refactor(#78): simplify route, consolidate button markup, use executemany

Author: William-Hill

codebenders-dashboard/app/api/students/[guid]/sis-link/route.ts

@@ -6,32 +6,40 @@ import { canAccess, type Role } from "@/lib/roles"
 
 const LOGS_DIR = path.join(process.cwd(), "logs")
 const LOG_FILE = path.join(LOGS_DIR, "query-history.jsonl")
+const SIS_ID_PARAM = process.env.SIS_ID_PARAM || "id"
+
+let logDirReady = false
+
+function writeAuditLog(entry: Record<string, unknown>) {
+  const doWrite = async () => {
+    if (!logDirReady) {
+      await mkdir(LOGS_DIR, { recursive: true })
+      logDirReady = true
+    }
+    await appendFile(LOG_FILE, JSON.stringify(entry) + "\n", "utf8")
+  }
+  doWrite().catch(err => console.error("SIS audit log write failed:", err))
+}
 
 export async function GET(
   request: NextRequest,
   { params }: { params: Promise<{ guid: string }> }
 ) {
-  // Feature disabled if SIS_BASE_URL is not configured
   const sisBaseUrl = process.env.SIS_BASE_URL
   if (!sisBaseUrl) {
     return NextResponse.json({ url: null }, { status: 404 })
   }
 
-  // Role check
   const role = request.headers.get("x-user-role") as Role | null
   if (!role || !canAccess("/api/students", role)) {
     return NextResponse.json({ error: "Forbidden" }, { status: 403 })
   }
 
   const { guid } = await params
-  if (!guid) {
-    return NextResponse.json({ error: "Missing student GUID" }, { status: 400 })
-  }
 
   let url: string
 
   try {
-    // Look up SIS ID from mapping table
     const pool = getPool()
     const result = await pool.query(
       "SELECT sis_id FROM guid_sis_map WHERE student_guid = $1 LIMIT 1",
@@ -42,10 +50,9 @@ export async function GET(
       return NextResponse.json({ url: null }, { status: 404 })
     }
 
-    // Build URL server-side — SIS ID never reaches the client
-    const sisIdParam = process.env.SIS_ID_PARAM || "id"
+    // SIS ID is embedded in the URL but never returned as a standalone field
     const sisId = result.rows[0].sis_id
-    url = `${sisBaseUrl}?${encodeURIComponent(sisIdParam)}=${encodeURIComponent(sisId)}`
+    url = `${sisBaseUrl}?${encodeURIComponent(SIS_ID_PARAM)}=${encodeURIComponent(sisId)}`
   } catch (error) {
     console.error("SIS link lookup error:", error)
     return NextResponse.json(
@@ -54,19 +61,7 @@ export async function GET(
     )
   }
 
-  // Audit log — GUID and role only, never the SIS ID
-  const logEntry = {
-    event: "sis_link_accessed",
-    guid,
-    role,
-    timestamp: new Date().toISOString(),
-  }
-  try {
-    await mkdir(LOGS_DIR, { recursive: true })
-    await appendFile(LOG_FILE, JSON.stringify(logEntry) + "\n", "utf8")
-  } catch (auditErr) {
-    console.error("SIS audit log write failed:", auditErr)
-  }
+  writeAuditLog({ event: "sis_link_accessed", guid, role, timestamp: new Date().toISOString() })
 
   return NextResponse.json({ url })
 }

codebenders-dashboard/app/students/[guid]/page.tsx

@@ -217,24 +217,14 @@ export default function StudentDetailPage() {
               {sisStatus === "loading" && (
                 <div className="h-7 w-24 rounded bg-muted animate-pulse" />
               )}
-              {sisStatus === "available" && sisLink && (
+              {(sisStatus === "available" || sisStatus === "unavailable") && (
                 <Button
                   variant="outline"
                   size="sm"
                   className="gap-1.5"
-                  onClick={() => window.open(sisLink, "_blank", "noopener,noreferrer")}
-                >
-                  <ExternalLink className="h-3.5 w-3.5" />
-                  Open in SIS
-                </Button>
-              )}
-              {sisStatus === "unavailable" && (
-                <Button
-                  variant="outline"
-                  size="sm"
-                  className="gap-1.5"
-                  disabled
-                  title="No SIS record linked for this student"
+                  disabled={sisStatus === "unavailable"}
+                  title={sisStatus === "unavailable" ? "No SIS record linked for this student" : undefined}
+                  onClick={sisLink ? () => window.open(sisLink, "_blank", "noopener,noreferrer") : undefined}
                 >
                   <ExternalLink className="h-3.5 w-3.5" />
                   Open in SIS

operations/seed_guid_sis_map.py

@@ -14,7 +14,6 @@ def seed_guid_sis_map():
     cursor = connection.cursor()
 
     try:
-        # Create table
         cursor.execute("""
             CREATE TABLE IF NOT EXISTS guid_sis_map (
                 student_guid TEXT PRIMARY KEY,
@@ -23,7 +22,6 @@ def seed_guid_sis_map():
         """)
         print("✓ guid_sis_map table created/verified")
 
-        # Pick ~20 random GUIDs from student_level_with_predictions
         cursor.execute("""
             SELECT "Student_GUID"
             FROM student_level_with_predictions
@@ -36,23 +34,16 @@ def seed_guid_sis_map():
             print("✗ No students found in student_level_with_predictions")
             return False
 
-        # Clear existing demo data and insert fresh mappings
         cursor.execute("DELETE FROM guid_sis_map")
 
-        for i, guid in enumerate(guids, start=100001):
-            sis_id = f"BSC-{i}"
-            cursor.execute(
-                "INSERT INTO guid_sis_map (student_guid, sis_id) VALUES (%s, %s)",
-                (guid, sis_id)
-            )
+        rows = [(guid, f"BSC-{i}") for i, guid in enumerate(guids, start=100001)]
+        cursor.executemany(
+            "INSERT INTO guid_sis_map (student_guid, sis_id) VALUES (%s, %s)",
+            rows
+        )
 
         connection.commit()
-        print(f"✓ Seeded {len(guids)} GUID → SIS ID mappings (BSC-100001 .. BSC-{100000 + len(guids)})")
-
-        # Verify
-        cursor.execute("SELECT COUNT(*) AS count FROM guid_sis_map")
-        count = cursor.fetchone()['count']
-        print(f"✓ Verified: {count} records in guid_sis_map")
+        print(f"✓ Seeded {len(rows)} GUID → SIS ID mappings ({rows[0][1]} .. {rows[-1][1]})")
 
         return True