fix(security) : exclude ROLE_USER for ROLE_CLIENT users

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 19:20:46 +01:00
parent f4eec2e6e9
commit edc441f363
1 changed files with 5 additions and 2 deletions
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -95,8 +95,11 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
    /** @return list<string> */
    public function getRoles(): array
    {
-        $roles   = $this->roles;
+        $roles = $this->roles;
-        $roles[] = 'ROLE_USER';
+
        if (!in_array('ROLE_CLIENT', $roles, true)) {
            $roles[] = 'ROLE_USER';
        }
        return array_values(array_unique($roles));
    }