fix: faculty users are now recognized as employees

defaults/interfaces.ts

@@ -63,6 +63,11 @@ export interface LoginJWT {
   user: CasContent;
 }
 
+export function isEmployee(session: CasContent): boolean {
+  return session.eduPersonPrimaryAffiliation === "employee" ||
+    session.eduPersonPrimaryAffiliation === "faculty";
+}
+
 export type EmptyObject = Record<string | number | symbol, never>;
 
 // deno-lint-ignore no-explicit-any

fresh.config.ts

@@ -6,8 +6,6 @@ await load({ envPath: "./.env", export: true });
 await ensureDatabases();
 export default defineConfig({
   server: {
-    cert: await Deno.readTextFile("certs/cert.pem"),
+    port: 80,
-    key: await Deno.readTextFile("certs/key.pem"),
-    port: 443,
   },
 });

routes/(apps)/admin/api/enseignements.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { enseignements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const _NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(JSON.stringify([]), {
         headers: { "content-type": "application/json" },
       });
@@ -40,7 +40,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 

routes/(apps)/admin/api/enseignements/[idProf]/[idModule]/[idPromo].ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { enseignements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -18,7 +18,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -50,7 +50,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 

routes/(apps)/admin/api/modules.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { modules } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -21,7 +21,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 

routes/(apps)/admin/api/ue-modules/[idModule]/[idUE]/[idPromo].ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ueModules } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -58,7 +58,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -111,7 +111,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 

routes/(apps)/mobility/api/mobilites.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const VALID_STATUSES = [
@@ -46,15 +46,14 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    const isEmployee =
+    const employeeCheck = isEmployee(context.state.session);
-      context.state.session.eduPersonPrimaryAffiliation === "employee";
 
     try {
       const body = await request.json();
       const { numEtud, duree, ecole, pays, status, idStage } = body;
 
       // Students can only create mobilites for themselves
-      if (!isEmployee && numEtud !== undefined) {
+      if (!employeeCheck && numEtud !== undefined) {
         // Students cannot set idStage or status
         if (idStage || (status && status !== "contracts_received")) {
           return new Response(null, { status: 403 });

routes/(apps)/mobility/api/mobilites/[idMob].ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const VALID_STATUSES = [
@@ -49,7 +49,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -115,7 +115,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 

routes/(apps)/mobility/api/mobilites/[idMob]/contrat.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const CONTRACTS_DIR = "uploads/contracts";
@@ -118,7 +118,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 

routes/(apps)/notes/api/ajustements.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 

routes/(apps)/notes/api/ajustements/[numEtud]/[idUE].ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -18,7 +18,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -100,7 +100,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 

routes/(apps)/notes/partials/index.tsx

@@ -3,16 +3,16 @@ import {
   makePartials,
 } from "$root/defaults/makePartials.tsx";
 import { FreshContext } from "$fresh/server.ts";
-import { State } from "$root/defaults/interfaces.ts";
+import { isEmployee, State } from "$root/defaults/interfaces.ts";
 
 // deno-lint-ignore require-await
 export async function Index(
   _request: Request,
   context: FreshContext<State>,
 ) {
-  const isEmployee =
+  const employeeCheck = isEmployee(
-    (context.state as unknown as { session: Record<string, string> }).session
+    (context.state as unknown as { session: Record<string, string> }).session,
-      .eduPersonPrimaryAffiliation === "employee";
+  );
 
   return (
     <div class="page-content">
@@ -25,7 +25,7 @@ export async function Index(
         </strong>
         .
       </p>
-      {isEmployee
+      {employeeCheck
         ? (
           <p>
             Consultez les{" "}

routes/(apps)/stages/api/stages.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { stages } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -38,7 +38,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 

routes/(apps)/stages/api/stages/[idStage].ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites, stages } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -41,7 +41,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -98,7 +98,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 

routes/(apps)/students/api/promotions.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { promotions } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 
 export const handler: Handlers<null, AuthenticatedState> = {
   // #13 GET /promotions
@@ -9,7 +9,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(JSON.stringify([]), {
         headers: { "content-type": "application/json" },
       });
@@ -26,7 +26,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 

routes/(apps)/students/api/promotions/[idPromo].ts

@@ -10,7 +10,7 @@ import {
   ueModules,
   ues,
 } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -27,7 +27,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -49,7 +49,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -76,7 +76,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 

routes/(apps)/students/api/students.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -10,7 +10,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(JSON.stringify([]), {
         headers: { "content-type": "application/json" },
       });
@@ -33,7 +33,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 

routes/(apps)/students/api/students/[numEtud].ts

@@ -7,7 +7,7 @@ import {
   stages,
   students,
 } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 
 const NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 
@@ -86,7 +86,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     _request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return FORBIDDEN();
     }
 

routes/(apps)/students/api/students/import-csv.ts

@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 
 // #9 POST /students/import-csv
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -9,7 +9,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
     request: Request,
     context: FreshContext<AuthenticatedState>,
   ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
       return new Response(null, { status: 403 });
     }
 

routes/(apps)/students/partials/index.tsx

@@ -3,16 +3,16 @@ import {
   makePartials,
 } from "$root/defaults/makePartials.tsx";
 import { FreshContext } from "$fresh/server.ts";
-import { State } from "$root/defaults/interfaces.ts";
+import { isEmployee, State } from "$root/defaults/interfaces.ts";
 
 // deno-lint-ignore require-await
 export async function Index(
   _request: Request,
   context: FreshContext<State>,
 ) {
-  const isEmployee =
+  const employeeStatus = isEmployee(
-    (context.state as unknown as { session: Record<string, string> }).session
+    (context.state as unknown as { session: Record<string, string> }).session,
-      .eduPersonPrimaryAffiliation === "employee";
+  );
 
   return (
     <div class="page-content">
@@ -25,7 +25,7 @@ export async function Index(
         </strong>
         .
       </p>
-      {isEmployee && (
+      {employeeStatus && (
         <p>
           Consultez la{" "}
           <a href="/students/consult" f-partial="/students/partials/consult">