feat(defaults/withRules.ts): add own_teaching_note rule for teacher access

defaults/withRules.ts

@@ -0,0 +1,108 @@
+import { FreshContext } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import {
+  enseignements,
+  rolePermissions,
+  users,
+} from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { and, eq } from "npm:drizzle-orm@0.45.2";
+
+type RuleFn = (
+  req: Request,
+  ctx: FreshContext<AuthenticatedState>,
+) => Promise<boolean> | boolean;
+
+async function hasPermission(
+  uid: string,
+  permission: string,
+): Promise<boolean> {
+  const [user] = await db.select().from(users).where(eq(users.id, uid));
+  if (!user || user.idRole === null) return false;
+
+  const [rp] = await db.select().from(rolePermissions).where(
+    and(
+      eq(rolePermissions.idRole, user.idRole!),
+      eq(rolePermissions.idPermission, permission),
+    ),
+  );
+  return !!rp;
+}
+
+function parseNumEtud(uid: string): number {
+  return parseInt(uid.slice(1));
+}
+
+const rules = {
+  student_read: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "student_read"),
+  student_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "student_write"),
+  note_read: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "note_read"),
+  note_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "note_write"),
+  module_read: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "module_read"),
+  module_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "module_write"),
+  user_read: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "user_read"),
+  user_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "user_write"),
+  role_write: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    hasPermission(ctx.state.session.uid, "role_write"),
+
+  // Contextual rules — student accessing their own data
+  own_student: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    parseNumEtud(ctx.state.session.uid) === Number(ctx.params.numEtud),
+  own_note: (_req: Request, ctx: FreshContext<AuthenticatedState>) =>
+    parseNumEtud(ctx.state.session.uid) === Number(ctx.params.numEtud),
+
+  // Contextual rule — teacher accessing notes for a module they teach
+  own_teaching_note: async (
+    _req: Request,
+    ctx: FreshContext<AuthenticatedState>,
+  ) => {
+    const [row] = await db.select().from(enseignements).where(
+      and(
+        eq(enseignements.idProf, ctx.state.session.uid),
+        eq(enseignements.idModule, ctx.params.idModule),
+      ),
+    );
+    return !!row;
+  },
+};
+
+export type RuleName = keyof typeof rules;
+
+type HandlerFn = (
+  req: Request,
+  ctx: FreshContext<AuthenticatedState>,
+) => Promise<Response>;
+
+/**
+ * Wraps a route handler with permission checks.
+ * Access is granted if ANY of the provided rules passes (OR logic).
+ * Returns 403 if none pass.
+ *
+ * @example
+ * export const handler: Handlers<null, AuthenticatedState> = {
+ *   GET: withRules(["note_read", "own_note"])(async (req, ctx) => {
+ *     // ...
+ *   }),
+ * };
+ */
+export function withRules(ruleNames: RuleName[]) {
+  return (handler: HandlerFn): HandlerFn => {
+    return async (req, ctx) => {
+      const results = await Promise.all(
+        ruleNames.map((name) => rules[name](req, ctx)),
+      );
+      if (!results.some(Boolean)) {
+        return new Response(null, { status: 403 });
+      }
+      return handler(req, ctx);
+    };
+  };
+}

routes/(apps)/admin/api/enseignements.ts

@@ -1,70 +0,0 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
-import { db } from "$root/databases/db.ts";
-import { enseignements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
-import { and, eq } from "npm:drizzle-orm@0.45.2";
-
-const NOT_FOUND = new Response(
-  JSON.stringify({ error: "Ressource introuvable" }),
-  { status: 404, headers: { "content-type": "application/json" } },
-);
-
-const FORBIDDEN = new Response(null, { status: 403 });
-
-const CONFLICT = new Response(
-  JSON.stringify({ error: "Cet enseignement existe déjà." }),
-  { status: 409, headers: { "content-type": "application/json" } },
-);
-
-export const handler: Handlers<null, AuthenticatedState> = {
-  // #29 POST /enseignements
-  async POST(
-    request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const body: {
-      idProf: string;
-      idModule: string;
-      idPromo: string;
-    } = await request.json();
-
-    if (!body.idProf || !body.idModule || !body.idPromo) {
-      return new Response(null, { status: 400 });
-    }
-
-    // Check if enseignement already exists
-    const existing = await db
-      .select()
-      .from(enseignements)
-      .where(
-        and(
-          eq(enseignements.idProf, body.idProf),
-          eq(enseignements.idModule, body.idModule),
-          eq(enseignements.idPromo, body.idPromo),
-        ),
-      )
-      .then((rows) => rows[0] ?? null);
-
-    if (existing) {
-      return CONFLICT;
-    }
-
-    const [created] = await db
-      .insert(enseignements)
-      .values({
-        idProf: body.idProf,
-        idModule: body.idModule,
-        idPromo: body.idPromo,
-      })
-      .returning();
-
-    return new Response(JSON.stringify(created), {
-      status: 201,
-      headers: { "content-type": "application/json" },
-    });
-  },
-};

routes/(apps)/admin/api/enseignements/[idProf]/[idModule]/[idPromo].ts

@@ -1,75 +0,0 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
-import { db } from "$root/databases/db.ts";
-import { enseignements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
-import { and, eq } from "npm:drizzle-orm@0.45.2";
-
-const NOT_FOUND = new Response(
-  JSON.stringify({ error: "Ressource introuvable" }),
-  { status: 404, headers: { "content-type": "application/json" } },
-);
-
-const FORBIDDEN = new Response(null, { status: 403 });
-
-export const handler: Handlers<null, AuthenticatedState> = {
-  // #30 GET /enseignements/{idProf}/{idModule}/{idPromo}
-  async GET(
-    _request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const idProf = context.params.idProf;
-    const idModule = context.params.idModule;
-    const idPromo = context.params.idPromo;
-
-    const enseignement = await db
-      .select()
-      .from(enseignements)
-      .where(
-        and(
-          eq(enseignements.idProf, idProf),
-          eq(enseignements.idModule, idModule),
-          eq(enseignements.idPromo, idPromo),
-        ),
-      )
-      .then((rows) => rows[0] ?? null);
-
-    if (!enseignement) return NOT_FOUND;
-
-    return new Response(JSON.stringify(enseignement), {
-      headers: { "content-type": "application/json" },
-    });
-  },
-
-  // #31 DELETE /enseignements/{idProf}/{idModule}/{idPromo}
-  async DELETE(
-    _request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const idProf = context.params.idProf;
-    const idModule = context.params.idModule;
-    const idPromo = context.params.idPromo;
-
-    const [deleted] = await db
-      .delete(enseignements)
-      .where(
-        and(
-          eq(enseignements.idProf, idProf),
-          eq(enseignements.idModule, idModule),
-          eq(enseignements.idPromo, idPromo),
-        ),
-      )
-      .returning();
-
-    if (!deleted) return NOT_FOUND;
-
-    return new Response(null, { status: 204 });
-  },
-};

routes/(apps)/notes/api/ajustements.ts

@@ -1,83 +0,0 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
-import { db } from "$root/databases/db.ts";
-import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
-import { eq } from "npm:drizzle-orm@0.45.2";
-
-export const handler: Handlers<null, AuthenticatedState> = {
-  // #48 GET /ajustements
-  async GET(request) {
-    try {
-      const url = new URL(request.url);
-      const numEtudParam = url.searchParams.get("numEtud");
-      const idUEParam = url.searchParams.get("idUE");
-
-      let query = db.select().from(ajustements).$dynamic();
-
-      if (numEtudParam) {
-        const numEtud = parseInt(numEtudParam);
-        if (isNaN(numEtud)) {
-          return new Response("Paramètre numEtud invalide", { status: 400 });
-        }
-        query = query.where(eq(ajustements.numEtud, numEtud));
-      }
-
-      if (idUEParam) {
-        const idUE = parseInt(idUEParam);
-        if (isNaN(idUE)) {
-          return new Response("Paramètre idUE invalide", { status: 400 });
-        }
-        query = query.where(eq(ajustements.idUE, idUE));
-      }
-
-      const result = await query;
-
-      return new Response(JSON.stringify(result), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching ajustements:", error);
-      return new Response("Failed to fetch data", { status: 500 });
-    }
-  },
-
-  // #49 POST /ajustements
-  async POST(
-    request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return new Response(null, { status: 403 });
-    }
-
-    try {
-      const body: { numEtud: number; idUE: number; valeur: number } =
-        await request.json();
-
-      if (!body.numEtud || !body.idUE || body.valeur === undefined) {
-        return new Response(
-          JSON.stringify({ error: "Champs requis: numEtud, idUE, valeur" }),
-          { status: 400, headers: { "content-type": "application/json" } },
-        );
-      }
-
-      const [created] = await db
-        .insert(ajustements)
-        .values({
-          numEtud: body.numEtud,
-          idUE: body.idUE,
-          valeur: body.valeur,
-        })
-        .returning();
-
-      return new Response(JSON.stringify(created), {
-        status: 201,
-        headers: { "content-type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error creating ajustement:", error);
-      return new Response("Failed to create ajustement", { status: 500 });
-    }
-  },
-};

routes/(apps)/notes/api/ajustements/[numEtud]/[idUE].ts

@@ -1,107 +0,0 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
-import { db } from "$root/databases/db.ts";
-import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
-import { eq } from "npm:drizzle-orm@0.45.2";
-
-const NOT_FOUND = new Response(
-  JSON.stringify({ error: "Ajustement introuvable" }),
-  { status: 404, headers: { "content-type": "application/json" } },
-);
-
-const FORBIDDEN = new Response(null, { status: 403 });
-
-export const handler: Handlers<null, AuthenticatedState> = {
-  // #50 GET /ajustements/{numEtud}/{idUE}
-  async GET(
-    _request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const numEtud = Number(context.params.numEtud);
-    const idUE = Number(context.params.idUE);
-
-    if (isNaN(numEtud) || isNaN(idUE)) {
-      return new Response("Paramètres invalides", { status: 400 });
-    }
-
-    const ajustement = await db
-      .select()
-      .from(ajustements)
-      .where(eq(ajustements.numEtud, numEtud), eq(ajustements.idUE, idUE))
-      .then((rows) => rows[0] ?? null);
-
-    if (!ajustement) return NOT_FOUND;
-
-    return new Response(JSON.stringify(ajustement), {
-      headers: { "content-type": "application/json" },
-    });
-  },
-
-  // #51 PUT /ajustements/{numEtud}/{idUE}
-  async PUT(
-    request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const numEtud = Number(context.params.numEtud);
-    const idUE = Number(context.params.idUE);
-
-    if (isNaN(numEtud) || isNaN(idUE)) {
-      return new Response("Paramètres invalides", { status: 400 });
-    }
-
-    const body: { valeur: number } = await request.json();
-
-    if (body.valeur === undefined) {
-      return new Response(JSON.stringify({ error: "Champ requis: valeur" }), {
-        status: 400,
-        headers: { "content-type": "application/json" },
-      });
-    }
-
-    const [updated] = await db
-      .update(ajustements)
-      .set({ valeur: body.valeur })
-      .where(eq(ajustements.numEtud, numEtud), eq(ajustements.idUE, idUE))
-      .returning();
-
-    if (!updated) return NOT_FOUND;
-
-    return new Response(JSON.stringify(updated), {
-      headers: { "content-type": "application/json" },
-    });
-  },
-
-  // #52 DELETE /ajustements/{numEtud}/{idUE}
-  async DELETE(
-    _request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const numEtud = Number(context.params.numEtud);
-    const idUE = Number(context.params.idUE);
-
-    if (isNaN(numEtud) || isNaN(idUE)) {
-      return new Response("Paramètres invalides", { status: 400 });
-    }
-
-    const [deleted] = await db
-      .delete(ajustements)
-      .where(eq(ajustements.numEtud, numEtud), eq(ajustements.idUE, idUE))
-      .returning();
-
-    if (!deleted) return NOT_FOUND;
-
-    return new Response(null, { status: 204 });
-  },
-};

routes/(apps)/notes/api/notes.ts

@@ -36,26 +36,4 @@ export const handler: Handlers = {
       return new Response("Failed to fetch data", { status: 500 });
     }
   },
-
-  // #43 POST /notes
-  async POST(request) {
-    try {
-      const body = await request.json();
-      const { note, numEtud, idModule } = body;
-
-      if (note === undefined || !numEtud || !idModule) {
-        return new Response("Champs 'note', 'numEtud' et 'idModule' requis", { status: 400 });
-      }
-
-      const result = await db.insert(notes).values({ note, numEtud, idModule }).returning();
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 201,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error creating note:", error);
-      return new Response("Failed to create note", { status: 500 });
-    }
-  },
 };

routes/(apps)/notes/api/notes/[numEtud]/[idModule].ts

@@ -1,121 +0,0 @@
-import { Handlers } from "$fresh/server.ts";
-import { db } from "../../../../../../databases/db.ts";
-import { notes } from "../../../../../../databases/schema.ts";
-import { and, eq } from "npm:drizzle-orm";
-
-export const handler: Handlers = {
-  // #45 GET /notes/:numEtud/:idModule  
-  async GET(_request, context) {
-    try {
-      const numEtud = parseInt(context.params.numEtud);
-      const { idModule } = context.params;
-
-      if (isNaN(numEtud)) {
-        return new Response(JSON.stringify({ error: "Paramètre numEtud invalide" }), {
-          status: 400,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      const result = await db.select().from(notes).where(
-        and(
-          eq(notes.numEtud, numEtud),
-          eq(notes.idModule, idModule),
-        ),
-      );
-
-      if (result.length === 0) {
-        return new Response(JSON.stringify({ error: "Ressource introuvable" }), {
-          status: 404,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching note:", error);
-      return new Response("Failed to fetch data", { status: 500 });
-    }
-  },
-
-  // #46 PUT /notes/:numEtud/:idModule
-  async PUT(request, context) {
-    try {
-      const numEtud = parseInt(context.params.numEtud);
-      const { idModule } = context.params;
-
-      if (isNaN(numEtud)) {
-        return new Response(JSON.stringify({ error: "Paramètre numEtud invalide" }), {
-          status: 400,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      const body = await request.json();
-      const { note } = body;
-
-      if (note === undefined) {
-        return new Response("Champ 'note' manquant", { status: 400 });
-      }
-
-      const result = await db.update(notes).set({ note }).where(
-        and(
-          eq(notes.numEtud, numEtud),
-          eq(notes.idModule, idModule),
-        ),
-      ).returning();
-
-      if (result.length === 0) {
-        return new Response(JSON.stringify({ error: "Ressource introuvable" }), {
-          status: 404,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error updating note:", error);
-      return new Response("Failed to update note", { status: 500 });
-    }
-  },
-
-  // #47 DELETE /notes/:numEtud/:idModule
-  async DELETE(_request, context) {
-    try {
-      const numEtud = parseInt(context.params.numEtud);
-      const { idModule } = context.params;
-
-      if (isNaN(numEtud)) {
-        return new Response(JSON.stringify({ error: "Paramètre numEtud invalide" }), {
-          status: 400,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      const result = await db.delete(notes).where(
-        and(
-          eq(notes.numEtud, numEtud),
-          eq(notes.idModule, idModule),
-        ),
-      ).returning();
-
-      if (result.length === 0) {
-        return new Response(JSON.stringify({ error: "Ressource introuvable" }), {
-          status: 404,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      return new Response(null, { status: 204 });
-    } catch (error) {
-      console.error("Error deleting note:", error);
-      return new Response("Failed to delete note", { status: 500 });
-    }
-  },
-};

routes/(apps)/notes/api/ue-modules.ts

@@ -1,58 +0,0 @@
-import { Handlers } from "$fresh/server.ts";
-import { db } from "../../../../databases/db.ts";
-import { ueModules } from "../../../../databases/schema.ts";
-import { and, eq } from "npm:drizzle-orm";
-
-export const handler: Handlers = {
-  // #37 GET /ue-modules  
-  async GET(request) {
-    try {
-      const url = new URL(request.url);
-      const idPromo = url.searchParams.get("idPromo");
-      const idUEParam = url.searchParams.get("idUE");
-
-      const idUE = idUEParam ? parseInt(idUEParam) : null;
-
-      if (idUEParam && isNaN(idUE!)) {
-        return new Response("Paramètre idUE invalide", { status: 400 });
-      }
-
-      const result = await db.select().from(ueModules).where(
-        and(
-          idPromo ? eq(ueModules.idPromo, idPromo) : undefined,
-          idUE ? eq(ueModules.idUE, idUE) : undefined,
-        ),
-      );
-
-      return new Response(JSON.stringify(result), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching UE-modules:", error);
-      return new Response("Failed to fetch data", { status: 500 });
-    }
-  },
-  
-  // #38 POST /ue-modules
-  async POST(request) {
-    try {
-      const body = await request.json();
-      const { idModule, idUE, idPromo, coeff } = body;
-
-      if (!idModule || !idUE || !idPromo || coeff === undefined) {
-        return new Response("Champs 'idModule', 'idUE', 'idPromo' et 'coeff' requis", { status: 400 });
-      }
-
-      const result = await db.insert(ueModules).values({ idModule, idUE, idPromo, coeff }).returning();
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 201,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error creating UE-module:", error);
-      return new Response("Failed to create UE-module", { status: 500 });
-    }
-  },
-};

routes/(apps)/notes/api/ue-modules/[idModule]/[idUE]/[idPromo].ts

@@ -1,53 +0,0 @@
-import { FreshContext, Handlers } from "$fresh/server.ts";
-import { db } from "$root/databases/db.ts";
-import { ueModules } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
-import { eq } from "npm:drizzle-orm@0.45.2";
-
-const NOT_FOUND = new Response(
-  JSON.stringify({ error: "Association UE-Module introuvable" }),
-  { status: 404, headers: { "content-type": "application/json" } },
-);
-
-const FORBIDDEN = new Response(null, { status: 403 });
-
-const BAD_REQUEST = new Response(
-  JSON.stringify({ error: "Paramètres invalides" }),
-  { status: 400, headers: { "content-type": "application/json" } },
-);
-
-export const handler: Handlers<null, AuthenticatedState> = {
-  // #39 GET /ue-modules/{idModule}/{idUE}/{idPromo}
-  async GET(
-    _request: Request,
-    context: FreshContext<AuthenticatedState>,
-  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
-      return FORBIDDEN;
-    }
-
-    const idModule = context.params.idModule;
-    const idUE = Number(context.params.idUE);
-    const idPromo = context.params.idPromo;
-
-    if (isNaN(idUE)) {
-      return BAD_REQUEST;
-    }
-
-    const ueModuleAssociation = await db
-      .select()
-      .from(ueModules)
-      .where(
-        eq(ueModules.idModule, idModule),
-        eq(ueModules.idUE, idUE),
-        eq(ueModules.idPromo, idPromo),
-      )
-      .then((rows) => rows[0] ?? null);
-
-    if (!ueModuleAssociation) return NOT_FOUND;
-
-    return new Response(JSON.stringify(ueModuleAssociation), {
-      headers: { "content-type": "application/json" },
-    });
-  },
-};

routes/(apps)/notes/api/ues/[idUE].ts

@@ -1,103 +0,0 @@
-import { Handlers } from "$fresh/server.ts";
-import { db } from "../../../../../databases/db.ts";
-import { ues } from "../../../../../databases/schema.ts";
-import { eq } from "npm:drizzle-orm";
-
-export const handler: Handlers = {
-  // # 34 GET /ues/:idUE  
-  async GET(_request, context) {
-    try {
-      const idUE = parseInt(context.params.idUE);
-
-      if (isNaN(idUE)) {
-        return new Response(JSON.stringify({ error: "Paramètre idUE invalide" }), {
-          status: 400,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      const result = await db.select().from(ues).where(eq(ues.id, idUE));
-
-      if (result.length === 0) {
-        return new Response(JSON.stringify({ error: "Ressource introuvable" }), {
-          status: 404,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error fetching UE:", error);
-      return new Response("Failed to fetch data", { status: 500 });
-    }
-  },
-
-  // #35 PUT /ues/:idUE
-  async PUT(request, context) {
-    try {
-      const idUE = parseInt(context.params.idUE);
-
-      if (isNaN(idUE)) {
-        return new Response(JSON.stringify({ error: "Paramètre idUE invalide" }), {
-          status: 400,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      const body = await request.json();
-      const { nom } = body;
-
-      if (!nom) {
-        return new Response("Champ 'nom' manquant", { status: 400 });
-      }
-
-      const result = await db.update(ues).set({ nom }).where(eq(ues.id, idUE)).returning();
-
-      if (result.length === 0) {
-        return new Response(JSON.stringify({ error: "Ressource introuvable" }), {
-          status: 404,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      return new Response(JSON.stringify(result[0]), {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      });
-    } catch (error) {
-      console.error("Error updating UE:", error);
-      return new Response("Failed to update UE", { status: 500 });
-    }
-  },
-
-  // #36 DELETE /ues/:idUE
-  async DELETE(_request, context) {
-    try {
-      const idUE = parseInt(context.params.idUE);
-
-      if (isNaN(idUE)) {
-        return new Response(JSON.stringify({ error: "Paramètre idUE invalide" }), {
-          status: 400,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      const result = await db.delete(ues).where(eq(ues.id, idUE)).returning();
-
-      if (result.length === 0) {
-        return new Response(JSON.stringify({ error: "Ressource introuvable" }), {
-          status: 404,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
-
-      return new Response(null, { status: 204 });
-    } catch (error) {
-      console.error("Error deleting UE:", error);
-      return new Response("Failed to delete UE", { status: 500 });
-    }
-  },
-};