matthieu
de39fe6a3e
Implemente le journal d'audit append-only sur toutes les mutations Doctrine des entites portant #[Auditable]. Couvre les 5 tickets de doc/audit-log.md : 1. Table PG audit_log (uuid PK, jsonb changes, index entity/time/performer) + AuditLogWriter (DBAL connexion dediee audit, blacklist defense-in-depth sur password/plainPassword/token/secret) + RequestIdProvider (UUID v4 par requete HTTP principale). 2. Attributs Auditable / AuditIgnore dans Shared/Domain/Attribute/ + AuditListener (onFlush capture + postFlush ecriture hors transaction ORM, pattern swap-and-clear, erreurs loguees jamais propagees). User annote. 3. API Platform read-only /api/audit-logs (permission core.audit_log.view) avec filtres entity_type / entity_id / action / performed_by / plage performed_at + DbalPaginator implementant PaginatorInterface (hydra:view genere automatiquement). 4. Page admin /admin/audit-log : tableau pagine, filtres persistes en query params, row expandable (diff + timeline de l'entite), entree sidebar avec permission. Composable useAuditLog avec resetAuditLog() auto-enregistre sur onAuthSessionCleared. 5. Composant AuditTimeline reutilisable : garde permission, lazy loading, dates relatives FR, skeleton loader. Fix connexe : phpunit.dist.xml forcait APP_ENV=dev via <env> ce qui cablait framework.test=false et rendait test.service_container indisponible ; le JWT_PASSPHRASE ne matchait pas non plus les cles dev. Corrige en meme temps pour debloquer la suite de tests.
86 lines
2.9 KiB
PHP
86 lines
2.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/*
|
|
* Sidebar configuration.
|
|
*
|
|
* This file defines the sidebar sections displayed in the frontend.
|
|
* Each item references the module that owns it via the `module` key.
|
|
* Items whose module is not active (see config/modules.php) are filtered out.
|
|
* Items may also declare a `permission` key (RBAC permission code) : the item
|
|
* is hidden from users who do not hold that permission.
|
|
*
|
|
* This config is decoupled from the modules themselves: you can freely
|
|
* move an item from one section to another without touching the module code.
|
|
*
|
|
* Label keys are i18n keys resolved by the frontend (see frontend/i18n/locales/).
|
|
*/
|
|
|
|
return [
|
|
[
|
|
'label' => 'sidebar.general.section',
|
|
'icon' => 'mdi:view-dashboard-outline',
|
|
'items' => [
|
|
[
|
|
'label' => 'sidebar.general.dashboard',
|
|
'to' => '/',
|
|
'icon' => 'mdi:view-dashboard-outline',
|
|
'module' => 'core',
|
|
],
|
|
[
|
|
'label' => 'sidebar.general.admin',
|
|
'to' => '/admin',
|
|
'icon' => 'mdi:cog-outline',
|
|
'module' => 'core',
|
|
],
|
|
[
|
|
'label' => 'sidebar.core.roles',
|
|
'to' => '/admin/roles',
|
|
'icon' => 'mdi:shield-account-outline',
|
|
'module' => 'core',
|
|
'permission' => 'core.roles.view',
|
|
],
|
|
[
|
|
'label' => 'sidebar.core.users',
|
|
'to' => '/admin/users',
|
|
'icon' => 'mdi:account-group-outline',
|
|
'module' => 'core',
|
|
'permission' => 'core.users.view',
|
|
],
|
|
[
|
|
'label' => 'sidebar.core.sites',
|
|
'to' => '/admin/sites',
|
|
'icon' => 'mdi:domain',
|
|
'module' => 'sites',
|
|
'permission' => 'sites.view',
|
|
],
|
|
[
|
|
'label' => 'sidebar.core.audit_log',
|
|
'to' => '/admin/audit-log',
|
|
'icon' => 'mdi:clipboard-text-clock',
|
|
'module' => 'core',
|
|
'permission' => 'core.audit_log.view',
|
|
],
|
|
[
|
|
'label' => 'sidebar.general.logout',
|
|
'to' => '/logout',
|
|
'icon' => 'mdi:logout',
|
|
'module' => 'core',
|
|
],
|
|
],
|
|
],
|
|
[
|
|
'label' => 'sidebar.commercial.section',
|
|
'icon' => 'mdi:account-arrow-left-outline',
|
|
'items' => [
|
|
[
|
|
'label' => 'sidebar.commercial.suppliers',
|
|
'to' => '/suppliers',
|
|
'icon' => 'mdi:account-arrow-left-outline',
|
|
'module' => 'commercial',
|
|
],
|
|
],
|
|
],
|
|
];
|