MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 32 Wiki Activity

feat(mail) : migrate Mail integration into module (back)

Browse Source 
LST-67 (2.5) backend. Behaviour-preserving move of the IMAP mail integration
into src/Module/Mail/. All /api/mail/* routes, securities (ROLE_CLIENT still
excluded via MailAccessChecker) and the async sync are unchanged.

- 4 entities + 4 repositories (Domain interfaces + Doctrine impls, bound).
  TaskMailLink.task now references TaskInterface (contract) instead of the
  concrete PM Task. Link/unlink/list-mails controllers load tasks via
  TaskRepositoryInterface; MailCreateTaskController keeps the concrete Task
  (instantiation) — documented Mail->PM coupling.
- Domain (MailProviderInterface, exception), Application (5 DTOs, MailSyncService,
  MailSyncRequested message + handler), Infrastructure (ImapMailProvider +
  MimeHeaderDecoder, MailAccessChecker, 2 console commands, 12 controllers,
  ApiPlatform state + MailSettings resource). TokenEncryptor stays shared.
- doctrine mapping Mail; messenger routing repointed; services.yaml repo +
  provider bindings; MailModule registered (id mail, mail.access/configure).
- #[Auditable] + Timestampable on MailConfiguration only (additive migration);
  IMAP data entities keep their own sync timestamps.

163 tests green, mapping valid, no route regression, cs-fixer clean.
This commit is contained in:
Matthieu
2026-06-20 19:44:19 +02:00
parent 57ccd9a740
commit 25d3a693f9
55 changed files with 453 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Security/MailAccessChecker.php
-48
View File
@@ -1,48 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Security;
use App\Shared\Domain\Contract\UserInterface as SharedUserInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\User\UserInterface;
final readonly class MailAccessChecker
{
public function __construct(
private AuthorizationCheckerInterface $authorizationChecker,
) {}
/**
* Verifie que l'utilisateur courant peut acceder aux endpoints mail.
* Autorise : ROLE_USER, ROLE_ADMIN.
*
* @throws AccessDeniedException
*/
public function ensureCanAccessMail(?UserInterface $user): void
{
if (!$user instanceof SharedUserInterface) {
throw new AccessDeniedException('Authentication required');
}
$roles = $user->getRoles();
if (!in_array('ROLE_USER', $roles, true) && !in_array('ROLE_ADMIN', $roles, true)) {
throw new AccessDeniedException('ROLE_USER required');
}
}
/**
* Verifie que l'utilisateur est ROLE_ADMIN.
*
* @throws AccessDeniedException
*/
public function ensureIsAdmin(?UserInterface $user): void
{
if (!$user instanceof SharedUserInterface || !$this->authorizationChecker->isGranted('ROLE_ADMIN')) {
throw new AccessDeniedException('Admin only');
}
}
}