djalim
9368e68622
refactor: add withRules wrapper to API routes Use withRules to enforce permissions instead of manual checks. Remove FORBIDDEN constant, simplify handlers, import withRules, adjust GET/POST/PUT/DELETE handlers. Centralizes auth logic. refactor: replace manual auth checks with withRules wrapper for routes refactor(student routes): replace manual employee checks with withRules wrapper
35 lines
1.1 KiB
TypeScript
35 lines
1.1 KiB
TypeScript
import { Handlers } from "$fresh/server.ts";
|
|
import { db } from "$root/databases/db.ts";
|
|
import { promotions } from "$root/databases/schema.ts";
|
|
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
|
|
import { withRules } from "$root/defaults/withRules.ts";
|
|
|
|
export const handler: Handlers<null, AuthenticatedState> = {
|
|
// #13 GET /promotions
|
|
GET: withRules(["student_read"])(async (_request, _context) => {
|
|
const rows = await db.select().from(promotions);
|
|
return new Response(JSON.stringify(rows), {
|
|
headers: { "content-type": "application/json" },
|
|
});
|
|
}),
|
|
|
|
// #14 POST /promotions
|
|
POST: withRules(["student_write"])(async (request, _context) => {
|
|
const body: { idPromo: string; annee: string } = await request.json();
|
|
|
|
if (!body.idPromo || !body.annee) {
|
|
return new Response(null, { status: 400 });
|
|
}
|
|
|
|
const [created] = await db
|
|
.insert(promotions)
|
|
.values({ id: body.idPromo, annee: body.annee })
|
|
.returning();
|
|
|
|
return new Response(JSON.stringify(created), {
|
|
status: 201,
|
|
headers: { "content-type": "application/json" },
|
|
});
|
|
}),
|
|
};
|