[#FER-12] Ajouter un blocage des utilisateurs (!41)

| Numéro du ticket | Titre du ticket |
|------------------|-----------------|
|                  |                 |

## Description de la PR

## Modification du .env

## Check list

- [ ] Pas de régression
- [ ] TU/TI/TF rédigée
- [ ] TU/TI/TF OK
- [ ] CHANGELOG modifié

Reviewed-on: #41
Co-authored-by: tristan <tristan@yuno.malio.fr>
Co-committed-by: tristan <tristan@yuno.malio.fr>

src/Entity/User.php

@@ -9,12 +9,14 @@ use ApiPlatform\Metadata\Get;
 use ApiPlatform\Metadata\GetCollection;
 use ApiPlatform\Metadata\Patch;
 use ApiPlatform\Metadata\Post;
+use App\State\ActiveUsersProvider;
 use App\State\MeProvider;
 use App\State\UserPasswordProcessor;
 use Doctrine\ORM\Mapping as ORM;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Serializer\Attribute\Groups;
+use Symfony\Component\Serializer\Attribute\SerializedName;
 
 #[ORM\Entity]
 #[ORM\Table(name: 'user', schema: 'public')]
@@ -45,7 +47,8 @@ use Symfony\Component\Serializer\Attribute\Groups;
         ),
         new GetCollection(
             normalizationContext: ['groups' => ['user-login:read']],
-            security: "is_granted('PUBLIC_ACCESS')"
+            security: "is_granted('PUBLIC_ACCESS')",
+            provider: ActiveUsersProvider::class
         ),
         new GetCollection(
             uriTemplate: '/admin/users',
@@ -76,6 +79,11 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     #[Groups(['user:write'])]
     private string $password = '';
 
+    #[ORM\Column(type: 'boolean', options: ['default' => false])]
+    #[Groups(['user:read', 'user:write'])]
+    #[SerializedName('isLocked')]
+    private bool $isLocked = false;
+
     public function getId(): ?int
     {
         return $this->id;
@@ -125,6 +133,18 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
         return $this;
     }
 
+    public function getIsLocked(): bool
+    {
+        return $this->isLocked;
+    }
+
+    public function setIsLocked(bool $isLocked): self
+    {
+        $this->isLocked = $isLocked;
+
+        return $this;
+    }
+
     public function eraseCredentials(): void
     {
         // No-op: we don't store temporary sensitive data on the entity.

src/Security/UserChecker.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security;
+
+use App\Entity\User;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAccountStatusException;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+final class UserChecker implements UserCheckerInterface
+{
+    public function checkPreAuth(UserInterface $user): void
+    {
+        if (!$user instanceof User) {
+            return;
+        }
+
+        if ($user->getIsLocked()) {
+            throw new CustomUserMessageAccountStatusException('Ce compte est verrouillé.');
+        }
+    }
+
+    public function checkPostAuth(UserInterface $user, ?TokenInterface $token = null): void {}
+}

src/State/ActiveUsersProvider.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\State;
+
+use ApiPlatform\Metadata\Operation;
+use ApiPlatform\State\ProviderInterface;
+use App\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+
+final readonly class ActiveUsersProvider implements ProviderInterface
+{
+    public function __construct(private EntityManagerInterface $em) {}
+
+    public function provide(Operation $operation, array $uriVariables = [], array $context = []): array
+    {
+        return $this->em->getRepository(User::class)->findBy(['isLocked' => false]);
+    }
+}