refactor(notes): improve error handling and formatting

docs: update CLAUDE.md formatting

defaults/withRules.ts

@@ -0,0 +1,108 @@
+import { FreshContext } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import {
+  enseignements,
+  rolePermissions,
+  users,
+} from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { and, eq } from "npm:drizzle-orm@0.45.2";
+
+type RuleFn = (
+  req: Request,
+  ctx: FreshContext<AuthenticatedState>,
+) => Promise<boolean> | boolean;
+
+async function hasPermission(
+  uid: string,
+  permission: string,
+): Promise<boolean> {
+  const [user] = await db.select().from(users).where(eq(users.id, uid));
+  if (!user || user.idRole === null) return false;
+
+  const [rp] = await db.select().from(rolePermissions).where(
+    and(
+      eq(rolePermissions.idRole, user.idRole!),
+      eq(rolePermissions.idPermission, permission),
+    ),
+  );
+  return !!rp;
+}
+
+function parseNumEtud(uid: string): number {
+  return parseInt(uid.slice(1));
+}
+
+const rules = {
+  student_read: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "student_read"),
+  student_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "student_write"),
+  note_read: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "note_read"),
+  note_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "note_write"),
+  module_read: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "module_read"),
+  module_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "module_write"),
+  user_read: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "user_read"),
+  user_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "user_write"),
+  role_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "role_write"),
+
+  // Contextual rules — student accessing their own data
+  own_student: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    parseNumEtud(ctx.state.session.uid) === Number(ctx.params.numEtud),
+  own_note: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    parseNumEtud(ctx.state.session.uid) === Number(ctx.params.numEtud),
+
+  // Contextual rule — teacher accessing notes for a module they teach
+  own_teaching_note: async (
+    _req: Request,
+    ctx: FreshContext<AuthenticatedState>,
+  ) => {
+    const [row] = await db.select().from(enseignements).where(
+      and(
+        eq(enseignements.idProf, ctx.state.session.uid),
+        eq(enseignements.idModule, ctx.params.idModule),
+      ),
+    );
+    return !!row;
+  },
+};
+
+export type RuleName = keyof typeof rules;
+
+type HandlerFn = (
+  req: Request,
+  ctx: FreshContext<AuthenticatedState>,
+) => Promise<Response>;
+
+/**
+ * Wraps a route handler with permission checks.
+ * Access is granted if ANY of the provided rules passes (OR logic).
+ * Returns 403 if none pass.
+ *
+ * @example
+ * export const handler: Handlers<null, AuthenticatedState> = {
+ *   GET: withRules(["note_read", "own_note"])(async (req, ctx) => {
+ *     // ...
+ *   }),
+ * };
+ */
+export function withRules(ruleNames: RuleName[]) {
+  return (handler: HandlerFn): HandlerFn => {
+    return async (req, ctx) => {
+      const results = await Promise.all(
+        ruleNames.map((name) => rules[name](req, ctx)),
+      );
+      if (!results.some(Boolean)) {
+        return new Response(null, { status: 403 });
+      }
+      return handler(req, ctx);
+    };
+  };
+}

routes/(apps)/notes/api/ajustements.ts

@@ -1,83 +1,66 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
+import { Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
-export const handler: Handlers<null, AuthenticatedState> = {
+export const handler: Handlers = {
   // #48 GET /ajustements
-  async GET(request) {
+  GET: withRules(["note_read"])(async (request, _context) => {
-    try {
+    const url = new URL(request.url);
-      const url = new URL(request.url);
+    const numEtudParam = url.searchParams.get("numEtud");
-      const numEtudParam = url.searchParams.get("numEtud");
+    const idUEParam = url.searchParams.get("idUE");
-      const idUEParam = url.searchParams.get("idUE");
 
-      let query = db.select().from(ajustements).$dynamic();
+    let query = db.select().from(ajustements).$dynamic();
 
-      if (numEtudParam) {
+    if (numEtudParam) {
-        const numEtud = parseInt(numEtudParam);
+      const numEtud = parseInt(numEtudParam);
-        if (isNaN(numEtud)) {
+      if (isNaN(numEtud)) {
-          return new Response("Paramètre numEtud invalide", { status: 400 });
+        return new Response("Paramètre numEtud invalide", { status: 400 });
-        }
-        query = query.where(eq(ajustements.numEtud, numEtud));
       }
-
+      query = query.where(eq(ajustements.numEtud, numEtud));
-      if (idUEParam) {
-        const idUE = parseInt(idUEParam);
-        if (isNaN(idUE)) {
-          return new Response("Paramètre idUE invalide", { status: 400 });
-        }
-        query = query.where(eq(ajustements.idUE, idUE));
-      }
-
-      const result = await query;
-
-      return new Response(JSON.stringify(result), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching ajustements:", error);
-      return new Response("Failed to fetch data", { status: 500 });
     }
-  },
+
+    if (idUEParam) {
+      const idUE = parseInt(idUEParam);
+      if (isNaN(idUE)) {
+        return new Response("Paramètre idUE invalide", { status: 400 });
+      }
+      query = query.where(eq(ajustements.idUE, idUE));
+    }
+
+    const result = await query;
+
+    return new Response(JSON.stringify(result), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }),
 
   // #49 POST /ajustements
-  async POST(
+  POST: withRules(["note_write"])(async (request, _context) => {
-    request: Request,
+    const body: { numEtud: number; idUE: number; valeur: number } =
-    context: FreshContext<AuthenticatedState>,
+      await request.json();
-  ): Promise<Response> {
+
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!body.numEtud || !body.idUE || body.valeur === undefined) {
-      return new Response(null, { status: 403 });
+      return new Response(
+        JSON.stringify({ error: "Champs requis: numEtud, idUE, valeur" }),
+        { status: 400, headers: { "content-type": "application/json" } },
+      );
     }
 
-    try {
+    const [created] = await db
-      const body: { numEtud: number; idUE: number; valeur: number } =
+      .insert(ajustements)
-        await request.json();
+      .values({
+        numEtud: body.numEtud,
+        idUE: body.idUE,
+        valeur: body.valeur,
+      })
+      .returning();
 
-      if (!body.numEtud || !body.idUE || body.valeur === undefined) {
+    return new Response(JSON.stringify(created), {
-        return new Response(
+      status: 201,
-          JSON.stringify({ error: "Champs requis: numEtud, idUE, valeur" }),
+      headers: { "content-type": "application/json" },
-          { status: 400, headers: { "content-type": "application/json" } },
+    });
-        );
+  }),
-      }
-
-      const [created] = await db
-        .insert(ajustements)
-        .values({
-          numEtud: body.numEtud,
-          idUE: body.idUE,
-          valeur: body.valeur,
-        })
-        .returning();
-
-      return new Response(JSON.stringify(created), {
-        status: 201,
-        headers: { "content-type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error creating ajustement:", error);
-      return new Response("Failed to create ajustement", { status: 500 });
-    }
-  },
 };

routes/(apps)/notes/api/notes.ts

@@ -1,45 +1,41 @@
 import { Handlers } from "$fresh/server.ts";
 import { db } from "../../../../databases/db.ts";
 import { notes } from "../../../../databases/schema.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers = {
   // #42 GET /notes
-  async GET(request) {
+  GET: withRules(["note_read", "own_note"])(async (request, _context) => {
-    try {
+    const url = new URL(request.url);
-      const url = new URL(request.url);
+    const numEtudParam = url.searchParams.get("numEtud");
-      const numEtudParam = url.searchParams.get("numEtud");
+    const idModule = url.searchParams.get("idModule");
-      const idModule = url.searchParams.get("idModule");
 
-      let query = db.select().from(notes).$dynamic();
+    let query = db.select().from(notes).$dynamic();
 
-      if (numEtudParam) {
+    if (numEtudParam) {
-        const numEtud = parseInt(numEtudParam);
+      const numEtud = parseInt(numEtudParam);
-        if (isNaN(numEtud)) {
+      if (isNaN(numEtud)) {
-          return new Response("Paramètre numEtud invalide", { status: 400 });
+        return new Response("Paramètre numEtud invalide", { status: 400 });
-        }
-        query = query.where(eq(notes.numEtud, numEtud));
       }
-
+      query = query.where(eq(notes.numEtud, numEtud));
-      if (idModule) {
-        query = query.where(eq(notes.idModule, idModule));
-      }
-
-      const result = await query;
-
-      return new Response(JSON.stringify(result), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching notes:", error);
-      return new Response("Failed to fetch data", { status: 500 });
     }
-  },
+
+    if (idModule) {
+      query = query.where(eq(notes.idModule, idModule));
+    }
+
+    const result = await query;
+
+    return new Response(JSON.stringify(result), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }),
 
   // #43 POST /notes
-  async POST(request) {
+  POST: withRules(["note_write", "own_teaching_note"])(
-    try {
+    async (request, _context) => {
       const body = await request.json();
       const { note, numEtud, idModule } = body;
 
@@ -62,9 +58,6 @@ export const handler: Handlers = {
         status: 201,
         headers: { "Content-Type": "application/json" },
       });
-    } catch (error) {
+    },
-      console.error("Error creating note:", error);
+  ),
-      return new Response("Failed to create note", { status: 500 });
-    }
-  },
 };

routes/(apps)/notes/api/notes/[numEtud]/[idModule].ts

@@ -1,104 +1,109 @@
 import { Handlers } from "$fresh/server.ts";
 import { db } from "../../../../../../databases/db.ts";
 import { notes } from "../../../../../../databases/schema.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers = {
   // #45 GET /notes/:numEtud/:idModule
-  async GET(_request, context) {
+  GET: withRules(["note_read", "own_note", "own_teaching_note"])(
-    try {
+    async (_request, context) => {
-      const numEtud = parseInt(context.params.numEtud);
+      try {
-      const { idModule } = context.params;
+        const numEtud = parseInt(context.params.numEtud);
+        const { idModule } = context.params;
 
-      if (isNaN(numEtud)) {
+        if (isNaN(numEtud)) {
-        return new Response(
+          return new Response(
-          JSON.stringify({ error: "Paramètre numEtud invalide" }),
+            JSON.stringify({ error: "Paramètre numEtud invalide" }),
-          {
+            {
-            status: 400,
+              status: 400,
-            headers: { "Content-Type": "application/json" },
+              headers: { "Content-Type": "application/json" },
-          },
+            },
+          );
+        }
+
+        const result = await db.select().from(notes).where(
+          and(
+            eq(notes.numEtud, numEtud),
+            eq(notes.idModule, idModule),
+          ),
         );
+
+        if (result.length === 0) {
+          return new Response(
+            JSON.stringify({ error: "Ressource introuvable" }),
+            {
+              status: 404,
+              headers: { "Content-Type": "application/json" },
+            },
+          );
+        }
+
+        return new Response(JSON.stringify(result[0]), {
+          status: 200,
+          headers: { "Content-Type": "application/json" },
+        });
+      } catch (error) {
+        console.error("Error fetching note:", error);
+        return new Response("Failed to fetch data", { status: 500 });
       }
-
+    },
-      const result = await db.select().from(notes).where(
+  ),
-        and(
-          eq(notes.numEtud, numEtud),
-          eq(notes.idModule, idModule),
-        ),
-      );
-
-      if (result.length === 0) {
-        return new Response(
-          JSON.stringify({ error: "Ressource introuvable" }),
-          {
-            status: 404,
-            headers: { "Content-Type": "application/json" },
-          },
-        );
-      }
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching note:", error);
-      return new Response("Failed to fetch data", { status: 500 });
-    }
-  },
 
   // #46 PUT /notes/:numEtud/:idModule
-  async PUT(request, context) {
+  PUT: withRules(["note_write", "own_teaching_note"])(
-    try {
+    async (request, context) => {
-      const numEtud = parseInt(context.params.numEtud);
+      try {
-      const { idModule } = context.params;
+        const numEtud = parseInt(context.params.numEtud);
+        const { idModule } = context.params;
 
-      if (isNaN(numEtud)) {
+        if (isNaN(numEtud)) {
-        return new Response(
+          return new Response(
-          JSON.stringify({ error: "Paramètre numEtud invalide" }),
+            JSON.stringify({ error: "Paramètre numEtud invalide" }),
-          {
+            {
-            status: 400,
+              status: 400,
-            headers: { "Content-Type": "application/json" },
+              headers: { "Content-Type": "application/json" },
-          },
+            },
-        );
+          );
+        }
+
+        const body = await request.json();
+        const { note } = body;
+
+        if (note === undefined) {
+          return new Response("Champ 'note' manquant", { status: 400 });
+        }
+
+        const result = await db.update(notes).set({ note }).where(
+          and(
+            eq(notes.numEtud, numEtud),
+            eq(notes.idModule, idModule),
+          ),
+        ).returning();
+
+        if (result.length === 0) {
+          return new Response(
+            JSON.stringify({ error: "Ressource introuvable" }),
+            {
+              status: 404,
+              headers: { "Content-Type": "application/json" },
+            },
+          );
+        }
+
+        return new Response(JSON.stringify(result[0]), {
+          status: 200,
+          headers: { "Content-Type": "application/json" },
+        });
+      } catch (error) {
+        console.error("Error updating note:", error);
+        return new Response("Failed to update note", { status: 500 });
       }
-
+    },
-      const body = await request.json();
+  ),
-      const { note } = body;
-
-      if (note === undefined) {
-        return new Response("Champ 'note' manquant", { status: 400 });
-      }
-
-      const result = await db.update(notes).set({ note }).where(
-        and(
-          eq(notes.numEtud, numEtud),
-          eq(notes.idModule, idModule),
-        ),
-      ).returning();
-
-      if (result.length === 0) {
-        return new Response(
-          JSON.stringify({ error: "Ressource introuvable" }),
-          {
-            status: 404,
-            headers: { "Content-Type": "application/json" },
-          },
-        );
-      }
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error updating note:", error);
-      return new Response("Failed to update note", { status: 500 });
-    }
-  },
 
   // #47 DELETE /notes/:numEtud/:idModule
-  async DELETE(_request, context) {
+  DELETE: withRules(["note_write"])(async (_request, context) => {
     try {
       const numEtud = parseInt(context.params.numEtud);
       const { idModule } = context.params;
@@ -135,5 +140,5 @@ export const handler: Handlers = {
       console.error("Error deleting note:", error);
       return new Response("Failed to delete note", { status: 500 });
     }
-  },
+  }),
 };

routes/(apps)/notes/api/ue-modules.ts

@@ -1,72 +1,63 @@
 import { Handlers } from "$fresh/server.ts";
 import { db } from "../../../../databases/db.ts";
 import { ueModules } from "../../../../databases/schema.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers = {
   // #37 GET /ue-modules
-  async GET(request) {
+  GET: withRules(["note_read"])(async (request, _context) => {
-    try {
+    const url = new URL(request.url);
-      const url = new URL(request.url);
+    const idPromo = url.searchParams.get("idPromo");
-      const idPromo = url.searchParams.get("idPromo");
+    const idUEParam = url.searchParams.get("idUE");
-      const idUEParam = url.searchParams.get("idUE");
 
-      const idUE = idUEParam ? parseInt(idUEParam) : null;
+    const idUE = idUEParam ? parseInt(idUEParam) : null;
 
-      if (idUEParam && isNaN(idUE!)) {
+    if (idUEParam && isNaN(idUE!)) {
-        return new Response("Paramètre idUE invalide", { status: 400 });
+      return new Response("Paramètre idUE invalide", { status: 400 });
-      }
-
-      const result = await db.select().from(ueModules).where(
-        and(
-          idPromo ? eq(ueModules.idPromo, idPromo) : undefined,
-          idUE ? eq(ueModules.idUE, idUE) : undefined,
-        ),
-      );
-
-      return new Response(JSON.stringify(result), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching UE-modules:", error);
-      return new Response("Failed to fetch data", { status: 500 });
     }
-  },
+
+    const result = await db.select().from(ueModules).where(
+      and(
+        idPromo ? eq(ueModules.idPromo, idPromo) : undefined,
+        idUE ? eq(ueModules.idUE, idUE) : undefined,
+      ),
+    );
+
+    return new Response(JSON.stringify(result), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }),
 
   // #38 POST /ue-modules
-  async POST(request) {
+  POST: withRules(["note_write"])(async (request, _context) => {
-    try {
+    const body = await request.json();
-      const body = await request.json();
+    const { idModule, idUE, idPromo, coeff } = body;
-      const { idModule, idUE, idPromo, coeff } = body;
 
-      if (!idModule || !idUE || !idPromo || coeff === undefined) {
+    if (!idModule || !idUE || !idPromo || coeff === undefined) {
-        return new Response(
+      return new Response(
-          "Champs 'idModule', 'idUE', 'idPromo' et 'coeff' requis",
+        "Champs 'idModule', 'idUE', 'idPromo' et 'coeff' requis",
-          { status: 400 },
+        { status: 400 },
-        );
+      );
-      }
-
-      if (typeof coeff !== "number" || coeff < 0) {
-        return new Response("Champ 'coeff' doit être un nombre >= 0", {
-          status: 400,
-        });
-      }
-
-      const result = await db.insert(ueModules).values({
-        idModule,
-        idUE,
-        idPromo,
-        coeff,
-      }).returning();
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 201,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error creating UE-module:", error);
-      return new Response("Failed to create UE-module", { status: 500 });
     }
-  },
+
+    if (typeof coeff !== "number" || coeff < 0) {
+      return new Response("Champ 'coeff' doit être un nombre >= 0", {
+        status: 400,
+      });
+    }
+
+    const result = await db.insert(ueModules).values({
+      idModule,
+      idUE,
+      idPromo,
+      coeff,
+    }).returning();
+
+    return new Response(JSON.stringify(result[0]), {
+      status: 201,
+      headers: { "Content-Type": "application/json" },
+    });
+  }),
 };

routes/(apps)/notes/api/ue-modules/[idModule]/[idUE]/[idPromo].ts

@@ -2,6 +2,7 @@ import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ueModules } from "$root/databases/schema.ts";
 import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = new Response(
@@ -9,8 +10,6 @@ const NOT_FOUND = new Response(
   { status: 404, headers: { "content-type": "application/json" } },
 );
 
-const FORBIDDEN = new Response(null, { status: 403 });
-
 const BAD_REQUEST = new Response(
   JSON.stringify({ error: "Paramètres invalides" }),
   { status: 400, headers: { "content-type": "application/json" } },
@@ -18,29 +17,24 @@ const BAD_REQUEST = new Response(
 
 export const handler: Handlers<null, AuthenticatedState> = {
   // #39 GET /ue-modules/{idModule}/{idUE}/{idPromo}
-  async GET(
+  GET: withRules(["note_read"])(async (_request, context) => {
-    _request: Request,
+    const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
-    context: FreshContext<AuthenticatedState>,
+      .params;
-  ): Promise<Response> {
+    const idUE = Number(
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      (context as FreshContext<AuthenticatedState>).params.idUE,
-      return FORBIDDEN;
+    );
-    }
 
-    const idModule = context.params.idModule;
+    if (isNaN(idUE)) return BAD_REQUEST;
-    const idUE = Number(context.params.idUE);
-    const idPromo = context.params.idPromo;
-
-    if (isNaN(idUE)) {
-      return BAD_REQUEST;
-    }
 
     const ueModuleAssociation = await db
       .select()
       .from(ueModules)
       .where(
-        eq(ueModules.idModule, idModule),
+        and(
-        eq(ueModules.idUE, idUE),
+          eq(ueModules.idModule, idModule),
-        eq(ueModules.idPromo, idPromo),
+          eq(ueModules.idUE, idUE),
+          eq(ueModules.idPromo, idPromo),
+        ),
       )
       .then((rows) => rows[0] ?? null);
 
@@ -49,24 +43,17 @@ export const handler: Handlers<null, AuthenticatedState> = {
     return new Response(JSON.stringify(ueModuleAssociation), {
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 
   // #40 PUT /ue-modules/{idModule}/{idUE}/{idPromo}
-  async PUT(
+  PUT: withRules(["note_write"])(async (request, context) => {
-    request: Request,
+    const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
-    context: FreshContext<AuthenticatedState>,
+      .params;
-  ): Promise<Response> {
+    const idUE = Number(
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      (context as FreshContext<AuthenticatedState>).params.idUE,
-      return FORBIDDEN;
+    );
-    }
 
-    const idModule = context.params.idModule;
+    if (isNaN(idUE)) return BAD_REQUEST;
-    const idUE = Number(context.params.idUE);
-    const idPromo = context.params.idPromo;
-
-    if (isNaN(idUE)) {
-      return BAD_REQUEST;
-    }
 
     const body: { coeff: number } = await request.json();
 
@@ -98,28 +85,19 @@ export const handler: Handlers<null, AuthenticatedState> = {
         idPromo: updated.idPromo,
         coeff: updated.coeff,
       }),
-      {
+      { headers: { "content-type": "application/json" } },
-        headers: { "content-type": "application/json" },
-      },
     );
-  },
+  }),
 
   // #41 DELETE /ue-modules/{idModule}/{idUE}/{idPromo}
-  async DELETE(
+  DELETE: withRules(["note_write"])(async (_request, context) => {
-    _request: Request,
+    const { idModule, idPromo } = (context as FreshContext<AuthenticatedState>)
-    context: FreshContext<AuthenticatedState>,
+      .params;
-  ): Promise<Response> {
+    const idUE = Number(
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      (context as FreshContext<AuthenticatedState>).params.idUE,
-      return FORBIDDEN;
+    );
-    }
 
-    const idModule = context.params.idModule;
+    if (isNaN(idUE)) return BAD_REQUEST;
-    const idUE = Number(context.params.idUE);
-    const idPromo = context.params.idPromo;
-
-    if (isNaN(idUE)) {
-      return BAD_REQUEST;
-    }
 
     const [deleted] = await db
       .delete(ueModules)
@@ -135,5 +113,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
     if (!deleted) return NOT_FOUND;
 
     return new Response(null, { status: 204 });
-  },
+  }),
 };

routes/(apps)/notes/api/ues.ts

@@ -1,42 +1,33 @@
 import { Handlers } from "$fresh/server.ts";
 import { db } from "../../../../databases/db.ts";
 import { ues } from "../../../../databases/schema.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 
 export const handler: Handlers = {
   // #32 GET /ues
-  async GET() {
+  GET: withRules(["note_read"])(async (_request, _context) => {
-    try {
+    const result = await db.select().from(ues);
-      const result = await db.select().from(ues);
 
-      return new Response(JSON.stringify(result), {
+    return new Response(JSON.stringify(result), {
-        status: 200,
+      status: 200,
-        headers: { "Content-Type": "application/json" },
+      headers: { "Content-Type": "application/json" },
-      });
+    });
-    } catch (error) {
+  }),
-      console.error("Error fetching UEs:", error);
-      return new Response("Failed to fetch data", { status: 500 });
-    }
-  },
 
   // #33 POST /ues
-  async POST(request) {
+  POST: withRules(["note_write"])(async (request, _context) => {
-    try {
+    const body = await request.json();
-      const body = await request.json();
+    const { nom } = body;
-      const { nom } = body;
 
-      if (!nom || !nom.trim()) {
+    if (!nom || !nom.trim()) {
-        return new Response("Champ 'nom' manquant", { status: 400 });
+      return new Response("Champ 'nom' manquant", { status: 400 });
-      }
-
-      const result = await db.insert(ues).values({ nom }).returning();
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 201,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error creating UE:", error);
-      return new Response("Failed to create UE", { status: 500 });
     }
-  },
+
+    const result = await db.insert(ues).values({ nom }).returning();
+
+    return new Response(JSON.stringify(result[0]), {
+      status: 201,
+      headers: { "Content-Type": "application/json" },
+    });
+  }),
 };

routes/(apps)/notes/api/ues/[idUE].ts

@@ -1,122 +1,90 @@
 import { Handlers } from "$fresh/server.ts";
 import { db } from "../../../../../databases/db.ts";
 import { ues } from "../../../../../databases/schema.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers = {
-  // # 34 GET /ues/:idUE
+  // #34 GET /ues/:idUE
-  async GET(_request, context) {
+  GET: withRules(["note_read"])(async (_request, context) => {
-    try {
+    const idUE = parseInt(context.params.idUE);
-      const idUE = parseInt(context.params.idUE);
 
-      if (isNaN(idUE)) {
+    if (isNaN(idUE)) {
-        return new Response(
+      return new Response(
-          JSON.stringify({ error: "Paramètre idUE invalide" }),
+        JSON.stringify({ error: "Paramètre idUE invalide" }),
-          {
+        { status: 400, headers: { "Content-Type": "application/json" } },
-            status: 400,
+      );
-            headers: { "Content-Type": "application/json" },
-          },
-        );
-      }
-
-      const result = await db.select().from(ues).where(eq(ues.id, idUE));
-
-      if (result.length === 0) {
-        return new Response(
-          JSON.stringify({ error: "Ressource introuvable" }),
-          {
-            status: 404,
-            headers: { "Content-Type": "application/json" },
-          },
-        );
-      }
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching UE:", error);
-      return new Response("Failed to fetch data", { status: 500 });
     }
-  },
+
+    const result = await db.select().from(ues).where(eq(ues.id, idUE));
+
+    if (result.length === 0) {
+      return new Response(
+        JSON.stringify({ error: "Ressource introuvable" }),
+        { status: 404, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    return new Response(JSON.stringify(result[0]), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }),
 
   // #35 PUT /ues/:idUE
-  async PUT(request, context) {
+  PUT: withRules(["note_write"])(async (request, context) => {
-    try {
+    const idUE = parseInt(context.params.idUE);
-      const idUE = parseInt(context.params.idUE);
 
-      if (isNaN(idUE)) {
+    if (isNaN(idUE)) {
-        return new Response(
+      return new Response(
-          JSON.stringify({ error: "Paramètre idUE invalide" }),
+        JSON.stringify({ error: "Paramètre idUE invalide" }),
-          {
+        { status: 400, headers: { "Content-Type": "application/json" } },
-            status: 400,
+      );
-            headers: { "Content-Type": "application/json" },
-          },
-        );
-      }
-
-      const body = await request.json();
-      const { nom } = body;
-
-      if (!nom) {
-        return new Response("Champ 'nom' manquant", { status: 400 });
-      }
-
-      const result = await db.update(ues).set({ nom }).where(eq(ues.id, idUE))
-        .returning();
-
-      if (result.length === 0) {
-        return new Response(
-          JSON.stringify({ error: "Ressource introuvable" }),
-          {
-            status: 404,
-            headers: { "Content-Type": "application/json" },
-          },
-        );
-      }
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error updating UE:", error);
-      return new Response("Failed to update UE", { status: 500 });
     }
-  },
+
+    const body = await request.json();
+    const { nom } = body;
+
+    if (!nom) {
+      return new Response("Champ 'nom' manquant", { status: 400 });
+    }
+
+    const result = await db.update(ues).set({ nom }).where(eq(ues.id, idUE))
+      .returning();
+
+    if (result.length === 0) {
+      return new Response(
+        JSON.stringify({ error: "Ressource introuvable" }),
+        { status: 404, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    return new Response(JSON.stringify(result[0]), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }),
 
   // #36 DELETE /ues/:idUE
-  async DELETE(_request, context) {
+  DELETE: withRules(["note_write"])(async (_request, context) => {
-    try {
+    const idUE = parseInt(context.params.idUE);
-      const idUE = parseInt(context.params.idUE);
 
-      if (isNaN(idUE)) {
+    if (isNaN(idUE)) {
-        return new Response(
+      return new Response(
-          JSON.stringify({ error: "Paramètre idUE invalide" }),
+        JSON.stringify({ error: "Paramètre idUE invalide" }),
-          {
+        { status: 400, headers: { "Content-Type": "application/json" } },
-            status: 400,
+      );
-            headers: { "Content-Type": "application/json" },
-          },
-        );
-      }
-
-      const result = await db.delete(ues).where(eq(ues.id, idUE)).returning();
-
-      if (result.length === 0) {
-        return new Response(
-          JSON.stringify({ error: "Ressource introuvable" }),
-          {
-            status: 404,
-            headers: { "Content-Type": "application/json" },
-          },
-        );
-      }
-
-      return new Response(null, { status: 204 });
-    } catch (error) {
-      console.error("Error deleting UE:", error);
-      return new Response("Failed to delete UE", { status: 500 });
     }
-  },
+
+    const result = await db.delete(ues).where(eq(ues.id, idUE)).returning();
+
+    if (result.length === 0) {
+      return new Response(
+        JSON.stringify({ error: "Ressource introuvable" }),
+        { status: 404, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    return new Response(null, { status: 204 });
+  }),
 };

routes/(apps)/students/api/promotions.ts

@@ -1,35 +1,20 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
+import { Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { promotions } from "$root/databases/schema.ts";
 import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 
 export const handler: Handlers<null, AuthenticatedState> = {
   // #13 GET /promotions
-  async GET(
+  GET: withRules(["student_read"])(async (_request, _context) => {
-    _request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return new Response(JSON.stringify([]), {
-        headers: { "content-type": "application/json" },
-      });
-    }
-
     const rows = await db.select().from(promotions);
     return new Response(JSON.stringify(rows), {
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 
   // #14 POST /promotions
-  async POST(
+  POST: withRules(["student_write"])(async (request, _context) => {
-    request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return new Response(null, { status: 403 });
-    }
-
     const body: { idPromo: string; annee: string } = await request.json();
 
     if (!body.idPromo || !body.annee) {
@@ -45,5 +30,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
       status: 201,
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 };

routes/(apps)/students/api/promotions/[idPromo].ts

@@ -2,6 +2,7 @@ import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { promotions } from "$root/databases/schema.ts";
 import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = new Response(
@@ -9,22 +10,18 @@ const NOT_FOUND = new Response(
   { status: 404, headers: { "content-type": "application/json" } },
 );
 
-const FORBIDDEN = new Response(null, { status: 403 });
-
 export const handler: Handlers<null, AuthenticatedState> = {
   // #15 GET /promotions/{idPromo}
-  async GET(
+  GET: withRules(["student_read"])(async (_request, context) => {
-    _request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
     const promo = await db
       .select()
       .from(promotions)
-      .where(eq(promotions.id, context.params.idPromo))
+      .where(
+        eq(
+          promotions.id,
+          (context as FreshContext<AuthenticatedState>).params.idPromo,
+        ),
+      )
       .then((rows) => rows[0] ?? null);
 
     if (!promo) return NOT_FOUND;
@@ -32,23 +29,21 @@ export const handler: Handlers<null, AuthenticatedState> = {
     return new Response(JSON.stringify(promo), {
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 
   // #16 PUT /promotions/{idPromo}
-  async PUT(
+  PUT: withRules(["student_write"])(async (request, context) => {
-    request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
     const body: { annee: string } = await request.json();
 
     const [updated] = await db
       .update(promotions)
       .set({ annee: body.annee })
-      .where(eq(promotions.id, context.params.idPromo))
+      .where(
+        eq(
+          promotions.id,
+          (context as FreshContext<AuthenticatedState>).params.idPromo,
+        ),
+      )
       .returning();
 
     if (!updated) return NOT_FOUND;
@@ -56,24 +51,22 @@ export const handler: Handlers<null, AuthenticatedState> = {
     return new Response(JSON.stringify(updated), {
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 
   // #17 DELETE /promotions/{idPromo}
-  async DELETE(
+  DELETE: withRules(["student_write"])(async (_request, context) => {
-    _request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
     const [deleted] = await db
       .delete(promotions)
-      .where(eq(promotions.id, context.params.idPromo))
+      .where(
+        eq(
+          promotions.id,
+          (context as FreshContext<AuthenticatedState>).params.idPromo,
+        ),
+      )
       .returning();
 
     if (!deleted) return NOT_FOUND;
 
     return new Response(null, { status: 204 });
-  },
+  }),
 };

routes/(apps)/students/api/students.ts

@@ -1,21 +1,13 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
+import { Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
 import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
   // #7 GET /students
-  async GET(
+  GET: withRules(["student_read"])(async (request, _context) => {
-    request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return new Response(JSON.stringify([]), {
-        headers: { "content-type": "application/json" },
-      });
-    }
-
     const url = new URL(request.url);
     const idPromo = url.searchParams.get("idPromo");
 
@@ -26,17 +18,10 @@ export const handler: Handlers<null, AuthenticatedState> = {
     return new Response(JSON.stringify(rows), {
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 
   // #8 POST /students
-  async POST(
+  POST: withRules(["student_write"])(async (request, _context) => {
-    request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return new Response(null, { status: 403 });
-    }
-
     const body: {
       numEtud: number;
       nom: string;
@@ -57,5 +42,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
       status: 201,
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 };

routes/(apps)/students/api/students/[numEtud].ts

@@ -2,6 +2,7 @@ import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
 import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = new Response(
@@ -9,19 +10,12 @@ const NOT_FOUND = new Response(
   { status: 404, headers: { "content-type": "application/json" } },
 );
 
-const FORBIDDEN = new Response(null, { status: 403 });
-
 export const handler: Handlers<null, AuthenticatedState> = {
   // #10 GET /students/{numEtud}
-  async GET(
+  GET: withRules(["student_read"])(async (_request, context) => {
-    _request: Request,
+    const numEtud = Number(
-    context: FreshContext<AuthenticatedState>,
+      (context as FreshContext<AuthenticatedState>).params.numEtud,
-  ): Promise<Response> {
+    );
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const numEtud = Number(context.params.numEtud);
     const student = await db
       .select()
       .from(students)
@@ -33,18 +27,13 @@ export const handler: Handlers<null, AuthenticatedState> = {
     return new Response(JSON.stringify(student), {
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 
   // #11 PUT /students/{numEtud}
-  async PUT(
+  PUT: withRules(["student_write"])(async (request, context) => {
-    request: Request,
+    const numEtud = Number(
-    context: FreshContext<AuthenticatedState>,
+      (context as FreshContext<AuthenticatedState>).params.numEtud,
-  ): Promise<Response> {
+    );
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const numEtud = Number(context.params.numEtud);
     const body: { nom: string; prenom: string; idPromo: string } = await request
       .json();
 
@@ -59,18 +48,13 @@ export const handler: Handlers<null, AuthenticatedState> = {
     return new Response(JSON.stringify(updated), {
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 
   // #12 DELETE /students/{numEtud}
-  async DELETE(
+  DELETE: withRules(["student_write"])(async (_request, context) => {
-    _request: Request,
+    const numEtud = Number(
-    context: FreshContext<AuthenticatedState>,
+      (context as FreshContext<AuthenticatedState>).params.numEtud,
-  ): Promise<Response> {
+    );
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const numEtud = Number(context.params.numEtud);
     const [deleted] = await db
       .delete(students)
       .where(eq(students.numEtud, numEtud))
@@ -79,5 +63,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
     if (!deleted) return NOT_FOUND;
 
     return new Response(null, { status: 204 });
-  },
+  }),
 };

routes/(apps)/students/api/students/import-csv.ts

@@ -1,18 +1,12 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
+import { Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
 import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { withRules } from "$root/defaults/withRules.ts";
 
 // #9 POST /students/import-csv
 export const handler: Handlers<null, AuthenticatedState> = {
-  async POST(
+  POST: withRules(["student_write"])(async (request, _context) => {
-    request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return new Response(null, { status: 403 });
-    }
-
     const formData = await request.formData();
     const file = formData.get("file") as File | null;
     const idPromo = formData.get("idPromo") as string | null;
@@ -60,5 +54,5 @@ export const handler: Handlers<null, AuthenticatedState> = {
     return new Response(JSON.stringify({ imported, errors }), {
       headers: { "content-type": "application/json" },
     });
-  },
+  }),
 };