: body.idUE,
valeur: body.valeur,
})
.returning();
if (!body.numEtud || !body.idUE || body.valeur === undefined) {
return new Response(
JSON.stringify({ error: "Champs requis: numEtud, idUE, valeur" }),
{ status: 400, headers: { "content-type": "application/json" } },
);
}
const [created] = await db
.insert(ajustements)
.values({
numEtud: body.numEtud,
idUE: body.idUE,
valeur: body.valeur,
})
.returning();
return new Response(JSON.stringify(created), {
status: 201,
headers: { "content-type": "application/json" },
});
} catch (error) {
console.error("Error creating ajustement:", error);
return new Response("Failed to create ajustement", { status: 500 });
}
},
return new Response(JSON.stringify(created), {
status: 201,
headers: { "content-type": "application/json" },
});
}),
};
routes/(apps)/notes/api/notes.ts
+44 -53
View File
@@ -1,70 +1,61 @@
import { Handlers } from "$fresh/server.ts";
import { db } from "../../../../databases/db.ts";
import { notes } from "../../../../databases/schema.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { eq } from "npm:drizzle-orm@0.45.2";
export const handler: Handlers = {
// #42 GET /notes
async GET(request) {
try {
const url = new URL(request.url);
const numEtudParam = url.searchParams.get("numEtud");
const idModule = url.searchParams.get("idModule");
GET: withRules(["note_read", "own_note"])(async (request, _context) => {
const url = new URL(request.url);
const numEtudParam = url.searchParams.get("numEtud");
const idModule = url.searchParams.get("idModule");
let query = db.select().from(notes).$dynamic();
let query = db.select().from(notes).$dynamic();
if (numEtudParam) {
const numEtud = parseInt(numEtudParam);
if (isNaN(numEtud)) {
return new Response("Paramètre numEtud invalide", { status: 400 });
}
query = query.where(eq(notes.numEtud, numEtud));
if (numEtudParam) {
const numEtud = parseInt(numEtudParam);
if (isNaN(numEtud)) {
return new Response("Paramètre numEtud invalide", { status: 400 });
}
if (idModule) {
query = query.where(eq(notes.idModule, idModule));
}
const result = await query;
return new Response(JSON.stringify(result), {
status: 200,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
console.error("Error fetching notes:", error);
return new Response("Failed to fetch data", { status: 500 });
query = query.where(eq(notes.numEtud, numEtud));
}
},
if (idModule) {
query = query.where(eq(notes.idModule, idModule));
}
const result = await query;
return new Response(JSON.stringify(result), {
status: 200,
headers: { "Content-Type": "application/json" },
});
}),
// #43 POST /notes
async POST(request) {
try {
const body = await request.json();
const { note, numEtud, idModule } = body;
POST: withRules(["note_write", "own_teaching_note"])(async (request, _context) => {
const body = await request.json();
const { note, numEtud, idModule } = body;
if (note === undefined || !numEtud || !idModule) {
return new Response("Champs 'note', 'numEtud' et 'idModule' requis", {
status: 400,
});
}
if (typeof note !== "number" || note < 0 || note > 20) {
return new Response("Champ 'note' doit être un nombre entre 0 et 20", {
status: 400,
});
}
const result = await db.insert(notes).values({ note, numEtud, idModule })
.returning();
return new Response(JSON.stringify(result[0]), {
status: 201,
headers: { "Content-Type": "application/json" },
if (note === undefined || !numEtud || !idModule) {
return new Response("Champs 'note', 'numEtud' et 'idModule' requis", {
status: 400,
});
} catch (error) {
console.error("Error creating note:", error);
return new Response("Failed to create note", { status: 500 });
}
},
if (typeof note !== "number" || note < 0 || note > 20) {
return new Response("Champ 'note' doit être un nombre entre 0 et 20", {
status: 400,
});
}
const result = await db.insert(notes).values({ note, numEtud, idModule })
.returning();
return new Response(JSON.stringify(result[0]), {
status: 201,
headers: { "Content-Type": "application/json" },
});
}),
};
routes/(apps)/notes/api/notes/[numEtud]/[idModule].ts
+9 -4
View File
@@ -1,11 +1,12 @@
import { Handlers } from "$fresh/server.ts";
import { db } from "../../../../../../databases/db.ts";
import { notes } from "../../../../../../databases/schema.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { and, eq } from "npm:drizzle-orm@0.45.2";
export const handler: Handlers = {
// #45 GET /notes/:numEtud/:idModule
async GET(_request, context) {
GET: withRules(["note_read", "own_note", "own_teaching_note"])(async (_request, context) => {
try {
const numEtud = parseInt(context.params.numEtud);
const { idModule } = context.params;
@@ -47,8 +48,10 @@ export const handler: Handlers = {
}
},
}),
// #46 PUT /notes/:numEtud/:idModule
async PUT(request, context) {
PUT: withRules(["note_write", "own_teaching_note"])(async (request, context) => {
try {
const numEtud = parseInt(context.params.numEtud);
const { idModule } = context.params;
@@ -97,8 +100,10 @@ export const handler: Handlers = {
}
},
}),
// #47 DELETE /notes/:numEtud/:idModule
async DELETE(_request, context) {
DELETE: withRules(["note_write"])(async (_request, context) => {
try {
const numEtud = parseInt(context.params.numEtud);
const { idModule } = context.params;
@@ -135,5 +140,5 @@ export const handler: Handlers = {
console.error("Error deleting note:", error);
return new Response("Failed to delete note", { status: 500 });
}
},
}),
};
routes/(apps)/notes/api/ue-modules.ts
+48 -57
View File
@@ -1,72 +1,63 @@
import { Handlers } from "$fresh/server.ts";
import { db } from "../../../../databases/db.ts";
import { ueModules } from "../../../../databases/schema.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { and, eq } from "npm:drizzle-orm@0.45.2";
export const handler: Handlers = {
// #37 GET /ue-modules
async GET(request) {
try {
const url = new URL(request.url);
const idPromo = url.searchParams.get("idPromo");
const idUEParam = url.searchParams.get("idUE");
GET: withRules(["note_read"])(async (request, _context) => {
const url = new URL(request.url);
const idPromo = url.searchParams.get("idPromo");
const idUEParam = url.searchParams.get("idUE");
const idUE = idUEParam ? parseInt(idUEParam) : null;
const idUE = idUEParam ? parseInt(idUEParam) : null;
if (idUEParam && isNaN(idUE!)) {
return new Response("Paramètre idUE invalide", { status: 400 });
}
const result = await db.select().from(ueModules).where(
and(
idPromo ? eq(ueModules.idPromo, idPromo) : undefined,
idUE ? eq(ueModules.idUE, idUE) : undefined,
),
);
return new Response(JSON.stringify(result), {
status: 200,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
console.error("Error fetching UE-modules:", error);
return new Response("Failed to fetch data", { status: 500 });
if (idUEParam && isNaN(idUE!)) {
return new Response("Paramètre idUE invalide", { status: 400 });
}
},
const result = await db.select().from(ueModules).where(
and(
idPromo ? eq(ueModules.idPromo, idPromo) : undefined,
idUE ? eq(ueModules.idUE, idUE) : undefined,
),
);
return new Response(JSON.stringify(result), {
status: 200,
headers: { "Content-Type": "application/json" },
});
}),
// #38 POST /ue-modules
async POST(request) {
try {
const body = await request.json();
const { idModule, idUE, idPromo, coeff } = body;
POST: withRules(["note_write"])(async (request, _context) => {
const body = await request.json();
const { idModule, idUE, idPromo, coeff } = body;
if (!idModule || !idUE || !idPromo || coeff === undefined) {
return new Response(
"Champs 'idModule', 'idUE', 'idPromo' et 'coeff' requis",
{ status: 400 },
);
}
if (typeof coeff !== "number" || coeff < 0) {
return new Response("Champ 'coeff' doit être un nombre >= 0", {
status: 400,
});
}
const result = await db.insert(ueModules).values({
idModule,
idUE,
idPromo,
coeff,
}).returning();
return new Response(JSON.stringify(result[0]), {
status: 201,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
console.error("Error creating UE-module:", error);
return new Response("Failed to create UE-module", { status: 500 });
if (!idModule || !idUE || !idPromo || coeff === undefined) {
return new Response(
"Champs 'idModule', 'idUE', 'idPromo' et 'coeff' requis",
{ status: 400 },
);
}
},
if (typeof coeff !== "number" || coeff < 0) {
return new Response("Champ 'coeff' doit être un nombre >= 0", {
status: 400,
});
}
const result = await db.insert(ueModules).values({
idModule,
idUE,
idPromo,
coeff,
}).returning();
return new Response(JSON.stringify(result[0]), {
status: 201,
headers: { "Content-Type": "application/json" },
});
}),
};
routes/(apps)/notes/api/ue-modules/[idModule]/[idUE]/[idPromo].ts
+31 -53
View File
@@ -2,6 +2,7 @@ import { FreshContext, Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { ueModules } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { and, eq } from "npm:drizzle-orm@0.45.2";
const NOT_FOUND = new Response(
@@ -9,8 +10,6 @@ const NOT_FOUND = new Response(
{ status: 404, headers: { "content-type": "application/json" } },
);
const FORBIDDEN = new Response(null, { status: 403 });
const BAD_REQUEST = new Response(
JSON.stringify({ error: "Paramètres invalides" }),
{ status: 400, headers: { "content-type": "application/json" } },
@@ -18,29 +17,24 @@ const BAD_REQUEST = new Response(
export const handler: Handlers<null, AuthenticatedState> = {
// #39 GET /ue-modules/{idModule}/{idUE}/{idPromo}
async GET(
_request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
GET: withRules(["note_read"])(async (_request, context) => {
const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
.params;
const idUE = Number(
(context as FreshContext<AuthenticatedState>).params.idUE,
);
const idModule = context.params.idModule;
const idUE = Number(context.params.idUE);
const idPromo = context.params.idPromo;
if (isNaN(idUE)) {
return BAD_REQUEST;
}
if (isNaN(idUE)) return BAD_REQUEST;
const ueModuleAssociation = await db
.select()
.from(ueModules)
.where(
eq(ueModules.idModule, idModule),
eq(ueModules.idUE, idUE),
eq(ueModules.idPromo, idPromo),
and(
eq(ueModules.idModule, idModule),
eq(ueModules.idUE, idUE),
eq(ueModules.idPromo, idPromo),
),
)
.then((rows) => rows[0] ?? null);
@@ -49,24 +43,17 @@ export const handler: Handlers<null, AuthenticatedState> = {
return new Response(JSON.stringify(ueModuleAssociation), {
headers: { "content-type": "application/json" },
});
},
}),
// #40 PUT /ue-modules/{idModule}/{idUE}/{idPromo}
async PUT(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
PUT: withRules(["note_write"])(async (request, context) => {
const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
.params;
const idUE = Number(
(context as FreshContext<AuthenticatedState>).params.idUE,
);
const idModule = context.params.idModule;
const idUE = Number(context.params.idUE);
const idPromo = context.params.idPromo;
if (isNaN(idUE)) {
return BAD_REQUEST;
}
if (isNaN(idUE)) return BAD_REQUEST;
const body: { coeff: number } = await request.json();
@@ -98,28 +85,19 @@ export const handler: Handlers<null, AuthenticatedState> = {
idPromo: updated.idPromo,
coeff: updated.coeff,
}),
{
headers: { "content-type": "application/json" },
},
{ headers: { "content-type": "application/json" } },
);
},
}),
// #41 DELETE /ue-modules/{idModule}/{idUE}/{idPromo}
async DELETE(
_request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
DELETE: withRules(["note_write"])(async (_request, context) => {
const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
.params;
const idUE = Number(
(context as FreshContext<AuthenticatedState>).params.idUE,
);
const idModule = context.params.idModule;
const idUE = Number(context.params.idUE);
const idPromo = context.params.idPromo;
if (isNaN(idUE)) {
return BAD_REQUEST;
}
if (isNaN(idUE)) return BAD_REQUEST;
const [deleted] = await db
.delete(ueModules)
@@ -135,5 +113,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
if (!deleted) return NOT_FOUND;
return new Response(null, { status: 204 });
},
}),
};
routes/(apps)/notes/api/ues.ts
+21 -30
View File
@@ -1,42 +1,33 @@
import { Handlers } from "$fresh/server.ts";
import { db } from "../../../../databases/db.ts";
import { ues } from "../../../../databases/schema.ts";
import { withRules } from "$root/defaults/withRules.ts";
export const handler: Handlers = {
// #32 GET /ues
async GET() {
try {
const result = await db.select().from(ues);
GET: withRules(["note_read"])(async (_request, _context) => {
const result = await db.select().from(ues);
return new Response(JSON.stringify(result), {
status: 200,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
console.error("Error fetching UEs:", error);
return new Response("Failed to fetch data", { status: 500 });
}
},
return new Response(JSON.stringify(result), {
status: 200,
headers: { "Content-Type": "application/json" },
});
}),
// #33 POST /ues
async POST(request) {
try {
const body = await request.json();
const { nom } = body;
POST: withRules(["note_write"])(async (request, _context) => {
const body = await request.json();
const { nom } = body;
if (!nom || !nom.trim()) {
return new Response("Champ 'nom' manquant", { status: 400 });
}
const result = await db.insert(ues).values({ nom }).returning();
return new Response(JSON.stringify(result[0]), {
status: 201,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
console.error("Error creating UE:", error);
return new Response("Failed to create UE", { status: 500 });
if (!nom || !nom.trim()) {
return new Response("Champ 'nom' manquant", { status: 400 });
}
},
const result = await db.insert(ues).values({ nom }).returning();
return new Response(JSON.stringify(result[0]), {
status: 201,
headers: { "Content-Type": "application/json" },
});
}),
};
routes/(apps)/notes/api/ues/[idUE].ts
+73 -105
View File
@@ -1,122 +1,90 @@
import { Handlers } from "$fresh/server.ts";
import { db } from "../../../../../databases/db.ts";
import { ues } from "../../../../../databases/schema.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { eq } from "npm:drizzle-orm@0.45.2";
export const handler: Handlers = {
// # 34 GET /ues/:idUE
async GET(_request, context) {
try {
const idUE = parseInt(context.params.idUE);
// #34 GET /ues/:idUE
GET: withRules(["note_read"])(async (_request, context) => {
const idUE = parseInt(context.params.idUE);
if (isNaN(idUE)) {
return new Response(
JSON.stringify({ error: "Paramètre idUE invalide" }),
{
status: 400,
headers: { "Content-Type": "application/json" },
},
);
}
const result = await db.select().from(ues).where(eq(ues.id, idUE));
if (result.length === 0) {
return new Response(
JSON.stringify({ error: "Ressource introuvable" }),
{
status: 404,
headers: { "Content-Type": "application/json" },
},
);
}
return new Response(JSON.stringify(result[0]), {
status: 200,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
console.error("Error fetching UE:", error);
return new Response("Failed to fetch data", { status: 500 });
if (isNaN(idUE)) {
return new Response(
JSON.stringify({ error: "Paramètre idUE invalide" }),
{ status: 400, headers: { "Content-Type": "application/json" } },
);
}
},
const result = await db.select().from(ues).where(eq(ues.id, idUE));
if (result.length === 0) {
return new Response(
JSON.stringify({ error: "Ressource introuvable" }),
{ status: 404, headers: { "Content-Type": "application/json" } },
);
}
return new Response(JSON.stringify(result[0]), {
status: 200,
headers: { "Content-Type": "application/json" },
});
}),
// #35 PUT /ues/:idUE
async PUT(request, context) {
try {
const idUE = parseInt(context.params.idUE);
PUT: withRules(["note_write"])(async (request, context) => {
const idUE = parseInt(context.params.idUE);
if (isNaN(idUE)) {
return new Response(
JSON.stringify({ error: "Paramètre idUE invalide" }),
{
status: 400,
headers: { "Content-Type": "application/json" },
},
);
}
const body = await request.json();
const { nom } = body;
if (!nom) {
return new Response("Champ 'nom' manquant", { status: 400 });
}
const result = await db.update(ues).set({ nom }).where(eq(ues.id, idUE))
.returning();
if (result.length === 0) {
return new Response(
JSON.stringify({ error: "Ressource introuvable" }),
{
status: 404,
headers: { "Content-Type": "application/json" },
},
);
}
return new Response(JSON.stringify(result[0]), {
status: 200,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
console.error("Error updating UE:", error);
return new Response("Failed to update UE", { status: 500 });
if (isNaN(idUE)) {
return new Response(
JSON.stringify({ error: "Paramètre idUE invalide" }),
{ status: 400, headers: { "Content-Type": "application/json" } },
);
}
},
const body = await request.json();
const { nom } = body;
if (!nom) {
return new Response("Champ 'nom' manquant", { status: 400 });
}
const result = await db.update(ues).set({ nom }).where(eq(ues.id, idUE))
.returning();
if (result.length === 0) {
return new Response(
JSON.stringify({ error: "Ressource introuvable" }),
{ status: 404, headers: { "Content-Type": "application/json" } },
);
}
return new Response(JSON.stringify(result[0]), {
status: 200,
headers: { "Content-Type": "application/json" },
});
}),
// #36 DELETE /ues/:idUE
async DELETE(_request, context) {
try {
const idUE = parseInt(context.params.idUE);
DELETE: withRules(["note_write"])(async (_request, context) => {
const idUE = parseInt(context.params.idUE);
if (isNaN(idUE)) {
return new Response(
JSON.stringify({ error: "Paramètre idUE invalide" }),
{
status: 400,
headers: { "Content-Type": "application/json" },
},
);
}
const result = await db.delete(ues).where(eq(ues.id, idUE)).returning();
if (result.length === 0) {
return new Response(
JSON.stringify({ error: "Ressource introuvable" }),
{
status: 404,
headers: { "Content-Type": "application/json" },
},
);
}
return new Response(null, { status: 204 });
} catch (error) {
console.error("Error deleting UE:", error);
return new Response("Failed to delete UE", { status: 500 });
if (isNaN(idUE)) {
return new Response(
JSON.stringify({ error: "Paramètre idUE invalide" }),
{ status: 400, headers: { "Content-Type": "application/json" } },
);
}
},
const result = await db.delete(ues).where(eq(ues.id, idUE)).returning();
if (result.length === 0) {
return new Response(
JSON.stringify({ error: "Ressource introuvable" }),
{ status: 404, headers: { "Content-Type": "application/json" } },
);
}
return new Response(null, { status: 204 });
}),
};
routes/(apps)/students/api/promotions.ts
+6 -21
View File
@@ -1,35 +1,20 @@
import { FreshContext, Handlers } from "$fresh/server.ts";
import { Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { promotions } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { withRules } from "$root/defaults/withRules.ts";
export const handler: Handlers<null, AuthenticatedState> = {
// #13 GET /promotions
async GET(
_request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return new Response(JSON.stringify([]), {
headers: { "content-type": "application/json" },
});
}
GET: withRules(["student_read"])(async (_request, _context) => {
const rows = await db.select().from(promotions);
return new Response(JSON.stringify(rows), {
headers: { "content-type": "application/json" },
});
},
}),
// #14 POST /promotions
async POST(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return new Response(null, { status: 403 });
}
POST: withRules(["student_write"])(async (request, _context) => {
const body: { idPromo: string; annee: string } = await request.json();
if (!body.idPromo || !body.annee) {
@@ -45,5 +30,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
status: 201,
headers: { "content-type": "application/json" },
});
},
}),
};
routes/(apps)/students/api/promotions/[idPromo].ts
+25 -32
View File
@@ -2,6 +2,7 @@ import { FreshContext, Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { promotions } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { eq } from "npm:drizzle-orm@0.45.2";
const NOT_FOUND = new Response(
@@ -9,22 +10,18 @@ const NOT_FOUND = new Response(
{ status: 404, headers: { "content-type": "application/json" } },
);
const FORBIDDEN = new Response(null, { status: 403 });
export const handler: Handlers<null, AuthenticatedState> = {
// #15 GET /promotions/{idPromo}
async GET(
_request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
GET: withRules(["student_read"])(async (_request, context) => {
const promo = await db
.select()
.from(promotions)
.where(eq(promotions.id, context.params.idPromo))
.where(
eq(
promotions.id,
(context as FreshContext<AuthenticatedState>).params.idPromo,
),
)
.then((rows) => rows[0] ?? null);
if (!promo) return NOT_FOUND;
@@ -32,23 +29,21 @@ export const handler: Handlers<null, AuthenticatedState> = {
return new Response(JSON.stringify(promo), {
headers: { "content-type": "application/json" },
});
},
}),
// #16 PUT /promotions/{idPromo}
async PUT(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
PUT: withRules(["student_write"])(async (request, context) => {
const body: { annee: string } = await request.json();
const [updated] = await db
.update(promotions)
.set({ annee: body.annee })
.where(eq(promotions.id, context.params.idPromo))
.where(
eq(
promotions.id,
(context as FreshContext<AuthenticatedState>).params.idPromo,
),
)
.returning();
if (!updated) return NOT_FOUND;
@@ -56,24 +51,22 @@ export const handler: Handlers<null, AuthenticatedState> = {
return new Response(JSON.stringify(updated), {
headers: { "content-type": "application/json" },
});
},
}),
// #17 DELETE /promotions/{idPromo}
async DELETE(
_request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
DELETE: withRules(["student_write"])(async (_request, context) => {
const [deleted] = await db
.delete(promotions)
.where(eq(promotions.id, context.params.idPromo))
.where(
eq(
promotions.id,
(context as FreshContext<AuthenticatedState>).params.idPromo,
),
)
.returning();
if (!deleted) return NOT_FOUND;
return new Response(null, { status: 204 });
},
}),
};
routes/(apps)/students/api/students.ts
+6 -21
View File
@@ -1,21 +1,13 @@
import { FreshContext, Handlers } from "$fresh/server.ts";
import { Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { students } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { eq } from "npm:drizzle-orm@0.45.2";
export const handler: Handlers<null, AuthenticatedState> = {
// #7 GET /students
async GET(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return new Response(JSON.stringify([]), {
headers: { "content-type": "application/json" },
});
}
GET: withRules(["student_read"])(async (request, _context) => {
const url = new URL(request.url);
const idPromo = url.searchParams.get("idPromo");
@@ -26,17 +18,10 @@ export const handler: Handlers<null, AuthenticatedState> = {
return new Response(JSON.stringify(rows), {
headers: { "content-type": "application/json" },
});
},
}),
// #8 POST /students
async POST(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return new Response(null, { status: 403 });
}
POST: withRules(["student_write"])(async (request, _context) => {
const body: {
numEtud: number;
nom: string;
@@ -57,5 +42,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
status: 201,
headers: { "content-type": "application/json" },
});
},
}),
};
routes/(apps)/students/api/students/[numEtud].ts
+16 -32
View File
@@ -2,6 +2,7 @@ import { FreshContext, Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { students } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { withRules } from "$root/defaults/withRules.ts";
import { eq } from "npm:drizzle-orm@0.45.2";
const NOT_FOUND = new Response(
@@ -9,19 +10,12 @@ const NOT_FOUND = new Response(
{ status: 404, headers: { "content-type": "application/json" } },
);
const FORBIDDEN = new Response(null, { status: 403 });
export const handler: Handlers<null, AuthenticatedState> = {
// #10 GET /students/{numEtud}
async GET(
_request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
const numEtud = Number(context.params.numEtud);
GET: withRules(["student_read"])(async (_request, context) => {
const numEtud = Number(
(context as FreshContext<AuthenticatedState>).params.numEtud,
);
const student = await db
.select()
.from(students)
@@ -33,18 +27,13 @@ export const handler: Handlers<null, AuthenticatedState> = {
return new Response(JSON.stringify(student), {
headers: { "content-type": "application/json" },
});
},
}),
// #11 PUT /students/{numEtud}
async PUT(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
const numEtud = Number(context.params.numEtud);
PUT: withRules(["student_write"])(async (request, context) => {
const numEtud = Number(
(context as FreshContext<AuthenticatedState>).params.numEtud,
);
const body: { nom: string; prenom: string; idPromo: string } = await request
.json();
@@ -59,18 +48,13 @@ export const handler: Handlers<null, AuthenticatedState> = {
return new Response(JSON.stringify(updated), {
headers: { "content-type": "application/json" },
});
},
}),
// #12 DELETE /students/{numEtud}
async DELETE(
_request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return FORBIDDEN;
}
const numEtud = Number(context.params.numEtud);
DELETE: withRules(["student_write"])(async (_request, context) => {
const numEtud = Number(
(context as FreshContext<AuthenticatedState>).params.numEtud,
);
const [deleted] = await db
.delete(students)
.where(eq(students.numEtud, numEtud))
@@ -79,5 +63,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
if (!deleted) return NOT_FOUND;
return new Response(null, { status: 204 });
},
}),
};
routes/(apps)/students/api/students/import-csv.ts
+4 -10
View File
@@ -1,18 +1,12 @@
import { FreshContext, Handlers } from "$fresh/server.ts";
import { Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { students } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { withRules } from "$root/defaults/withRules.ts";
// #9 POST /students/import-csv
export const handler: Handlers<null, AuthenticatedState> = {
async POST(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
return new Response(null, { status: 403 });
}
POST: withRules(["student_write"])(async (request, _context) => {
const formData = await request.formData();
const file = formData.get("file") as File | null;
const idPromo = formData.get("idPromo") as string | null;
@@ -60,5 +54,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
return new Response(JSON.stringify({ imported, errors }), {
headers: { "content-type": "application/json" },
});
},
}),
};