feat(promotions): add CRUD endpoints for promotion by id

- GET /promotions/{idPromo} returns promotion or 404
- PUT /promotions/{idPromo} updates year or 404
- DELETE /promotions/{idPromo} deletes promotion or 404
- Only employees allowed, otherwise 403

routes/(apps)/students/api/promotions.ts

@@ -0,0 +1,50 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { promotions } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #13 GET /promotions
+  async GET(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return new Response(JSON.stringify([]), {
+        headers: { "content-type": "application/json" },
+      });
+    }
+
+    const rows = await db.select().from(promotions);
+    return new Response(JSON.stringify(rows), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #14 POST /promotions
+  async POST(
+    request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return new Response(null, { status: 403 });
+    }
+
+    const body: { idPromo: string; annee: string } = await request.json();
+
+    if (!body.idPromo || !body.annee) {
+      return new Response(null, { status: 400 });
+    }
+
+    const [created] = await db
+      .insert(promotions)
+      .values({ id: body.idPromo, annee: body.annee })
+      .returning();
+
+    return new Response(JSON.stringify(created), {
+      status: 201,
+      headers: { "content-type": "application/json" },
+    });
+  },
+};

routes/(apps)/students/api/promotions/[idPromo].ts

@@ -0,0 +1,79 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { promotions } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+const NOT_FOUND = new Response(
+  JSON.stringify({ error: "Ressource introuvable" }),
+  { status: 404, headers: { "content-type": "application/json" } },
+);
+
+const FORBIDDEN = new Response(null, { status: 403 });
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #15 GET /promotions/{idPromo}
+  async GET(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return FORBIDDEN;
+    }
+
+    const promo = await db
+      .select()
+      .from(promotions)
+      .where(eq(promotions.id, context.params.idPromo))
+      .then((rows) => rows[0] ?? null);
+
+    if (!promo) return NOT_FOUND;
+
+    return new Response(JSON.stringify(promo), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #16 PUT /promotions/{idPromo}
+  async PUT(
+    request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return FORBIDDEN;
+    }
+
+    const body: { annee: string } = await request.json();
+
+    const [updated] = await db
+      .update(promotions)
+      .set({ annee: body.annee })
+      .where(eq(promotions.id, context.params.idPromo))
+      .returning();
+
+    if (!updated) return NOT_FOUND;
+
+    return new Response(JSON.stringify(updated), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #17 DELETE /promotions/{idPromo}
+  async DELETE(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return FORBIDDEN;
+    }
+
+    const [deleted] = await db
+      .delete(promotions)
+      .where(eq(promotions.id, context.params.idPromo))
+      .returning();
+
+    if (!deleted) return NOT_FOUND;
+
+    return new Response(null, { status: 204 });
+  },
+};

routes/(apps)/students/api/students/[numEtud].ts

@@ -0,0 +1,83 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { students } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+const NOT_FOUND = new Response(
+  JSON.stringify({ error: "Ressource introuvable" }),
+  { status: 404, headers: { "content-type": "application/json" } },
+);
+
+const FORBIDDEN = new Response(null, { status: 403 });
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #10 GET /students/{numEtud}
+  async GET(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return FORBIDDEN;
+    }
+
+    const numEtud = Number(context.params.numEtud);
+    const student = await db
+      .select()
+      .from(students)
+      .where(eq(students.numEtud, numEtud))
+      .then((rows) => rows[0] ?? null);
+
+    if (!student) return NOT_FOUND;
+
+    return new Response(JSON.stringify(student), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #11 PUT /students/{numEtud}
+  async PUT(
+    request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return FORBIDDEN;
+    }
+
+    const numEtud = Number(context.params.numEtud);
+    const body: { nom: string; prenom: string; idPromo: string } =
+      await request.json();
+
+    const [updated] = await db
+      .update(students)
+      .set({ nom: body.nom, prenom: body.prenom, idPromo: body.idPromo })
+      .where(eq(students.numEtud, numEtud))
+      .returning();
+
+    if (!updated) return NOT_FOUND;
+
+    return new Response(JSON.stringify(updated), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #12 DELETE /students/{numEtud}
+  async DELETE(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return FORBIDDEN;
+    }
+
+    const numEtud = Number(context.params.numEtud);
+    const [deleted] = await db
+      .delete(students)
+      .where(eq(students.numEtud, numEtud))
+      .returning();
+
+    if (!deleted) return NOT_FOUND;
+
+    return new Response(null, { status: 204 });
+  },
+};