feat(core) : expose role and user-rbac api endpoints with processors

src/Module/Core/Domain/Entity/Permission.php

@@ -10,7 +10,7 @@ use ApiPlatform\Metadata\GetCollection;
 use App\Module\Core\Infrastructure\Doctrine\DoctrinePermissionRepository;
 use Doctrine\ORM\Mapping as ORM;
 use InvalidArgumentException;
-use Symfony\Component\Serializer\Annotation\Groups;
+use Symfony\Component\Serializer\Attribute\Groups;
 
 #[ORM\Entity(repositoryClass: DoctrinePermissionRepository::class)]
 #[ORM\Table(name: 'permission')]

src/Module/Core/Domain/Entity/Role.php

@@ -17,7 +17,8 @@ use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\Common\Collections\Collection;
 use Doctrine\ORM\Mapping as ORM;
 use InvalidArgumentException;
-use Symfony\Component\Serializer\Annotation\Groups;
+use Symfony\Component\Serializer\Attribute\Groups;
+use Symfony\Component\Serializer\Attribute\SerializedName;
 
 #[ORM\Entity(repositoryClass: DoctrineRoleRepository::class)]
 #[ORM\Table(name: '`role`')]
@@ -54,7 +55,6 @@ class Role
     private ?string $description;
 
     #[ORM\Column(name: 'is_system', options: ['comment' => 'True for built-in roles that cannot be deleted'])]
-    #[Groups(['role:read'])]
     private bool $isSystem;
 
     /**
@@ -111,6 +111,10 @@ class Role
         $this->description = $description;
     }
 
+    // PropertyInfo strips the `is` prefix and would expose this field as `system`.
+    // An explicit SerializedName guarantees the `isSystem` key expected by API clients.
+    #[Groups(['role:read'])]
+    #[SerializedName('isSystem')]
     public function isSystem(): bool
     {
         return $this->isSystem;

src/Module/Core/Domain/Entity/User.php

@@ -13,6 +13,7 @@ use ApiPlatform\Metadata\Patch;
 use ApiPlatform\Metadata\Post;
 use App\Enum\ContractType;
 use App\Module\Core\Infrastructure\ApiPlatform\State\MeProvider;
+use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserRbacProcessor;
 use App\Module\Core\Infrastructure\ApiPlatform\State\UserPasswordHasherProcessor;
 use App\Module\Core\Infrastructure\Doctrine\DoctrineUserRepository;
 use App\Shared\Domain\Contract\UserInterface as SharedUserInterface;
@@ -42,6 +43,18 @@ use Symfony\Component\Serializer\Attribute\Groups;
         new Post(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class),
         new Patch(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class),
         new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Get(
+            uriTemplate: '/users/{id}/rbac',
+            security: "is_granted('core.users.manage')",
+            normalizationContext: ['groups' => ['user:rbac:read']],
+        ),
+        new Patch(
+            uriTemplate: '/users/{id}/rbac',
+            security: "is_granted('core.users.manage')",
+            normalizationContext: ['groups' => ['user:rbac:read']],
+            denormalizationContext: ['groups' => ['user:rbac:write']],
+            processor: UserRbacProcessor::class,
+        ),
     ],
     denormalizationContext: ['groups' => ['user:write']],
 )]
@@ -142,7 +155,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface, SharedU
      */
     #[ORM\ManyToMany(targetEntity: Role::class, fetch: 'EAGER')]
     #[ORM\JoinTable(name: 'user_role')]
-    #[Groups(['user:rbac:read'])]
+    #[Groups(['user:rbac:read', 'user:rbac:write'])]
     private Collection $rbacRoles;
 
     /**
@@ -150,7 +163,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface, SharedU
      */
     #[ORM\ManyToMany(targetEntity: Permission::class, fetch: 'EAGER')]
     #[ORM\JoinTable(name: 'user_permission')]
-    #[Groups(['user:rbac:read'])]
+    #[Groups(['user:rbac:read', 'user:rbac:write'])]
     private Collection $directPermissions;
 
     public function __construct()