refactor(core) : RBAC - rendre le catalogue permissions accessible a tout user authentifie

La permission core.permissions.view est supprimee du CoreModule. Le endpoint GET /api/permissions est desormais protege par ROLE_USER au lieu d'une permission RBAC specifique, car c'est un catalogue de metadonnees necessaire aux drawers de gestion des roles et users. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 16:27:32 +02:00
parent 6395f4cced
commit 60e424393c
3 changed files with 6 additions and 42 deletions
--- a/src/Module/Core/CoreModule.php
+++ b/src/Module/Core/CoreModule.php
@@ -34,7 +34,6 @@ final class CoreModule
            ['code' => 'core.users.manage', 'label' => 'Gerer les utilisateurs (creer, editer, supprimer)'],
            ['code' => 'core.roles.view', 'label' => 'Voir les roles RBAC'],
            ['code' => 'core.roles.manage', 'label' => 'Gerer les roles et permissions'],
-            ['code' => 'core.permissions.view', 'label' => 'Voir le catalogue des permissions'],
        ];
    }
 }
--- a/src/Module/Core/Domain/Entity/Permission.php
+++ b/src/Module/Core/Domain/Entity/Permission.php
@@ -19,11 +19,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
    operations: [
        new GetCollection(
            normalizationContext: ['groups' => ['permission:read']],
-            security: "is_granted('core.permissions.view')",
+            security: "is_granted('ROLE_USER')",
        ),
        new Get(
            normalizationContext: ['groups' => ['permission:read']],
-            security: "is_granted('core.permissions.view')",
+            security: "is_granted('ROLE_USER')",
        ),
    ],
 )]