feat(utilisateurs): ajoute des nouvelles routes pour créer des utilisateurs

vmaubert · vmaubert · commit 72919948f9f7 · 2025-10-06T14:58:30.000+02:00
diff --git a/server/controllers/userController.ts b/server/controllers/userController.ts
@@ -20,6 +20,17 @@ export const usersRouter = {
       }
 
       return { status: constants.HTTP_STATUS_OK, response: user };
+    },
+    put: async ({ body }, { userId }) => {
+      console.info('Update user', body);
+
+      const userToUpdate = await userRepository.findUnique(userId);
+      if (!userToUpdate) {
+        return { status: constants.HTTP_STATUS_NOT_FOUND };
+      }
+
+      await userRepository.update(body, userId);
+      return { status: constants.HTTP_STATUS_OK };
     }
   },
   '/users': {
@@ -34,6 +45,12 @@ export const usersRouter = {
       const users = await userRepository.findMany(findOptions);
 
       return { status: constants.HTTP_STATUS_OK, response: users };
+    },
+    post: async ({ body }) => {
+      console.info('Create user', body);
+
+      await userRepository.insert(body);
+      return { status: constants.HTTP_STATUS_CREATED };
     }
   }
 } as const satisfies ProtectedSubRouter;
diff --git a/server/repositories/userRepository.test.ts b/server/repositories/userRepository.test.ts
@@ -7,11 +7,8 @@ import { userRepository } from './userRepository';
 test("impossible d'avoir 2 utilisateurs avec le même email", async () => {
   const email = 'email@email.fr';
 
-  await kysely.insertInto('users').values(genUser({ email })).execute();
-  await kysely
-    .insertInto('users')
-    .values(genUser({ email: 'anotheremail@email.fr' }))
-    .execute();
+  await userRepository.insert(genUser({ email }));
+  await userRepository.insert(genUser({ email: 'anotheremail@email.fr' }));
 
   await expect(async () =>
     kysely
@@ -31,8 +28,8 @@ test("peut modifier le nom et le prénom d'un utilisateur", async () => {
   const user1 = genUser();
   const user2 = genUser();
 
-  await kysely.insertInto('users').values(user1).execute();
-  await kysely.insertInto('users').values(user2).execute();
+  await userRepository.insert(user1);
+  await userRepository.insert(user2);
 
   const newName = 'fullName';
 
@@ -57,12 +54,12 @@ test("peut modifier le nom et le prénom d'un utilisateur", async () => {
     .selectAll()
     .where('email', '=', user2.email)
     .executeTakeFirst();
-  expect(user2InDb).toMatchObject(user2);
+  expect(user2InDb).toMatchObject({ ...user2, name: '-' });
 });
 test('peut ajouter et supprimer un logged secret', async () => {
   const user1 = genUser();
 
-  await kysely.insertInto('users').values(user1).execute();
+  await userRepository.insert(user1);
 
   const newSecret = uuidv4();
 
diff --git a/server/repositories/userRepository.ts b/server/repositories/userRepository.ts
@@ -59,6 +59,15 @@ const findMany = async (findOptions: FindUserOptions): Promise<User[]> => {
   return users.map((_: User) => User.parse(_));
 };
 
+const insert = async (
+  user: Omit<KyselyUser, 'id' | 'loggedSecrets' | 'name'>
+): Promise<void> => {
+  await kysely
+    .insertInto('users')
+    .values({ ...user, name: '-' })
+    .execute();
+};
+
 const update = async (
   partialUser: Partial<Omit<KyselyUser, 'id' | 'loggedSecrets'>>,
   id: User['id']
@@ -98,6 +107,7 @@ export const userRepository = {
   findOne,
   findMany,
   update,
+  insert,
   addLoggedSecret,
   deleteLoggedSecret
 };
diff --git a/server/routers/test/user.router.test.ts b/server/routers/test/user.router.test.ts
@@ -5,6 +5,8 @@ import { COOKIE_MAESTRO_ACCESS_TOKEN } from 'maestro-shared/constants';
 import { Region } from 'maestro-shared/referential/Region';
 import { User } from 'maestro-shared/schema/User/User';
 import {
+  AdminFixture,
+  genUser,
   NationalCoordinator,
   RegionalCoordinator,
   Sampler1Fixture,
@@ -130,4 +132,52 @@ describe('User router', () => {
       );
     });
   });
+
+  describe('POST /', () => {
+    const testRoute = () => `/api/users`;
+
+    test('should fail if the user is not administrator', async () => {
+      await request(app)
+        .post(testRoute())
+        .use(tokenProvider(NationalCoordinator))
+        .send(genUser())
+        .expect(constants.HTTP_STATUS_FORBIDDEN);
+    });
+
+    test('should create an user', async () => {
+      await request(app)
+        .post(testRoute())
+        .send(genUser())
+        .use(tokenProvider(AdminFixture))
+        .expect(constants.HTTP_STATUS_CREATED);
+    });
+  });
+
+  describe('PUT /{userId}', () => {
+    const testRoute = (userId: string) => `/api/users/${userId}`;
+
+    test('should fail if the user is not administrator', async () => {
+      await request(app)
+        .put(testRoute(NationalCoordinator.id))
+        .send({ role: 'Sampler' })
+        .use(tokenProvider(NationalCoordinator))
+        .expect(constants.HTTP_STATUS_FORBIDDEN);
+    });
+
+    test('should fail if the updated user is unknown', async () => {
+      await request(app)
+        .put(testRoute('55555555-5555-5555-5555-555555555550'))
+        .send({ role: 'Sampler' })
+        .use(tokenProvider(AdminFixture))
+        .expect(constants.HTTP_STATUS_NOT_FOUND);
+    });
+
+    test('should update an user', async () => {
+      await request(app)
+        .put(testRoute(NationalCoordinator.id))
+        .send({ role: 'Sampler' })
+        .use(tokenProvider(AdminFixture))
+        .expect(constants.HTTP_STATUS_OK);
+    });
+  });
 });
diff --git a/shared/routes/users.routes.ts b/shared/routes/users.routes.ts
@@ -1,6 +1,6 @@
 import z from 'zod';
 import { FindUserOptions } from '../schema/User/FindUserOptions';
-import { User } from '../schema/User/User';
+import { User, UserToCreate, UserToUpdate } from '../schema/User/User';
 import { SubRoutes } from './routes';
 
 export const usersRoutes = {
@@ -10,6 +10,11 @@ export const usersRoutes = {
       response: z.array(User),
       query: FindUserOptions,
       permissions: 'NONE'
+    },
+    post: {
+      response: z.void(),
+      permissions: ['administrationMaestro'],
+      body: UserToCreate
     }
   },
   '/users/:userId': {
@@ -19,6 +24,11 @@ export const usersRoutes = {
     get: {
       response: User,
       permissions: 'NONE'
+    },
+    put: {
+      response: z.void(),
+      permissions: ['administrationMaestro'],
+      body: UserToUpdate
     }
   }
 } as const satisfies SubRoutes<'/users'>;
diff --git a/shared/schema/User/User.ts b/shared/schema/User/User.ts
@@ -13,11 +13,11 @@ import {
 
 const BaseUser = z.object({
   id: z.guid(),
-  email: z.string().email(),
+  email: z.email(),
   name: z.string(),
   programmingPlanKinds: z.array(ProgrammingPlanKind),
   role: UserRole,
-  region: Region.nullish()
+  region: Region.nullable()
 });
 
 export const User = BaseUser.superRefine((user, ctx) => {
@@ -33,6 +33,9 @@ export const User = BaseUser.superRefine((user, ctx) => {
   }
 });
 
+export const UserToCreate = User.omit({ id: true, name: true });
+export const UserToUpdate = User.omit({ name: true }).partial();
+
 export const Sampler = BaseUser.pick({
   id: true,
   name: true
