refactor(core) : RBAC #345 - replace ROLE_ADMIN placeholders with RBAC codes

src/Module/Core/Domain/Entity/Permission.php

@@ -19,13 +19,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
     operations: [
         new GetCollection(
             normalizationContext: ['groups' => ['permission:read']],
-            // TODO ticket #345 : remplacer par is_granted('core.permissions.view')
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('core.permissions.view')",
         ),
         new Get(
             normalizationContext: ['groups' => ['permission:read']],
-            // TODO ticket #345 : remplacer par is_granted('core.permissions.view')
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('core.permissions.view')",
         ),
     ],
 )]

src/Module/Core/Domain/Entity/Role.php

@@ -35,31 +35,26 @@ use Symfony\Component\Validator\Constraints as Assert;
     operations: [
         new GetCollection(
             normalizationContext: ['groups' => ['role:read']],
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('core.roles.view')",
         ),
         new Get(
             normalizationContext: ['groups' => ['role:read']],
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('core.roles.view')",
         ),
         new Post(
             normalizationContext: ['groups' => ['role:read']],
             denormalizationContext: ['groups' => ['role:write']],
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('core.roles.manage')",
             processor: RoleProcessor::class,
         ),
         new Patch(
             normalizationContext: ['groups' => ['role:read']],
             denormalizationContext: ['groups' => ['role:write']],
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('core.roles.manage')",
             processor: RoleProcessor::class,
         ),
         new Delete(
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('core.roles.manage')",
             processor: RoleProcessor::class,
         ),
     ],

src/Module/Core/Domain/Entity/User.php

@@ -11,6 +11,7 @@ use ApiPlatform\Metadata\GetCollection;
 use ApiPlatform\Metadata\Patch;
 use ApiPlatform\Metadata\Post;
 use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserPasswordHasherProcessor;
+use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserProcessor;
 use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserRbacProcessor;
 use App\Module\Core\Infrastructure\ApiPlatform\State\Provider\MeProvider;
 use App\Module\Core\Infrastructure\Doctrine\DoctrineUserRepository;
@@ -31,25 +32,24 @@ use Symfony\Component\Serializer\Attribute\SerializedName;
             normalizationContext: ['groups' => ['me:read']],
         ),
         new Get(
-            security: "is_granted('ROLE_ADMIN')",  // TODO ticket #345 : remplacer par is_granted('core.users.view')
+            security: "is_granted('core.users.view')",
             normalizationContext: ['groups' => ['user:list']],
         ),
         new GetCollection(
-            security: "is_granted('ROLE_ADMIN')",  // TODO ticket #345 : remplacer par is_granted('core.users.view')
+            security: "is_granted('core.users.view')",
             normalizationContext: ['groups' => ['user:list']],
         ),
-        new Post(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class),
-        new Patch(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class),
+        new Post(security: "is_granted('core.users.manage')", processor: UserPasswordHasherProcessor::class),
+        new Patch(security: "is_granted('core.users.manage')", processor: UserPasswordHasherProcessor::class),
         new Patch(
             name: 'user_rbac_patch',
             uriTemplate: '/users/{id}/rbac',
-            // TODO ticket #345 : remplacer par is_granted('core.users.manage')
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('core.users.manage')",
             normalizationContext: ['groups' => ['user:rbac:read']],
             denormalizationContext: ['groups' => ['user:rbac:write']],
             processor: UserRbacProcessor::class,
         ),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('core.users.manage')", processor: UserProcessor::class),
     ],
     denormalizationContext: ['groups' => ['user:write']],
 )]