djalim
9368e68622
refactor: add withRules wrapper to API routes Use withRules to enforce permissions instead of manual checks. Remove FORBIDDEN constant, simplify handlers, import withRules, adjust GET/POST/PUT/DELETE handlers. Centralizes auth logic. refactor: replace manual auth checks with withRules wrapper for routes refactor(student routes): replace manual employee checks with withRules wrapper
67 lines
2.0 KiB
TypeScript
67 lines
2.0 KiB
TypeScript
import { Handlers } from "$fresh/server.ts";
|
|
import { db } from "$root/databases/db.ts";
|
|
import { ajustements } from "$root/databases/schema.ts";
|
|
import { withRules } from "$root/defaults/withRules.ts";
|
|
import { eq } from "npm:drizzle-orm@0.45.2";
|
|
|
|
export const handler: Handlers = {
|
|
// #48 GET /ajustements
|
|
GET: withRules(["note_read"])(async (request, _context) => {
|
|
const url = new URL(request.url);
|
|
const numEtudParam = url.searchParams.get("numEtud");
|
|
const idUEParam = url.searchParams.get("idUE");
|
|
|
|
let query = db.select().from(ajustements).$dynamic();
|
|
|
|
if (numEtudParam) {
|
|
const numEtud = parseInt(numEtudParam);
|
|
if (isNaN(numEtud)) {
|
|
return new Response("Paramètre numEtud invalide", { status: 400 });
|
|
}
|
|
query = query.where(eq(ajustements.numEtud, numEtud));
|
|
}
|
|
|
|
if (idUEParam) {
|
|
const idUE = parseInt(idUEParam);
|
|
if (isNaN(idUE)) {
|
|
return new Response("Paramètre idUE invalide", { status: 400 });
|
|
}
|
|
query = query.where(eq(ajustements.idUE, idUE));
|
|
}
|
|
|
|
const result = await query;
|
|
|
|
return new Response(JSON.stringify(result), {
|
|
status: 200,
|
|
headers: { "Content-Type": "application/json" },
|
|
});
|
|
}),
|
|
|
|
// #49 POST /ajustements
|
|
POST: withRules(["note_write"])(async (request, _context) => {
|
|
const body: { numEtud: number; idUE: number; valeur: number } =
|
|
await request.json();
|
|
|
|
if (!body.numEtud || !body.idUE || body.valeur === undefined) {
|
|
return new Response(
|
|
JSON.stringify({ error: "Champs requis: numEtud, idUE, valeur" }),
|
|
{ status: 400, headers: { "content-type": "application/json" } },
|
|
);
|
|
}
|
|
|
|
const [created] = await db
|
|
.insert(ajustements)
|
|
.values({
|
|
numEtud: body.numEtud,
|
|
idUE: body.idUE,
|
|
valeur: body.valeur,
|
|
})
|
|
.returning();
|
|
|
|
return new Response(JSON.stringify(created), {
|
|
status: 201,
|
|
headers: { "content-type": "application/json" },
|
|
});
|
|
}),
|
|
};
|