PolyMPR/routes/(apps)/admin/api/roles/[idRole].ts

import { FreshContext, Handlers } from "$fresh/server.ts";
import { db } from "$root/databases/db.ts";
import { rolePermissions, roles } from "$root/databases/schema.ts";
import { AuthenticatedState } from "$root/defaults/interfaces.ts";
import { eq } from "npm:drizzle-orm";

const NOT_FOUND = new Response(
  JSON.stringify({ error: "Ressource introuvable" }),
  { status: 404, headers: { "content-type": "application/json" } },
);

async function getRoleWithPermissions(
  id: number,
): Promise<{ id: number; nom: string; permissions: string[] } | null> {
  const role = await db
    .select()
    .from(roles)
    .where(eq(roles.id, id))
    .then((rows) => rows[0] ?? null);

  if (!role) return null;

  const perms = await db
    .select({ idPermission: rolePermissions.idPermission })
    .from(rolePermissions)
    .where(eq(rolePermissions.idRole, id));

  return { id: role.id, nom: role.nom, permissions: perms.map((p) => p.idPermission) };
}

export const handler: Handlers<null, AuthenticatedState> = {
  // #67 GET /roles/{idRole}
  async GET(
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
    const id = Number(context.params.idRole);
    const role = await getRoleWithPermissions(id);

    if (!role) return NOT_FOUND;

    return new Response(JSON.stringify(role), {
      headers: { "content-type": "application/json" },
    });
  },

  // #68 PUT /roles/{idRole}
  async PUT(
    request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
    const id = Number(context.params.idRole);
    const body: { nom: string; permissions: string[] } = await request.json();

    const [updated] = await db
      .update(roles)
      .set({ nom: body.nom })
      .where(eq(roles.id, id))
      .returning();

    if (!updated) return NOT_FOUND;

    // Reset permissions
    await db.delete(rolePermissions).where(eq(rolePermissions.idRole, id));

    if (body.permissions?.length) {
      await db.insert(rolePermissions).values(
        body.permissions.map((p) => ({ idRole: id, idPermission: p })),
      );
    }

    const role = await getRoleWithPermissions(id);
    return new Response(JSON.stringify(role), {
      headers: { "content-type": "application/json" },
    });
  },

  // #69 DELETE /roles/{idRole}
  async DELETE(
    _request: Request,
    context: FreshContext<AuthenticatedState>,
  ): Promise<Response> {
    const id = Number(context.params.idRole);

    // Cascade delete role_permissions first
    await db.delete(rolePermissions).where(eq(rolePermissions.idRole, id));

    const [deleted] = await db
      .delete(roles)
      .where(eq(roles.id, id))
      .returning();

    if (!deleted) return NOT_FOUND;

    return new Response(null, { status: 204 });
  },
};