Update role enum and access control Remove isRouteAnAPI(route: string):

boolean Refactor role determination logic to use `eduPersonPrimaryAffiliation` and `amuComposante`. This simplifies checking for Polytech affiliation and identifies roles like professor, administration, and student more accurately. The API access control is updated to reflect the new role names.
2026-01-07 22:56:06 +01:00
parent c0a335d33f
commit bda47fd88b
2 changed files with 10 additions and 28 deletions
@@ -4,7 +4,7 @@ import { AsyncRoute } from "$fresh/src/server/types.ts";
 export interface AuthenticatedState {
  isAuthenticated: true;
  isFromPolytech: boolean;
-  role: "etudiants" | "personnels" | "autres";
+  role: "etudiant" | "professeur" | "administration" | "autre";
  session: CasContent;
  availablePages: Record<string, string>;
 }
@@ -25,14 +25,6 @@ function isRoutePublic(route: string): boolean {
    !!(route.match(/\..+$/)?.[0] ?? false);
 }

-/**
- * Checks if the given route is an API route.
- * @param route The route to check.
- * @returns `true` if the route is an API route, `false` otherwise.
- */
-function isRouteAnAPI(route: string): boolean {
-  return route.includes("/api/");
-}
 /**
 * Get the given user's key, creating it if not already existing.
 * @param user The key's user.
@@ -77,28 +69,24 @@ export const handler: MiddlewareHandler<State>[] = [
    );

    if (context.state.isAuthenticated) {
+
      const session: CasContent =
        (getJwtPayload(cookies["sessionToken"]) as LoginJWT).user;
-      const isFromPolytech = Object.values(session.memberOf).some(
-        (value) =>
-          typeof value === "string" && value.includes("cn=amu:ufr:polytech"),
-      );

+      const isFromPolytech = session.amuComposante.includes("polytech");
      context.state.isFromPolytech = isFromPolytech;

      if (isFromPolytech) {
        context.state.session = session;

-        if (Object.values(session.memberOf).some(
-          (value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:personnels")
-        )) {
-          context.state.role = "personnels";
-        } else if (Object.values(session.memberOf).some(
-          (value) => typeof value === "string" && value.includes("cn=amu:ufr:polytech:etudiants")
-        )) {
-          context.state.role = "etudiants";
+        if (session.eduPersonPrimaryAffiliation.includes("faculty")) {
+          context.state.role = "professeur"
+        } else if (session.eduPersonPrimaryAffiliation.includes("employee")) {
+          context.state.role = "administration"
+        } else if (session.eduPersonPrimaryAffiliation.includes("student")) {
+          context.state.role = "etudiant";
        } else {
-          context.state.role = "autres";
+          context.state.role = "autre";
        }
      }
    }
@@ -136,12 +124,6 @@ export const handler: MiddlewareHandler<State>[] = [
          },
        });
      }
-
-      if (isRouteAnAPI(url.pathname) && !(context.state.role == "personnels")) {
-        return new Response(null, {
-          status: 403,
-        });
-      }
    }

    return await context.next();