refactor(students): simplify API, remove unused imports and helpers

refactor(students): add query param filtering, enforce employee role for POST
refactor(students): return created student in POST response

databases/schema.ts

@@ -1,4 +1,5 @@
 import {
+  date,
   doublePrecision,
   integer,
   pgTable,
@@ -7,7 +8,30 @@ import {
   text,
 } from "npm:drizzle-orm/pg-core";
 
-// Ancien schéma conservé
+export const roles = pgTable("roles", {
+  id: serial("id").primaryKey(),
+  nom: text("nom").notNull(),
+});
+
+export const permissions = pgTable("permissions", {
+  id: text("id").primaryKey(),
+  nom: text("nom").notNull(),
+});
+
+export const rolePermissions = pgTable("role_permissions", {
+  idRole: integer("idRole").notNull().references(() => roles.id),
+  idPermission: text("idPermission").notNull().references(() => permissions.id),
+}, (t) => ({
+  pk: primaryKey({ columns: [t.idRole, t.idPermission] }),
+}));
+
+export const users = pgTable("users", {
+  id: text("id").primaryKey(),
+  nom: text("nom").notNull(),
+  prenom: text("prenom").notNull(),
+  idRole: integer("idRole").references(() => roles.id),
+});
+
 export const promotions = pgTable("promotions", {
   id: text("idPromo").primaryKey(),
   annee: text("annee"),
@@ -15,56 +39,20 @@ export const promotions = pgTable("promotions", {
 
 export const students = pgTable("students", {
   numEtud: serial("numEtud").primaryKey(),
-  nom: text("nom"),
-  prenom: text("prenom"),
+  nom: text("nom").notNull(),
+  prenom: text("prenom").notNull(),
   idPromo: text("idPromo").references(() => promotions.id),
 });
 
-export const mobility = pgTable("mobility", {
-  id: serial("id").primaryKey(),
-  studentId: text("studentId").references(() => students.numEtud),
-  startDate: text("startDate"),
-  endDate: text("endDate"),
-  weeksCount: integer("weeksCount"),
-  destinationCountry: text("destinationCountry"),
-  destinationName: text("destinationName"),
-  mobilityStatus: text("mobilityStatus").default("N/A"),
-});
-
-// Nouveau schéma
-export const roles = pgTable("roles", {
-  id: serial("id").primaryKey(),
-  nom: text("nom"),
-});
-
-export const permissions = pgTable("permissions", {
-  id: serial("id").primaryKey(),
-  nom: text("nom"),
-});
-
-export const rolePermissions = pgTable("role_permissions", {
-  idRole: integer("idRole").references(() => roles.id),
-  idPermission: integer("idPermission").references(() => permissions.id),
-}, (t) => ({
-  pk: primaryKey({ columns: [t.idRole, t.idPermission] }),
-}));
-
-export const users = pgTable("users", {
-  id: text("id").primaryKey(),
-  nom: text("nom"),
-  prenom: text("prenom"),
-  idRole: integer("idRole").references(() => roles.id),
-});
-
 export const modules = pgTable("modules", {
   id: text("id").primaryKey(),
-  nom: text("nom"),
+  nom: text("nom").notNull(),
 });
 
 export const enseignements = pgTable("enseignements", {
-  idProf: text("idProf").references(() => users.id),
-  idModule: text("idModule").references(() => modules.id),
-  idPromo: text("idPromo").references(() => promotions.id),
+  idProf: text("idProf").notNull().references(() => users.id),
+  idModule: text("idModule").notNull().references(() => modules.id),
+  idPromo: text("idPromo").notNull().references(() => promotions.id),
 }, (t) => ({
   pk: primaryKey({ columns: [t.idProf, t.idModule, t.idPromo] }),
 }));
@@ -75,26 +63,37 @@ export const ues = pgTable("ues", {
 });
 
 export const ueModules = pgTable("ue_modules", {
-  idModule: text("idModule").references(() => modules.id),
-  idUE: integer("idUE").references(() => ues.id),
-  idPromo: text("idPromo").references(() => promotions.id),
-  coeff: doublePrecision("coeff"),
+  idModule: text("idModule").notNull().references(() => modules.id),
+  idUE: integer("idUE").notNull().references(() => ues.id),
+  idPromo: text("idPromo").notNull().references(() => promotions.id),
+  coeff: doublePrecision("coeff").notNull(),
 }, (t) => ({
   pk: primaryKey({ columns: [t.idModule, t.idUE, t.idPromo] }),
 }));
 
 export const notes = pgTable("notes", {
-  numEtud: integer("numEtud").references(() => students.numEtud),
-  idModule: text("idModule").references(() => modules.id),
-  note: doublePrecision("note"),
+  numEtud: integer("numEtud").notNull().references(() => students.numEtud),
+  idModule: text("idModule").notNull().references(() => modules.id),
+  note: doublePrecision("note").notNull(),
 }, (t) => ({
   pk: primaryKey({ columns: [t.numEtud, t.idModule] }),
 }));
 
 export const ajustements = pgTable("ajustements", {
-  numEtud: integer("numEtud").references(() => students.numEtud),
-  idUE: integer("idUE").references(() => ues.id),
-  valeur: doublePrecision("valeur"),
+  numEtud: integer("numEtud").notNull().references(() => students.numEtud),
+  idUE: integer("idUE").notNull().references(() => ues.id),
+  valeur: doublePrecision("valeur").notNull(),
 }, (t) => ({
   pk: primaryKey({ columns: [t.numEtud, t.idUE] }),
-}));
+}));
+
+export const mobility = pgTable("mobility", {
+  id: serial("id").primaryKey(),
+  studentId: integer("studentId").references(() => students.numEtud),
+  startDate: date("startDate"),
+  endDate: date("endDate"),
+  weeksCount: integer("weeksCount"),
+  destinationCountry: text("destinationCountry"),
+  destinationName: text("destinationName"),
+  mobilityStatus: text("mobilityStatus").default("N/A"),
+});

routes/(apps)/admin/(_props)/props.ts

@@ -0,0 +1,13 @@
+import { AppProperties } from "$root/defaults/interfaces.ts";
+
+const properties: AppProperties = {
+  name: "Admin",
+  icon: "school",
+  pages: {
+    index: "Homepage",
+  },
+  adminOnly: [],
+  hint: "PolyMPR module",
+};
+
+export default properties;

routes/(apps)/admin/api/example.ts

@@ -0,0 +1,22 @@
+import { Handlers } from "$fresh/server.ts";
+
+export const handler: Handlers = {
+  async POST(request, context) {
+    if (request.headers.get("content-type") != "application/json") {
+      return new Response(null, {
+        status: 400,
+      });
+    }
+
+    const responseBody = {
+      requestBody: await request.json(),
+      context,
+    };
+
+    return new Response(JSON.stringify(responseBody), {
+      headers: {
+        "content-type": "application/json",
+      },
+    });
+  },
+};

routes/(apps)/admin/api/permissions.ts

@@ -0,0 +1,22 @@
+import { Handlers } from "$fresh/server.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+
+const PERMISSIONS = [
+  { id: "student_read", nom: "Consulter les élèves" },
+  { id: "student_write", nom: "Gérer les élèves" },
+  { id: "note_read", nom: "Consulter les notes" },
+  { id: "note_write", nom: "Gérer les notes" },
+  { id: "module_read", nom: "Consulter les modules" },
+  { id: "module_write", nom: "Gérer les modules" },
+  { id: "user_read", nom: "Consulter les utilisateurs" },
+  { id: "user_write", nom: "Gérer les utilisateurs" },
+  { id: "role_write", nom: "Gérer les rôles" },
+] as const;
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  GET(_request, _context): Response {
+    return new Response(JSON.stringify(PERMISSIONS), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+};

routes/(apps)/admin/api/roles.ts

@@ -0,0 +1,64 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { rolePermissions, roles } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+async function getRoleWithPermissions(
+  id: number,
+): Promise<{ id: number; nom: string; permissions: string[] } | null> {
+  const role = await db
+    .select()
+    .from(roles)
+    .where(eq(roles.id, id))
+    .then((rows) => rows[0] ?? null);
+
+  if (!role) return null;
+
+  const perms = await db
+    .select({ idPermission: rolePermissions.idPermission })
+    .from(rolePermissions)
+    .where(eq(rolePermissions.idRole, id));
+
+  return { id: role.id, nom: role.nom, permissions: perms.map((p) => p.idPermission) };
+}
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #65 GET /roles
+  async GET(
+    _request: Request,
+    _context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const allRoles = await db.select().from(roles);
+
+    const result = await Promise.all(
+      allRoles.map((r) => getRoleWithPermissions(r.id)),
+    );
+
+    return new Response(JSON.stringify(result), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #66 POST /roles
+  async POST(
+    request: Request,
+    _context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const body: { nom: string } = await request.json();
+
+    if (!body.nom) {
+      return new Response(null, { status: 400 });
+    }
+
+    const [created] = await db
+      .insert(roles)
+      .values({ nom: body.nom })
+      .returning();
+
+    return new Response(
+      JSON.stringify({ id: created.id, nom: created.nom, permissions: [] }),
+      { status: 201, headers: { "content-type": "application/json" } },
+    );
+  },
+};

routes/(apps)/admin/api/roles/[idRole].ts

@@ -0,0 +1,97 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { rolePermissions, roles } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+const NOT_FOUND = new Response(
+  JSON.stringify({ error: "Ressource introuvable" }),
+  { status: 404, headers: { "content-type": "application/json" } },
+);
+
+async function getRoleWithPermissions(
+  id: number,
+): Promise<{ id: number; nom: string; permissions: string[] } | null> {
+  const role = await db
+    .select()
+    .from(roles)
+    .where(eq(roles.id, id))
+    .then((rows) => rows[0] ?? null);
+
+  if (!role) return null;
+
+  const perms = await db
+    .select({ idPermission: rolePermissions.idPermission })
+    .from(rolePermissions)
+    .where(eq(rolePermissions.idRole, id));
+
+  return { id: role.id, nom: role.nom, permissions: perms.map((p) => p.idPermission) };
+}
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #67 GET /roles/{idRole}
+  async GET(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const id = Number(context.params.idRole);
+    const role = await getRoleWithPermissions(id);
+
+    if (!role) return NOT_FOUND;
+
+    return new Response(JSON.stringify(role), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #68 PUT /roles/{idRole}
+  async PUT(
+    request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const id = Number(context.params.idRole);
+    const body: { nom: string; permissions: string[] } = await request.json();
+
+    const [updated] = await db
+      .update(roles)
+      .set({ nom: body.nom })
+      .where(eq(roles.id, id))
+      .returning();
+
+    if (!updated) return NOT_FOUND;
+
+    // Reset permissions
+    await db.delete(rolePermissions).where(eq(rolePermissions.idRole, id));
+
+    if (body.permissions?.length) {
+      await db.insert(rolePermissions).values(
+        body.permissions.map((p) => ({ idRole: id, idPermission: p })),
+      );
+    }
+
+    const role = await getRoleWithPermissions(id);
+    return new Response(JSON.stringify(role), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #69 DELETE /roles/{idRole}
+  async DELETE(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const id = Number(context.params.idRole);
+
+    // Cascade delete role_permissions first
+    await db.delete(rolePermissions).where(eq(rolePermissions.idRole, id));
+
+    const [deleted] = await db
+      .delete(roles)
+      .where(eq(roles.id, id))
+      .returning();
+
+    if (!deleted) return NOT_FOUND;
+
+    return new Response(null, { status: 204 });
+  },
+};

routes/(apps)/admin/api/users.ts

@@ -0,0 +1,60 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { users } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #60 GET /users
+  async GET(
+    request: Request,
+    _context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const url = new URL(request.url);
+    const idRole = url.searchParams.get("idRole");
+
+    const rows = idRole
+      ? await db.select().from(users).where(eq(users.idRole, Number(idRole)))
+      : await db.select().from(users);
+
+    return new Response(JSON.stringify(rows), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #61 POST /users
+  async POST(
+    request: Request,
+    _context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const body: { id: string; nom: string; prenom: string; idRole: number } =
+      await request.json();
+
+    if (!body.id || !body.nom || !body.prenom) {
+      return new Response(null, { status: 400 });
+    }
+
+    const existing = await db
+      .select()
+      .from(users)
+      .where(eq(users.id, body.id))
+      .then((rows) => rows[0] ?? null);
+
+    if (existing) {
+      return new Response(
+        JSON.stringify({ error: "Un utilisateur avec cet identifiant existe déjà" }),
+        { status: 409, headers: { "content-type": "application/json" } },
+      );
+    }
+
+    const [created] = await db
+      .insert(users)
+      .values({ id: body.id, nom: body.nom, prenom: body.prenom, idRole: body.idRole })
+      .returning();
+
+    return new Response(JSON.stringify(created), {
+      status: 201,
+      headers: { "content-type": "application/json" },
+    });
+  },
+};

routes/(apps)/admin/api/users/[id].ts

@@ -0,0 +1,66 @@
+import { FreshContext, Handlers } from "$fresh/server.ts";
+import { db } from "$root/databases/db.ts";
+import { users } from "$root/databases/schema.ts";
+import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { eq } from "npm:drizzle-orm";
+
+const NOT_FOUND = new Response(
+  JSON.stringify({ error: "Ressource introuvable" }),
+  { status: 404, headers: { "content-type": "application/json" } },
+);
+
+export const handler: Handlers<null, AuthenticatedState> = {
+  // #62 GET /users/{id}
+  async GET(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const user = await db
+      .select()
+      .from(users)
+      .where(eq(users.id, context.params.id))
+      .then((rows) => rows[0] ?? null);
+
+    if (!user) return NOT_FOUND;
+
+    return new Response(JSON.stringify(user), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #63 PUT /users/{id}
+  async PUT(
+    request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const body: { nom: string; prenom: string; idRole: number } =
+      await request.json();
+
+    const [updated] = await db
+      .update(users)
+      .set({ nom: body.nom, prenom: body.prenom, idRole: body.idRole })
+      .where(eq(users.id, context.params.id))
+      .returning();
+
+    if (!updated) return NOT_FOUND;
+
+    return new Response(JSON.stringify(updated), {
+      headers: { "content-type": "application/json" },
+    });
+  },
+
+  // #64 DELETE /users/{id}
+  async DELETE(
+    _request: Request,
+    context: FreshContext<AuthenticatedState>,
+  ): Promise<Response> {
+    const [deleted] = await db
+      .delete(users)
+      .where(eq(users.id, context.params.id))
+      .returning();
+
+    if (!deleted) return NOT_FOUND;
+
+    return new Response(null, { status: 204 });
+  },
+};

routes/(apps)/admin/index.tsx

@@ -0,0 +1,2 @@
+import makeIndex from "$root/defaults/makeIndex.ts";
+export default makeIndex(import.meta.dirname!);

routes/(apps)/admin/partials/index.tsx

@@ -0,0 +1,13 @@
+import {
+  getPartialsConfig,
+  makePartials,
+} from "$root/defaults/makePartials.tsx";
+import { FreshContext } from "$fresh/server.ts";
+import { State } from "$root/routes/_middleware.ts";
+
+export async function Index(request: Request, context: FreshContext<State>) {
+  return <h2>Welcome to Admin.</h2>;
+}
+
+export const config = getPartialsConfig();
+export default makePartials(Index);

routes/(apps)/students/api/students.ts

@@ -1,122 +1,57 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
-import { promotions, students } from "$root/databases/schema.ts";
+import { students } from "$root/databases/schema.ts";
 import { AuthenticatedState } from "$root/defaults/interfaces.ts";
-import { eq, lt } from "npm:drizzle-orm";
-
-async function getItself(
-  userId: string,
-): Promise<{ student: Student | null; promo: Promotion | null }> {
-  const student = await db
-    .select()
-    .from(students)
-    .where(eq(students.userId, userId))
-    .limit(1)
-    .then((rows) => rows[0] ?? null);
-
-  if (!student) {
-    return { student: null, promo: null };
-  }
-
-  const promo = await db
-    .select()
-    .from(promotions)
-    .where(eq(promotions.id, student.promotionId!))
-    .limit(1)
-    .then((rows) => rows[0] ?? null);
-
-  return { student, promo };
-}
-
-async function getAll(): Promise<
-  { students: Student[]; promos: Promotion[] }
-> {
-  const rows = await db
-    .select({
-      userId: students.userId,
-      firstName: students.firstName,
-      lastName: students.lastName,
-      mail: students.mail,
-      promotionId: students.promotionId,
-    })
-    .from(students)
-    .innerJoin(promotions, eq(students.promotionId, promotions.id))
-    .where(lt(promotions.current, 6));
-
-  const promos = await db
-    .select()
-    .from(promotions)
-    .where(lt(promotions.current, 6));
-
-  return { students: rows as Student[], promos };
-}
-
-async function addStudents(
-  studentList: Student[],
-  promoId: number,
-): Promise<void> {
-  for (const student of studentList) {
-    await db
-      .insert(students)
-      .values({
-        userId: student.userId,
-        firstName: student.firstName,
-        lastName: student.lastName,
-        mail: student.mail,
-        promotionId: promoId,
-      })
-      .onConflictDoNothing();
-  }
-}
+import { eq } from "npm:drizzle-orm";
 
 export const handler: Handlers<null, AuthenticatedState> = {
+  // #7 GET /students
   async GET(
-    _request: Request,
+    request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation == "student") {
-      return new Response(
-        JSON.stringify(await getItself(context.state.session.uid)),
-        { headers: { "content-type": "application/json" } },
-      );
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return new Response(JSON.stringify([]), {
+        headers: { "content-type": "application/json" },
+      });
     }
 
-    return new Response(
-      JSON.stringify(await getAll()),
-      { headers: { "content-type": "application/json" } },
-    );
+    const url = new URL(request.url);
+    const idPromo = url.searchParams.get("idPromo");
+
+    const rows = idPromo
+      ? await db.select().from(students).where(eq(students.idPromo, idPromo))
+      : await db.select().from(students);
+
+    return new Response(JSON.stringify(rows), {
+      headers: { "content-type": "application/json" },
+    });
   },
 
+  // #8 POST /students
   async POST(
     request: Request,
-    _context: FreshContext<AuthenticatedState>,
+    context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    const { students: studentList, promo }: {
-      students: Student[];
-      promo: string;
-    } = await request.json();
+    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+      return new Response(null, { status: 403 });
+    }
 
-    if (!promo || !promo.match(/^\d{4}-\dA$/) || !Array.isArray(studentList)) {
+    const body: { numEtud: number; nom: string; prenom: string; idPromo: string } =
+      await request.json();
+
+    if (!body.nom || !body.prenom || !body.idPromo) {
       return new Response(null, { status: 400 });
     }
 
-    const { endyear, current } = promo.match(
-      /^(?<endyear>\d{4})-(?<current>\d)A$/,
-    )?.groups!;
+    const [created] = await db
+      .insert(students)
+      .values({ nom: body.nom, prenom: body.prenom, idPromo: body.idPromo })
+      .returning();
 
-    await db
-      .insert(promotions)
-      .values({ endyear: Number(endyear), current: Number(current) })
-      .onConflictDoNothing();
-
-    const promo_row = await db
-      .select()
-      .from(promotions)
-      .where(eq(promotions.endyear, Number(endyear)))
-      .then((rows) => rows.find((r) => r.current === Number(current))!);
-
-    await addStudents(studentList, promo_row.id);
-
-    return new Response(null, { status: 201 });
+    return new Response(JSON.stringify(created), {
+      status: 201,
+      headers: { "content-type": "application/json" },
+    });
   },
 };