feat(api): implement enseignements CRUD endpoints
Add CRUD API for enseignements (prof-module-promo associations):
- POST /enseignements: Create with validation (201/409)
- GET /enseignements/{idProf}/{idModule}/{idPromo}: Read by composite
key (200/404)
- DELETE /enseignements/{idProf}/{idModule}/{idPromo}: Delete by
composite key (204/404)
Access control: Employee-only (403 Forbidden)
Tests: 7 unit tests added
Note: RBAC implementation pending (current access control is temporary)
This commit is contained in:
@@ -0,0 +1,70 @@
|
||||
import { FreshContext, Handlers } from "$fresh/server.ts";
|
||||
import { db } from "$root/databases/db.ts";
|
||||
import { enseignements } from "$root/databases/schema.ts";
|
||||
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
|
||||
import { and, eq } from "npm:drizzle-orm@0.45.2";
|
||||
|
||||
const NOT_FOUND = new Response(
|
||||
JSON.stringify({ error: "Ressource introuvable" }),
|
||||
{ status: 404, headers: { "content-type": "application/json" } },
|
||||
);
|
||||
|
||||
const FORBIDDEN = new Response(null, { status: 403 });
|
||||
|
||||
const CONFLICT = new Response(
|
||||
JSON.stringify({ error: "Cet enseignement existe déjà." }),
|
||||
{ status: 409, headers: { "content-type": "application/json" } },
|
||||
);
|
||||
|
||||
export const handler: Handlers<null, AuthenticatedState> = {
|
||||
// #29 POST /enseignements
|
||||
async POST(
|
||||
request: Request,
|
||||
context: FreshContext<AuthenticatedState>,
|
||||
): Promise<Response> {
|
||||
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
|
||||
return FORBIDDEN;
|
||||
}
|
||||
|
||||
const body: {
|
||||
idProf: string;
|
||||
idModule: string;
|
||||
idPromo: string;
|
||||
} = await request.json();
|
||||
|
||||
if (!body.idProf || !body.idModule || !body.idPromo) {
|
||||
return new Response(null, { status: 400 });
|
||||
}
|
||||
|
||||
// Check if enseignement already exists
|
||||
const existing = await db
|
||||
.select()
|
||||
.from(enseignements)
|
||||
.where(
|
||||
and(
|
||||
eq(enseignements.idProf, body.idProf),
|
||||
eq(enseignements.idModule, body.idModule),
|
||||
eq(enseignements.idPromo, body.idPromo),
|
||||
),
|
||||
)
|
||||
.then((rows) => rows[0] ?? null);
|
||||
|
||||
if (existing) {
|
||||
return CONFLICT;
|
||||
}
|
||||
|
||||
const [created] = await db
|
||||
.insert(enseignements)
|
||||
.values({
|
||||
idProf: body.idProf,
|
||||
idModule: body.idModule,
|
||||
idPromo: body.idPromo,
|
||||
})
|
||||
.returning();
|
||||
|
||||
return new Response(JSON.stringify(created), {
|
||||
status: 201,
|
||||
headers: { "content-type": "application/json" },
|
||||
});
|
||||
},
|
||||
};
|
||||
@@ -0,0 +1,75 @@
|
||||
import { FreshContext, Handlers } from "$fresh/server.ts";
|
||||
import { db } from "$root/databases/db.ts";
|
||||
import { enseignements } from "$root/databases/schema.ts";
|
||||
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
|
||||
import { and, eq } from "npm:drizzle-orm@0.45.2";
|
||||
|
||||
const NOT_FOUND = new Response(
|
||||
JSON.stringify({ error: "Ressource introuvable" }),
|
||||
{ status: 404, headers: { "content-type": "application/json" } },
|
||||
);
|
||||
|
||||
const FORBIDDEN = new Response(null, { status: 403 });
|
||||
|
||||
export const handler: Handlers<null, AuthenticatedState> = {
|
||||
// #30 GET /enseignements/{idProf}/{idModule}/{idPromo}
|
||||
async GET(
|
||||
_request: Request,
|
||||
context: FreshContext<AuthenticatedState>,
|
||||
): Promise<Response> {
|
||||
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
|
||||
return FORBIDDEN;
|
||||
}
|
||||
|
||||
const idProf = context.params.idProf;
|
||||
const idModule = context.params.idModule;
|
||||
const idPromo = context.params.idPromo;
|
||||
|
||||
const enseignement = await db
|
||||
.select()
|
||||
.from(enseignements)
|
||||
.where(
|
||||
and(
|
||||
eq(enseignements.idProf, idProf),
|
||||
eq(enseignements.idModule, idModule),
|
||||
eq(enseignements.idPromo, idPromo),
|
||||
),
|
||||
)
|
||||
.then((rows) => rows[0] ?? null);
|
||||
|
||||
if (!enseignement) return NOT_FOUND;
|
||||
|
||||
return new Response(JSON.stringify(enseignement), {
|
||||
headers: { "content-type": "application/json" },
|
||||
});
|
||||
},
|
||||
|
||||
// #31 DELETE /enseignements/{idProf}/{idModule}/{idPromo}
|
||||
async DELETE(
|
||||
_request: Request,
|
||||
context: FreshContext<AuthenticatedState>,
|
||||
): Promise<Response> {
|
||||
if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
|
||||
return FORBIDDEN;
|
||||
}
|
||||
|
||||
const idProf = context.params.idProf;
|
||||
const idModule = context.params.idModule;
|
||||
const idPromo = context.params.idPromo;
|
||||
|
||||
const [deleted] = await db
|
||||
.delete(enseignements)
|
||||
.where(
|
||||
and(
|
||||
eq(enseignements.idProf, idProf),
|
||||
eq(enseignements.idModule, idModule),
|
||||
eq(enseignements.idPromo, idPromo),
|
||||
),
|
||||
)
|
||||
.returning();
|
||||
|
||||
if (!deleted) return NOT_FOUND;
|
||||
|
||||
return new Response(null, { status: 204 });
|
||||
},
|
||||
};
|
||||
Reference in New Issue
Block a user