From 4a1d611d3c574997416db2ea10c609a8100b5883 Mon Sep 17 00:00:00 2001
From: Matthieu <contact@malio.fr>
Date: Mon, 29 Jun 2026 11:19:12 +0200
Subject: [PATCH] =?UTF-8?q?fix(rbac)=20:=20ouvre=20la=20liste=20des=20repo?=
 =?UTF-8?q?s=20Gitea=20et=20des=20=C3=A9tag=C3=A8res=20BookStack=20aux=20R?=
 =?UTF-8?q?OLE=5FUSER?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

GiteaRepository (/gitea/repositories) et BookStackShelf (/bookstack/shelves)
étaient gardés par ROLE_ADMIN alors que toutes leurs ressources sœurs (branches,
pull requests, recherche, liens) sont en ROLE_USER. Un utilisateur non-admin
pouvait donc consommer les sous-ressources mais récupérait un 403 en listant les
dépôts / étagères racines. Aligné sur ROLE_USER (les *Settings et *TestConnection
restent ROLE_ADMIN : configuration réservée à l'admin).
---
 .../Infrastructure/ApiPlatform/Resource/BookStackShelf.php      | 2 +-
 .../Infrastructure/ApiPlatform/Resource/GiteaRepository.php     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Module/Integration/Infrastructure/ApiPlatform/Resource/BookStackShelf.php b/src/Module/Integration/Infrastructure/ApiPlatform/Resource/BookStackShelf.php
index b7a2c0c..ec55760 100644
--- a/src/Module/Integration/Infrastructure/ApiPlatform/Resource/BookStackShelf.php
+++ b/src/Module/Integration/Infrastructure/ApiPlatform/Resource/BookStackShelf.php
@@ -15,7 +15,7 @@ use Symfony\Component\Serializer\Attribute\Groups;
             uriTemplate: '/bookstack/shelves',
             normalizationContext: ['groups' => ['bookstack_shelf:read']],
             provider: BookStackShelfProvider::class,
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('ROLE_USER')",
         ),
     ],
 )]
diff --git a/src/Module/Integration/Infrastructure/ApiPlatform/Resource/GiteaRepository.php b/src/Module/Integration/Infrastructure/ApiPlatform/Resource/GiteaRepository.php
index 2ea8636..6ed68d6 100644
--- a/src/Module/Integration/Infrastructure/ApiPlatform/Resource/GiteaRepository.php
+++ b/src/Module/Integration/Infrastructure/ApiPlatform/Resource/GiteaRepository.php
@@ -15,7 +15,7 @@ use Symfony\Component\Serializer\Attribute\Groups;
             uriTemplate: '/gitea/repositories',
             normalizationContext: ['groups' => ['gitea_repo:read']],
             provider: GiteaRepositoryProvider::class,
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('ROLE_USER')",
         ),
     ],
 )]