a3e440c254
Backend: - Add role hierarchy (ADMIN > GESTIONNAIRE > VIEWER > USER) in security.yaml - Add password authentication on profile activation (SessionProfileController) - Add SessionProfileAuthenticator with stateless API firewall - Add ProfilePasswordHasher state processor for API Platform - Add security annotations on all 18 API Platform entities - Add denyAccessUnlessGranted on all 13 custom controllers - Add AdminProfileController for profile/role management (/api/admin/profiles) - Add InitProfilePasswordsCommand for initial admin setup - Simplify SessionProfilesController to list-only (removed create/delete) Frontend (submodule update): - Add usePermissions composable (isAdmin, canEdit, canView, isGranted) - Add password login modal on profiles page - Add admin backoffice page for profile management - Disable all form fields for ROLE_VIEWER across all edit/create pages - Show navigation buttons for all roles, hide destructive actions for viewers - Add readonly mode to ModelTypeForm and site/constructeur modals - Guard /admin routes in middleware - Configure Vite proxy for API requests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
83 lines
2.7 KiB
PHP
83 lines
2.7 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Controller;
|
|
|
|
use App\Repository\AuditLogRepository;
|
|
use App\Repository\PieceRepository;
|
|
use App\Repository\ProfileRepository;
|
|
use DateTimeInterface;
|
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
|
use Symfony\Component\HttpFoundation\JsonResponse;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\Routing\Attribute\Route;
|
|
|
|
final class PieceHistoryController extends AbstractController
|
|
{
|
|
public function __construct(
|
|
private readonly PieceRepository $pieces,
|
|
private readonly AuditLogRepository $auditLogs,
|
|
private readonly ProfileRepository $profiles,
|
|
) {}
|
|
|
|
#[Route('/api/pieces/{id}/history', name: 'api_piece_history', methods: ['GET'])]
|
|
public function __invoke(string $id): JsonResponse
|
|
{
|
|
$this->denyAccessUnlessGranted('ROLE_VIEWER');
|
|
|
|
$piece = $this->pieces->find($id);
|
|
if (!$piece) {
|
|
return new JsonResponse(
|
|
['message' => 'Pièce introuvable.'],
|
|
Response::HTTP_NOT_FOUND,
|
|
);
|
|
}
|
|
|
|
$logs = $this->auditLogs->findEntityHistory('piece', $id, 200);
|
|
|
|
$actorIds = array_values(array_unique(array_filter(array_map(
|
|
static fn ($log) => $log->getActorProfileId(),
|
|
$logs,
|
|
))));
|
|
|
|
$actorMap = [];
|
|
if ([] !== $actorIds) {
|
|
$profiles = $this->profiles->findBy(['id' => $actorIds]);
|
|
foreach ($profiles as $profile) {
|
|
$label = trim(sprintf('%s %s', $profile->getFirstName(), $profile->getLastName()));
|
|
if ('' === $label) {
|
|
$label = $profile->getEmail() ?? $profile->getId();
|
|
}
|
|
$actorMap[$profile->getId()] = $label;
|
|
}
|
|
}
|
|
|
|
$items = array_map(
|
|
static function ($log) use ($actorMap) {
|
|
$actorId = $log->getActorProfileId();
|
|
|
|
return [
|
|
'id' => $log->getId(),
|
|
'action' => $log->getAction(),
|
|
'createdAt' => $log->getCreatedAt()->format(DateTimeInterface::ATOM),
|
|
'actor' => $actorId
|
|
? [
|
|
'id' => $actorId,
|
|
'label' => $actorMap[$actorId] ?? $actorId,
|
|
]
|
|
: null,
|
|
'diff' => $log->getDiff(),
|
|
'snapshot' => $log->getSnapshot(),
|
|
];
|
|
},
|
|
$logs,
|
|
);
|
|
|
|
return new JsonResponse([
|
|
'items' => array_values($items),
|
|
'total' => count($items),
|
|
]);
|
|
}
|
|
}
|