refactor(students): simplify API, remove unused imports and helpers

refactor(students): add query param filtering, enforce employee role for POST
refactor(students): return created student in POST response

routes/(apps)/admin/api/roles.ts

@@ -0,0 +1,64 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { rolePermissions, roles } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+async function getRoleWithPermissions(
+  id: number,
+): Promise<{ id: number; nom: string; permissions: string[] } | null> {
+  const role = await db
+    .select()
+    .from(roles)
+    .where(eq(roles.id, id))
+    .then((rows) => rows[0] ?? null);
+
+  if (!role) return null;
+
+  const perms = await db
+    .select({ idPermission: rolePermissions.idPermission })
+    .from(rolePermissions)
+    .where(eq(rolePermissions.idRole, id));
+
+  return { id: role.id, nom: role.nom, permissions: perms.map((p) => p.idPermission) };
+}
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #65 GET /roles
+  async GET(
+    _request: Request,
+    _context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const allRoles = await db.select().from(roles);
+
+    const result = await Promise.all(
+      allRoles.map((r) => getRoleWithPermissions(r.id)),
+    );
+
+    return new Response(JSON.stringify(result), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #66 POST /roles
+  async POST(
+    request: Request,
+    _context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const body: { nom: string } = await request.json();
+
+    if (!body.nom) {
+      return new Response(null, { status: 400 });
+    }
+
+    const [created] = await db
+      .insert(roles)
+      .values({ nom: body.nom })
+      .returning();
+
+    return new Response(
+      JSON.stringify({ id: created.id, nom: created.nom, permissions: [] }),
+      { status: 201, headers: { "content-type": "application/json" } },
+    );
+  },
+};

routes/(apps)/admin/api/roles/[idRole].ts

@@ -0,0 +1,97 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { rolePermissions, roles } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+const NOT_FOUND = new Response(
+  JSON.stringify({ error: "Ressource introuvable" }),
+  { status: 404, headers: { "content-type": "application/json" } },
+);
+
+async function getRoleWithPermissions(
+  id: number,
+): Promise<{ id: number; nom: string; permissions: string[] } | null> {
+  const role = await db
+    .select()
+    .from(roles)
+    .where(eq(roles.id, id))
+    .then((rows) => rows[0] ?? null);
+
+  if (!role) return null;
+
+  const perms = await db
+    .select({ idPermission: rolePermissions.idPermission })
+    .from(rolePermissions)
+    .where(eq(rolePermissions.idRole, id));
+
+  return { id: role.id, nom: role.nom, permissions: perms.map((p) => p.idPermission) };
+}
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #67 GET /roles/{idRole}
+  async GET(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const id = Number(context.params.idRole);
+    const role = await getRoleWithPermissions(id);
+
+    if (!role) return NOT_FOUND;
+
+    return new Response(JSON.stringify(role), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #68 PUT /roles/{idRole}
+  async PUT(
+    request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const id = Number(context.params.idRole);
+    const body: { nom: string; permissions: string[] } = await request.json();
+
+    const [updated] = await db
+      .update(roles)
+      .set({ nom: body.nom })
+      .where(eq(roles.id, id))
+      .returning();
+
+    if (!updated) return NOT_FOUND;
+
+    // Reset permissions
+    await db.delete(rolePermissions).where(eq(rolePermissions.idRole, id));
+
+    if (body.permissions?.length) {
+      await db.insert(rolePermissions).values(
+        body.permissions.map((p) => ({ idRole: id, idPermission: p })),
+      );
+    }
+
+    const role = await getRoleWithPermissions(id);
+    return new Response(JSON.stringify(role), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #69 DELETE /roles/{idRole}
+  async DELETE(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const id = Number(context.params.idRole);
+
+    // Cascade delete role_permissions first
+    await db.delete(rolePermissions).where(eq(rolePermissions.idRole, id));
+
+    const [deleted] = await db
+      .delete(roles)
+      .where(eq(roles.id, id))
+      .returning();
+
+    if (!deleted) return NOT_FOUND;
+
+    return new Response(null, { status: 204 });
+  },
+};

routes/(apps)/students/api/students.ts

@@ -1,122 +1,57 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
-import { promotions, students } from "$root/databases/schema.ts";
+import { students } from "$root/databases/schema.ts";
 import { AuthenticatedState } from "$root/defaults/interfaces.ts";
-import { eq, lt } from "npm:drizzle-orm";
-
-async function getItself(
-  userId: string,
-): Promise<{ student: Student | null; promo: Promotion | null }> {
-  const student = await db
-    .select()
-    .from(students)
-    .where(eq(students.userId, userId))
-    .limit(1)
-    .then((rows) => rows[0] ?? null);
-
-  if (!student) {
-    return { student: null, promo: null };
-  }
-
-  const promo = await db
-    .select()
-    .from(promotions)
-    .where(eq(promotions.id, student.promotionId!))
-    .limit(1)
-    .then((rows) => rows[0] ?? null);
-
-  return { student, promo };
-}
-
-async function getAll(): Promise<
-  { students: Student[]; promos: Promotion[] }
-> {
-  const rows = await db
-    .select({
-      userId: students.userId,
-      firstName: students.firstName,
-      lastName: students.lastName,
-      mail: students.mail,
-      promotionId: students.promotionId,
-    })
-    .from(students)
-    .innerJoin(promotions, eq(students.promotionId, promotions.id))
-    .where(lt(promotions.current, 6));
-
-  const promos = await db
-    .select()
-    .from(promotions)
-    .where(lt(promotions.current, 6));
-
-  return { students: rows as Student[], promos };
-}
-
-async function addStudents(
-  studentList: Student[],
-  promoId: number,
-): Promise<void> {
-  for (const student of studentList) {
-    await db
-      .insert(students)
-      .values({
-        userId: student.userId,
-        firstName: student.firstName,
-        lastName: student.lastName,
-        mail: student.mail,
-        promotionId: promoId,
-      })
-      .onConflictDoNothing();
-  }
-}
+import { eq } from "npm:drizzle-orm";
 
 export const handler: Handlers<null, AuthenticatedState> = {
+  // #7 GET /students
   async GET(
-    _request: Request,
+    request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation == "student") {
-      return new Response(
-        JSON.stringify(await getItself(context.state.session.uid)),
-        { headers: { "content-type": "application/json" } },
-      );
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return new Response(JSON.stringify([]), {
+        headers: { "content-type": "application/json" },
+      });
     }
 
-    return new Response(
-      JSON.stringify(await getAll()),
-      { headers: { "content-type": "application/json" } },
-    );
+    const url = new URL(request.url);
+    const idPromo = url.searchParams.get("idPromo");
+
+    const rows = idPromo
+      ? await db.select().from(students).where(eq(students.idPromo, idPromo))
+      : await db.select().from(students);
+
+    return new Response(JSON.stringify(rows), {
+      headers: { "content-type": "application/json" },
+    });
   },
 
+  // #8 POST /students
   async POST(
     request: Request,
-    _context: FreshContext<AuthenticatedState>,
+    context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    const { students: studentList, promo }: {
-      students: Student[];
-      promo: string;
-    } = await request.json();
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return new Response(null, { status: 403 });
+    }
 
-    if (!promo || !promo.match(/^\d{4}-\dA$/) || !Array.isArray(studentList)) {
+    const body: { numEtud: number; nom: string; prenom: string; idPromo: string } =
+      await request.json();
+
+    if (!body.nom || !body.prenom || !body.idPromo) {
       return new Response(null, { status: 400 });
     }
 
-    const { endyear, current } = promo.match(
-      /^(?<endyear>\d{4})-(?<current>\d)A$/,
-    )?.groups!;
+    const [created] = await db
+      .insert(students)
+      .values({ nom: body.nom, prenom: body.prenom, idPromo: body.idPromo })
+      .returning();
 
-    await db
-      .insert(promotions)
-      .values({ endyear: Number(endyear), current: Number(current) })
-      .onConflictDoNothing();
-
-    const promo_row = await db
-      .select()
-      .from(promotions)
-      .where(eq(promotions.endyear, Number(endyear)))
-      .then((rows) => rows.find((r) => r.current === Number(current))!);
-
-    await addStudents(studentList, promo_row.id);
-
-    return new Response(null, { status: 201 });
+    return new Response(JSON.stringify(created), {
+      status: 201,
+      headers: { "content-type": "application/json" },
+    });
   },
 };