admin/PolyMPR
1
0
Fork 0
Code Issues 14 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity

feat: permission system with withRules() wrapper #107

New Issue
Open
opened 2026-04-22 13:23:07 +00:00 by djalim · 0 comments
djalim commented 2026-04-22 13:23:07 +00:00
Collaborator
Copy Link
Copy Source

Description

Add a developer-friendly permission system via a withRules() wrapper in defaults/withRules.ts.

How it works

Access is granted if any of the provided rules passes (OR logic). Two types of rules are supported:

DB-based permissions — checks the user's role against the role_permissions table:
student_read, student_write, note_read, note_write, module_read, module_write, user_read, user_write, role_write

Contextual rules — checks ownership based on the CAS uid (format: {prenom[0]}{numEtud}):
own_student, own_note

A CAS user that is neither in the users table nor the students table has no rights.

Usage

import { withRules } from "$root/defaults/withRules.ts";

export const handler: Handlers<null, AuthenticatedState> = {
  // Admins see all notes, students see only their own
  GET: withRules(["note_read", "own_note"])(async (_req, ctx) => {
    // ...
  }),

  // Only users with note_write permission
  POST: withRules(["note_write"])(async (req, _ctx) => {
    // ...
  }),
};

Branch

feature/permission-system

## Description Add a developer-friendly permission system via a `withRules()` wrapper in `defaults/withRules.ts`. ## How it works Access is granted if **any** of the provided rules passes (OR logic). Two types of rules are supported: **DB-based permissions** — checks the user's role against the `role_permissions` table: `student_read`, `student_write`, `note_read`, `note_write`, `module_read`, `module_write`, `user_read`, `user_write`, `role_write` **Contextual rules** — checks ownership based on the CAS uid (format: `{prenom[0]}{numEtud}`): `own_student`, `own_note` A CAS user that is neither in the `users` table nor the `students` table has no rights. ## Usage ```typescript import { withRules } from "$root/defaults/withRules.ts"; export const handler: Handlers<null, AuthenticatedState> = { // Admins see all notes, students see only their own GET: withRules(["note_read", "own_note"])(async (_req, ctx) => { // ... }), // Only users with note_write permission POST: withRules(["note_write"])(async (req, _ctx) => { // ... }), }; ``` ## Branch `feature/permission-system`
djalim added this to the Module Managment project 2026-04-22 13:32:09 +00:00
djalim self-assigned this 2026-04-22 13:32:14 +00:00
djalim moved this to 🔴 high priority in Module Managment on 2026-04-22 13:32:22 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project Module Managment
Assignees
Clear assignees
anys clement djalim ibra admin
No Assignees djalim
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: admin/PolyMPR#107
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?