admin/PolyMPR
1
0
Fork 0
Code Issues 14 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
Files
develop
PolyMPR/routes/(apps)/_middleware.ts
T
djalim 9a4c6863d1 feat: stages module, mobility frontend, theme toggle, employeeOnly access control 
- Add stages module with full CRUD API and admin overview island
- Add mobility overview island (Liste, Kanban, Detail CRUD views)
- Add contract PDF upload/download endpoints for mobilites
- Add light/dark theme toggle in header
- Add employeeOnly flag to hide entire modules from students (admin, students, stages)
- Add read-only GET endpoints for modules/ues/ue-modules in notes module
- Add [slug].tsx catch-all routes for direct URL navigation
- Replace old mobility table with mobilites + stages schema (migration 0004)
- Allow students to create mobilites and upload contracts
- Redirect authenticated users from / to /apps catalog
2026-05-01 12:47:23 +02:00

52 lines
1.7 KiB
TypeScript
Raw Permalink Blame History

import { FreshContext, MiddlewareHandler } from "$fresh/server.ts";
import {
AppProperties,
AuthenticatedState,
} from "$root/defaults/interfaces.ts";
export const handler: MiddlewareHandler<AuthenticatedState>[] = [
/**
* Get all available pages for current user.
* @param request The HTTP incomming request.
* @param context The Fresh context object with custom `AuthenticatedState`.
* @returns The response from the next middleware.
*/
async function getAllAvailablePages(
request: Request,
context: FreshContext<AuthenticatedState>,
): Promise<Response> {
const pathname = new URL(request.url).pathname;
const currentApp = pathname.split("/")[1];
const properties: AppProperties = (await import(
`./${currentApp}/(_props)/props.ts`
)).default;
const isStudent =
context.state.session.eduPersonPrimaryAffiliation === "student";
const isLocal = Deno.env.get("LOCAL") === "true";
// Block students from accessing employeeOnly modules entirely
if (isStudent && properties.employeeOnly) {
return new Response(null, { status: 403 });
}
context.state.availablePages = { ...properties.pages };
if (isStudent) {
// Students only see studentOnly pages (+ non-restricted pages)
properties.adminOnly.forEach((page) =>
delete context.state.availablePages[page]
);
} else if (isLocal) {
// In local mode, employees see all pages (admin + student)
} else {
// In prod, employees don't see studentOnly pages
properties.studentOnly?.forEach((page) =>
delete context.state.availablePages[page]
);
}
return await context.next();
},
];
Reference in New Issue View Git Blame Copy Permalink