From 8986f3cb0eb8b25debb5b872d392365e8232440d Mon Sep 17 00:00:00 2001
From: matthieu <matthieu@yuno.malio.fr>
Date: Wed, 20 May 2026 00:15:49 +0200
Subject: [PATCH] feat(mail) : security.yaml - access_control ^/api/mail
 (IS_AUTHENTICATED_FULLY)

- ajoute la regle ^/api/mail avant ^/api pour expliciter l'authentification requise
- les checks fins ROLE_USER vs ROLE_CLIENT restent dans MailAccessChecker (chaque controller)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 config/packages/security.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index a6fed5a..820b46a 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -64,6 +64,8 @@ security:
         - { path: ^/api/version, roles: PUBLIC_ACCESS, methods: [ GET ] }
         - { path: ^/_mcp, roles: PUBLIC_ACCESS, methods: [ GET ] }
         - { path: ^/_mcp, roles: IS_AUTHENTICATED_FULLY }
+        # Mail : requiert authentification (les checks ROLE_USER/ROLE_CLIENT sont dans MailAccessChecker)
+        - { path: ^/api/mail, roles: IS_AUTHENTICATED_FULLY }
         - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
 
 when@test: