From 0fc4e1651b19ee73ea54cc8c5368cdd9f93abf8d Mon Sep 17 00:00:00 2001
From: Matthieu <mtholot19@gmail.com>
Date: Wed, 15 Apr 2026 08:15:43 +0200
Subject: [PATCH] fix(core) : retire user:write des champs RBAC sensibles du
 User

isAdmin, roles et directPermissions ne doivent pas etre modifiables via
PATCH /api/users/{id}. L exposition en ecriture sera traitee par un
processor dedie dans le ticket #344 (spec section 2 OUT).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/Module/Core/Domain/Entity/User.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Module/Core/Domain/Entity/User.php b/src/Module/Core/Domain/Entity/User.php
index d06efdd..b571488 100644
--- a/src/Module/Core/Domain/Entity/User.php
+++ b/src/Module/Core/Domain/Entity/User.php
@@ -55,7 +55,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     private ?string $username = null;
 
     #[ORM\Column(name: 'is_admin', options: ['default' => false])]
-    #[Groups(['me:read', 'user:list', 'user:write'])]
+    #[Groups(['me:read', 'user:list'])]
     private bool $isAdmin = false;
 
     /**
@@ -70,7 +70,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
      */
     #[ORM\ManyToMany(targetEntity: Role::class, fetch: 'EAGER')]
     #[ORM\JoinTable(name: 'user_role')]
-    #[Groups(['me:read', 'user:list', 'user:write'])]
+    #[Groups(['me:read', 'user:list'])]
     private Collection $roles;
 
     /**
@@ -83,7 +83,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
      */
     #[ORM\ManyToMany(targetEntity: Permission::class, fetch: 'EAGER')]
     #[ORM\JoinTable(name: 'user_permission')]
-    #[Groups(['me:read', 'user:list', 'user:write'])]
+    #[Groups(['me:read', 'user:list'])]
     private Collection $directPermissions;
 
     #[ORM\Column]