MALIO-DEV/Coltura
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(core) : retire user:write des champs RBAC sensibles du User

Browse Source 
isAdmin, roles et directPermissions ne doivent pas etre modifiables via
PATCH /api/users/{id}. L exposition en ecriture sera traitee par un
processor dedie dans le ticket #344 (spec section 2 OUT).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matthieu
2026-04-15 08:15:43 +02:00
parent d8bda517f9
commit 0fc4e1651b
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Module/Core/Domain/Entity/User.php
View File

@@ -55,7 +55,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
private ?string $username = null; private ?string $username = null;
#[ORM\Column(name: 'is_admin', options: ['default' => false])] #[ORM\Column(name: 'is_admin', options: ['default' => false])]
#[Groups(['me:read', 'user:list', 'user:write'])] #[Groups(['me:read', 'user:list'])]
private bool $isAdmin = false; private bool $isAdmin = false;
/** /**
@@ -70,7 +70,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
*/ */
#[ORM\ManyToMany(targetEntity: Role::class, fetch: 'EAGER')] #[ORM\ManyToMany(targetEntity: Role::class, fetch: 'EAGER')]
#[ORM\JoinTable(name: 'user_role')] #[ORM\JoinTable(name: 'user_role')]
#[Groups(['me:read', 'user:list', 'user:write'])] #[Groups(['me:read', 'user:list'])]
private Collection $roles; private Collection $roles;
/** /**
@@ -83,7 +83,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
*/ */
#[ORM\ManyToMany(targetEntity: Permission::class, fetch: 'EAGER')] #[ORM\ManyToMany(targetEntity: Permission::class, fetch: 'EAGER')]
#[ORM\JoinTable(name: 'user_permission')] #[ORM\JoinTable(name: 'user_permission')]
#[Groups(['me:read', 'user:list', 'user:write'])] #[Groups(['me:read', 'user:list'])]
private Collection $directPermissions; private Collection $directPermissions;
#[ORM\Column] #[ORM\Column]