fix: faculty users are now recognized as employees

refactor(fresh.config): change server port to 80 and remove cert/key
feat: added logs
2026-05-05 15:29:02 +02:00 · 2026-05-05 12:51:38 +00:00 · 2026-05-05 14:50:17 +02:00 · 2026-05-03 21:52:02 +02:00
19 changed files with 62 additions and 58 deletions
@@ -63,6 +63,11 @@ export interface LoginJWT {
  user: CasContent;
 }
 export function isEmployee(session: CasContent): boolean {
  return session.eduPersonPrimaryAffiliation === "employee" ||
    session.eduPersonPrimaryAffiliation === "faculty";
 }
 export type EmptyObject = Record<string | number | symbol, never>;
 // deno-lint-ignore no-explicit-any
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { enseignements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 const _NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(JSON.stringify([]), {
        headers: { "content-type": "application/json" },
      });
@@ -40,7 +40,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { enseignements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 const NOT_FOUND = () =>
@@ -18,7 +18,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -50,7 +50,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { modules } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -21,7 +21,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(null, { status: 403 });
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ueModules } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 const NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -58,7 +58,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -111,7 +111,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 const VALID_STATUSES = [
@@ -46,15 +46,14 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    const isEmployee =
+    const employeeCheck = isEmployee(context.state.session);
      context.state.session.eduPersonPrimaryAffiliation === "employee";
    try {
      const body = await request.json();
      const { numEtud, duree, ecole, pays, status, idStage } = body;
      // Students can only create mobilites for themselves
-      if (!isEmployee && numEtud !== undefined) {
+      if (!employeeCheck && numEtud !== undefined) {
        // Students cannot set idStage or status
        if (idStage || (status && status !== "contracts_received")) {
          return new Response(null, { status: 403 });
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 const VALID_STATUSES = [
@@ -49,7 +49,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -115,7 +115,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 const CONTRACTS_DIR = "uploads/contracts";
@@ -118,7 +118,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(null, { status: 403 });
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(null, { status: 403 });
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { ajustements } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { and, eq } from "npm:drizzle-orm@0.45.2";
 const NOT_FOUND = () =>
@@ -18,7 +18,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -100,7 +100,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -3,16 +3,16 @@ import {
  makePartials,
 } from "$root/defaults/makePartials.tsx";
 import { FreshContext } from "$fresh/server.ts";
-import { State } from "$root/defaults/interfaces.ts";
+import { isEmployee, State } from "$root/defaults/interfaces.ts";
 // deno-lint-ignore require-await
 export async function Index(
  _request: Request,
  context: FreshContext<State>,
 ) {
-  const isEmployee =
+  const employeeCheck = isEmployee(
-    (context.state as unknown as { session: Record<string, string> }).session
+    (context.state as unknown as { session: Record<string, string> }).session,
-      .eduPersonPrimaryAffiliation === "employee";
+  );
  return (
    <div class="page-content">
@@ -25,7 +25,7 @@ export async function Index(
        </strong>
        .
      </p>
-      {isEmployee
+      {employeeCheck
        ? (
          <p>
            Consultez les{" "}
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { stages } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -38,7 +38,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(null, { status: 403 });
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { mobilites, stages } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 const NOT_FOUND = () =>
@@ -41,7 +41,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -98,7 +98,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { promotions } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 export const handler: Handlers<null, AuthenticatedState> = {
  // #13 GET /promotions
@@ -9,7 +9,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(JSON.stringify([]), {
        headers: { "content-type": "application/json" },
      });
@@ -26,7 +26,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(null, { status: 403 });
    }
@@ -10,7 +10,7 @@ import {
  ueModules,
  ues,
 } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 const NOT_FOUND = () =>
@@ -27,7 +27,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -49,7 +49,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -76,7 +76,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -10,7 +10,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(JSON.stringify([]), {
        headers: { "content-type": "application/json" },
      });
@@ -33,7 +33,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(null, { status: 403 });
    }
@@ -7,7 +7,7 @@ import {
  stages,
  students,
 } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 import { eq } from "npm:drizzle-orm@0.45.2";
 const NOT_FOUND = () =>
@@ -24,7 +24,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -47,7 +47,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -86,7 +86,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return FORBIDDEN();
    }
@@ -1,7 +1,7 @@
 import { FreshContext, Handlers } from "$fresh/server.ts";
 import { db } from "$root/databases/db.ts";
 import { students } from "$root/databases/schema.ts";
-import { AuthenticatedState } from "$root/defaults/interfaces.ts";
+import { AuthenticatedState, isEmployee } from "$root/defaults/interfaces.ts";
 // #9 POST /students/import-csv
 export const handler: Handlers<null, AuthenticatedState> = {
@@ -9,7 +9,7 @@ export const handler: Handlers<null, AuthenticatedState> = {
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
-    if (context.state.session.eduPersonPrimaryAffiliation !== "employee") {
+    if (!isEmployee(context.state.session)) {
      return new Response(null, { status: 403 });
    }
@@ -3,16 +3,16 @@ import {
  makePartials,
 } from "$root/defaults/makePartials.tsx";
 import { FreshContext } from "$fresh/server.ts";
-import { State } from "$root/defaults/interfaces.ts";
+import { isEmployee, State } from "$root/defaults/interfaces.ts";
 // deno-lint-ignore require-await
 export async function Index(
  _request: Request,
  context: FreshContext<State>,
 ) {
-  const isEmployee =
+  const employeeStatus = isEmployee(
-    (context.state as unknown as { session: Record<string, string> }).session
+    (context.state as unknown as { session: Record<string, string> }).session,
-      .eduPersonPrimaryAffiliation === "employee";
+  );
  return (
    <div class="page-content">
@@ -25,7 +25,7 @@ export async function Index(
        </strong>
        .
      </p>
-      {isEmployee && (
+      {employeeStatus && (
        <p>
          Consultez la{" "}
          <a href="/students/consult" f-partial="/students/partials/consult">
Author	SHA1	Message	Date
djalim	49bcc3083a	fix: faculty users are now recognized as employees Check Deno code / Check Deno code (push) Has been cancelled Details Tests / Unit tests (push) Has been cancelled Details Tests / Integration tests (push) Has been cancelled Details	2026-05-05 15:29:02 +02:00
djalim	0f87bc18c3	refactor(fresh.config): change server port to 80 and remove cert/key Check Deno code / Check Deno code (push) Has been cancelled Details Tests / Unit tests (push) Has been cancelled Details Tests / Integration tests (push) Has been cancelled Details Check Deno code / Check Deno code (pull_request) Has been cancelled Details Tests / Unit tests (pull_request) Has been cancelled Details Tests / Integration tests (pull_request) Has been cancelled Details	2026-05-05 12:51:38 +00:00
djalim	e719e5129f	feat: added logs Check Deno code / Check Deno code (pull_request) Has been cancelled Details Tests / Unit tests (pull_request) Has been cancelled Details Tests / Integration tests (pull_request) Has been cancelled Details Check Deno code / Check Deno code (push) Has been cancelled Details Tests / Unit tests (push) Has been cancelled Details Tests / Integration tests (push) Has been cancelled Details	2026-05-05 14:50:17 +02:00
djalim	951c9c1fea	test : changed test format + added playwright support Check Deno code / Check Deno code (pull_request) Has been cancelled Details Tests / Unit tests (pull_request) Has been cancelled Details Tests / Integration tests (pull_request) Has been cancelled Details Check Deno code / Check Deno code (push) Has been cancelled Details Tests / Unit tests (push) Has been cancelled Details Tests / Integration tests (push) Has been cancelled Details	2026-05-03 21:52:02 +02:00