From b05c10097fcc41c7794f3f961202c8b54088720d Mon Sep 17 00:00:00 2001 From: Matthieu Date: Wed, 15 Apr 2026 16:02:57 +0200 Subject: [PATCH] refactor(core) : RBAC #345 - replace ROLE_ADMIN placeholders with RBAC codes --- src/Module/Core/Domain/Entity/Permission.php | 6 ++---- src/Module/Core/Domain/Entity/Role.php | 15 +++++---------- src/Module/Core/Domain/Entity/User.php | 14 +++++++------- 3 files changed, 14 insertions(+), 21 deletions(-) diff --git a/src/Module/Core/Domain/Entity/Permission.php b/src/Module/Core/Domain/Entity/Permission.php index 83a3b06..7ef7278 100644 --- a/src/Module/Core/Domain/Entity/Permission.php +++ b/src/Module/Core/Domain/Entity/Permission.php @@ -19,13 +19,11 @@ use Symfony\Component\Serializer\Attribute\Groups; operations: [ new GetCollection( normalizationContext: ['groups' => ['permission:read']], - // TODO ticket #345 : remplacer par is_granted('core.permissions.view') - security: "is_granted('ROLE_ADMIN')", + security: "is_granted('core.permissions.view')", ), new Get( normalizationContext: ['groups' => ['permission:read']], - // TODO ticket #345 : remplacer par is_granted('core.permissions.view') - security: "is_granted('ROLE_ADMIN')", + security: "is_granted('core.permissions.view')", ), ], )] diff --git a/src/Module/Core/Domain/Entity/Role.php b/src/Module/Core/Domain/Entity/Role.php index ae98b38..1f84615 100644 --- a/src/Module/Core/Domain/Entity/Role.php +++ b/src/Module/Core/Domain/Entity/Role.php @@ -35,31 +35,26 @@ use Symfony\Component\Validator\Constraints as Assert; operations: [ new GetCollection( normalizationContext: ['groups' => ['role:read']], - // TODO ticket #345 : remplacer par is_granted('core.roles.manage') - security: "is_granted('ROLE_ADMIN')", + security: "is_granted('core.roles.view')", ), new Get( normalizationContext: ['groups' => ['role:read']], - // TODO ticket #345 : remplacer par is_granted('core.roles.manage') - security: "is_granted('ROLE_ADMIN')", + security: "is_granted('core.roles.view')", ), new Post( normalizationContext: ['groups' => ['role:read']], denormalizationContext: ['groups' => ['role:write']], - // TODO ticket #345 : remplacer par is_granted('core.roles.manage') - security: "is_granted('ROLE_ADMIN')", + security: "is_granted('core.roles.manage')", processor: RoleProcessor::class, ), new Patch( normalizationContext: ['groups' => ['role:read']], denormalizationContext: ['groups' => ['role:write']], - // TODO ticket #345 : remplacer par is_granted('core.roles.manage') - security: "is_granted('ROLE_ADMIN')", + security: "is_granted('core.roles.manage')", processor: RoleProcessor::class, ), new Delete( - // TODO ticket #345 : remplacer par is_granted('core.roles.manage') - security: "is_granted('ROLE_ADMIN')", + security: "is_granted('core.roles.manage')", processor: RoleProcessor::class, ), ], diff --git a/src/Module/Core/Domain/Entity/User.php b/src/Module/Core/Domain/Entity/User.php index 96f52a0..89cb073 100644 --- a/src/Module/Core/Domain/Entity/User.php +++ b/src/Module/Core/Domain/Entity/User.php @@ -11,6 +11,7 @@ use ApiPlatform\Metadata\GetCollection; use ApiPlatform\Metadata\Patch; use ApiPlatform\Metadata\Post; use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserPasswordHasherProcessor; +use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserProcessor; use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserRbacProcessor; use App\Module\Core\Infrastructure\ApiPlatform\State\Provider\MeProvider; use App\Module\Core\Infrastructure\Doctrine\DoctrineUserRepository; @@ -31,25 +32,24 @@ use Symfony\Component\Serializer\Attribute\SerializedName; normalizationContext: ['groups' => ['me:read']], ), new Get( - security: "is_granted('ROLE_ADMIN')", // TODO ticket #345 : remplacer par is_granted('core.users.view') + security: "is_granted('core.users.view')", normalizationContext: ['groups' => ['user:list']], ), new GetCollection( - security: "is_granted('ROLE_ADMIN')", // TODO ticket #345 : remplacer par is_granted('core.users.view') + security: "is_granted('core.users.view')", normalizationContext: ['groups' => ['user:list']], ), - new Post(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class), - new Patch(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class), + new Post(security: "is_granted('core.users.manage')", processor: UserPasswordHasherProcessor::class), + new Patch(security: "is_granted('core.users.manage')", processor: UserPasswordHasherProcessor::class), new Patch( name: 'user_rbac_patch', uriTemplate: '/users/{id}/rbac', - // TODO ticket #345 : remplacer par is_granted('core.users.manage') - security: "is_granted('ROLE_ADMIN')", + security: "is_granted('core.users.manage')", normalizationContext: ['groups' => ['user:rbac:read']], denormalizationContext: ['groups' => ['user:rbac:write']], processor: UserRbacProcessor::class, ), - new Delete(security: "is_granted('ROLE_ADMIN')"), + new Delete(security: "is_granted('core.users.manage')", processor: UserProcessor::class), ], denormalizationContext: ['groups' => ['user:write']], )]