From edc441f363d6c254f4552eedc472384703154bb0 Mon Sep 17 00:00:00 2001
From: matthieu <matthieu@yuno.malio.fr>
Date: Sun, 15 Mar 2026 19:20:46 +0100
Subject: [PATCH] fix(security) : exclude ROLE_USER for ROLE_CLIENT users

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/Entity/User.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/Entity/User.php b/src/Entity/User.php
index 2798069..5080d65 100644
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -95,8 +95,11 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     /** @return list<string> */
     public function getRoles(): array
     {
-        $roles   = $this->roles;
-        $roles[] = 'ROLE_USER';
+        $roles = $this->roles;
+
+        if (!in_array('ROLE_CLIENT', $roles, true)) {
+            $roles[] = 'ROLE_USER';
+        }
 
         return array_values(array_unique($roles));
     }