chore: bump version to v0.4.35

Merge pull request 'Directory : onglet Informations éditable + refonte de l'onglet Rapport' (#21 ) from feat/directory-info-tab into develop
Reviewed-on: #21
2026-06-24 08:13:40 +00:00 · 2026-06-24 08:13:32 +00:00 · 2026-06-24 08:10:10 +00:00 · 2026-06-24 10:06:25 +02:00 · 2026-06-24 09:34:58 +02:00 · 2026-06-24 09:07:13 +02:00
43 changed files with 1324 additions and 422 deletions
@@ -126,6 +126,12 @@ La librairie `@malio/layer-ui` fournit les composants de formulaire et d'action.
 - Config Docker : `infra/dev/.env.docker` (override local : `infra/dev/.env.docker.local`)
 - Après modif nginx : `docker restart nginx-lesstime`
 ## Déploiement (prod Docker)
 - Script : `infra/prod/deploy.sh` (`./deploy.sh [tag]`) — doc complète : `doc/deployment-docker.md`
 - Étapes : maintenance → pull image → up → migrations → **`app:seed-rbac`** → **`app:sync-permissions`** → cache clear/warmup
 - **RBAC** : les migrations créent les tables `role`/`permission` mais **n'insèrent aucune donnée**. Les rôles système (`admin`, `user`) viennent de `app:seed-rbac` (idempotent) et le catalogue des permissions de `app:sync-permissions` (à relancer à chaque ajout de permission). Symptôme si oubliées : page admin Rôles vide (« Aucun rôle trouvé »).
 ## Fixtures
 - User admin : `admin` / `admin` (ROLE_ADMIN)
@@ -23,9 +23,9 @@ return [
        'icon'  => 'mdi:view-dashboard-outline',
        'items' => [
            ['label' => 'sidebar.general.dashboard', 'to' => '/', 'icon' => 'mdi:view-dashboard-outline'],
-            ['label' => 'sidebar.general.myTasks', 'to' => '/my-tasks', 'icon' => 'mdi:clipboard-check-outline', 'module' => 'project-management'],
+            ['label' => 'sidebar.general.myTasks', 'to' => '/my-tasks', 'icon' => 'mdi:clipboard-check-outline', 'module' => 'project-management', 'permission' => 'project-management.tasks.view'],
-            ['label' => 'sidebar.general.projects', 'to' => '/projects', 'icon' => 'mdi:folder-outline', 'module' => 'project-management'],
+            ['label' => 'sidebar.general.projects', 'to' => '/projects', 'icon' => 'mdi:folder-outline', 'module' => 'project-management', 'permission' => 'project-management.projects.view'],
-            ['label' => 'sidebar.general.timeTracking', 'to' => '/time-tracking', 'icon' => 'mdi:calendar-edit-outline', 'module' => 'time-tracking'],
+            ['label' => 'sidebar.general.timeTracking', 'to' => '/time-tracking', 'icon' => 'mdi:calendar-edit-outline', 'module' => 'time-tracking', 'permission' => 'time-tracking.entries.view'],
            // Gating module uniquement (cf. en-tête) : rendu visuel + badge gérés côté layout.
            ['label' => 'sidebar.general.mail', 'to' => '/mail', 'icon' => 'mdi:email-outline', 'module' => 'mail'],
        ],
@@ -1,2 +1,2 @@
 parameters:
-    app.version: '0.4.30'
+    app.version: '0.4.35'
@@ -128,6 +128,12 @@ sudo docker compose cp app:/var/www/html/public/maintenance.html public/maintena
 echo "==> Running migrations..."
 sudo docker compose exec -T -u www-data app php bin/console doctrine:migrations:migrate --no-interaction
 echo "==> Seeding RBAC system roles (idempotent)..."
 sudo docker compose exec -T -u www-data app php bin/console app:seed-rbac
 echo "==> Syncing RBAC permissions catalog..."
 sudo docker compose exec -T -u www-data app php bin/console app:sync-permissions
 echo "==> Clearing cache..."
 sudo docker compose exec -T -u www-data app php bin/console cache:clear --env=prod
 sudo docker compose exec -T -u www-data app php bin/console cache:warmup --env=prod
@@ -294,7 +300,31 @@ cd /var/www/lesstime
 ./deploy.sh v0.3.13   # deploie une version specifique
 ```
-C'est tout. Le script pull l'image, redemarre le conteneur, lance les migrations et vide le cache.
+C'est tout. Le script pull l'image, redemarre le conteneur, lance les migrations, seed les roles
 systeme RBAC, synchronise le catalogue des permissions et vide le cache.
 ---
 ## RBAC : roles & permissions (post-deploiement)
 Le module RBAC (entites `Role` / `Permission`) repose sur des donnees qui ne sont **pas**
 inserees par les migrations (celles-ci creent uniquement les tables). Deux commandes idempotentes
 les peuplent, integrees au `deploy.sh` :
 | Commande | Effet |
 |----------|-------|
 | `app:seed-rbac` | Cree les **roles systeme** `admin` (Administrateur) et `user` (Utilisateur). Idempotent : ne recree rien si deja present. |
 | `app:sync-permissions` | (Re)synchronise le **catalogue des permissions** a partir des modules actifs. A relancer a chaque ajout de permission dans le code. |
 Symptome si elles n'ont pas tourne : la page d'admin **Roles** affiche « Aucun role trouve ».
 Correctif manuel sur une prod deja deployee (sans relancer un deploiement complet) :
 ```bash
 cd /var/www/lesstime
 sudo docker compose exec -T -u www-data app php bin/console app:seed-rbac
 sudo docker compose exec -T -u www-data app php bin/console app:sync-permissions
 ```
 ---
@@ -0,0 +1,61 @@
 <template>
    <Teleport v-if="modelValue" to="body">
        <Transition name="modal" appear>
            <div class="fixed inset-0 z-[70] flex items-center justify-center">
                <div class="absolute inset-0 bg-black/30" @click.stop="cancel" />
                <div class="relative z-10 w-full max-w-md rounded-lg bg-white p-6 shadow-xl">
                    <h3 class="text-lg font-bold text-neutral-900">{{ $t('directory.reports.confirmDeleteTitle') }}</h3>
                    <p class="mt-3 text-sm text-neutral-600">
                        {{ $t('directory.reports.confirmDeleteMessage') }}
                    </p>
                    <div class="mt-6 flex justify-end gap-3">
                        <MalioButton
                            variant="tertiary"
                            :label="$t('common.cancel')"
                            button-class="w-auto px-4"
                            :disabled="busy"
                            @click="cancel"
                        />
                        <MalioButton
                            variant="danger"
                            :label="$t('common.delete')"
                            button-class="w-auto px-4"
                            :disabled="busy"
                            @click="$emit('confirm')"
                        />
                    </div>
                </div>
            </div>
        </Transition>
    </Teleport>
 </template>
 <script setup lang="ts">
 const props = defineProps<{
    modelValue: boolean
    // Suppression en cours : on désactive les actions pour éviter un double envoi.
    busy?: boolean
 }>()
 const emit = defineEmits<{
    (e: 'update:modelValue', value: boolean): void
    (e: 'confirm'): void
 }>()
 function cancel() {
    if (props.busy) return
    emit('update:modelValue', false)
 }
 </script>
 <style scoped>
 .modal-enter-active,
 .modal-leave-active {
    transition: opacity 0.2s ease;
 }
 .modal-enter-from,
 .modal-leave-to {
    opacity: 0;
 }
 </style>
@@ -24,7 +24,9 @@
    "updated": "Client mis à jour avec succès.",
    "deleted": "Client supprimé avec succès.",
    "addClient": "Ajouter un client",
-    "editClient": "Modifier un client"
+    "editClient": "Modifier un client",
    "deleteConfirmTitle": "Supprimer le client",
    "deleteConfirmMessage": "Êtes-vous sûr de vouloir supprimer le client « {name} » ? Cette action est irréversible."
  },
  "projects": {
    "title": "Projets",
@@ -908,6 +910,8 @@
    "editProspect": "Modifier un prospect",
    "convert": "Convertir en client",
    "alreadyConverted": "Déjà converti en client",
    "deleteConfirmTitle": "Supprimer le prospect",
    "deleteConfirmMessage": "Êtes-vous sûr de vouloir supprimer le prospect « {name} » ? Cette action est irréversible.",
    "fields": {
      "name": "Nom",
      "company": "Société",
@@ -934,12 +938,24 @@
  "directory": {
    "title": "Répertoire",
    "tabs": {
      "info": "Informations",
      "clients": "Clients",
      "prospects": "Prospects",
      "contact": "Contact",
      "address": "Adresse",
      "report": "Rapport"
    },
    "info": {
      "fields": {
        "name": "Nom",
        "email": "Email",
        "phone": "Téléphone"
      }
    },
    "validation": {
      "nameRequired": "Le nom est requis.",
      "subjectRequired": "L'objet est requis."
    },
    "clients": {
      "add": "Ajouter un client",
      "empty": "Aucun client trouvé."
@@ -978,9 +994,16 @@
    },
    "reports": {
      "add": "Ajouter un compte-rendu",
-      "empty": "Aucun compte-rendu.",
+      "addTitle": "Nouveau compte-rendu",
      "editTitle": "Modifier le compte-rendu",
      "empty": "Aucun compte-rendu",
      "emptyHint": "Consignez vos échanges (appels, rendez-vous, emails) pour garder l'historique de la relation.",
      "count": "{n} compte-rendu | {n} comptes-rendus",
      "documentsLabel": "Documents",
      "saved": "Compte-rendu enregistré.",
      "deleted": "Compte-rendu supprimé.",
      "confirmDeleteTitle": "Supprimer ce compte-rendu ?",
      "confirmDeleteMessage": "Cette action est irréversible. Les documents joints seront également supprimés.",
      "fields": {
        "subject": "Objet",
        "type": "Type d'échange",
@@ -6,21 +6,11 @@
        <form @submit.prevent="handleSubmit" class="flex flex-col gap-2">
            <MalioInputText
                v-model="form.name"
-                label="Nom"
+                label="Nom société"
                input-class="w-full"
                :error="touched.name && !form.name.trim() ? 'Le nom est requis' : ''"
                @blur="touched.name = true"
            />
            <MalioInputText
                v-model="form.email"
                label="Email"
                input-class="w-full"
            />
            <MalioInputText
                v-model="form.phone"
                label="Téléphone"
                input-class="w-full"
            />
            <div class="mt-6 flex justify-end">
                <MalioButton
@@ -58,28 +48,16 @@ const isSubmitting = ref(false)
 const form = reactive({
    name: '',
    email: '',
    phone: '',
 })
 const touched = reactive({
    name: false,
    email: false,
 })
 watch(() => props.modelValue, (open) => {
    if (open) {
-        if (props.client) {
+        form.name = props.client?.name ?? ''
            form.name = props.client.name ?? ''
            form.email = props.client.email ?? ''
            form.phone = props.client.phone ?? ''
        } else {
            form.name = ''
            form.email = ''
            form.phone = ''
        }
        touched.name = false
        touched.email = false
    }
 })
@@ -93,8 +71,6 @@ async function handleSubmit() {
    try {
        const payload: ClientWrite = {
            name: form.name.trim(),
            email: form.email.trim() || null,
            phone: form.phone.trim() || null,
        }
        if (isEditing.value && props.client) {
@@ -0,0 +1,144 @@
 <template>
    <MalioDrawer v-model="isOpen">
        <template #header>
            <h2 class="text-xl font-bold">
                {{ isEditing ? $t('directory.reports.editTitle') : $t('directory.reports.addTitle') }}
            </h2>
        </template>
        <form @submit.prevent="handleSubmit" class="flex flex-col gap-4">
            <MalioInputText
                v-model="form.subject"
                :label="$t('directory.reports.fields.subject')"
                input-class="w-full"
                :error="touched.subject && !form.subject.trim() ? $t('directory.validation.subjectRequired') : ''"
                @blur="touched.subject = true"
            />
            <MalioSelect
                v-model="form.type"
                :label="$t('directory.reports.fields.type')"
                :options="typeOptions"
                group-class="w-full"
            />
            <MalioDate
                v-model="form.occurredAt"
                :label="$t('directory.reports.fields.occurredAt')"
            />
            <MalioInputRichText
                v-model="form.body"
                :label="$t('directory.reports.fields.body')"
                min-height="180px"
            />
            <div class="mt-4 flex justify-end gap-3">
                <MalioButton
                    variant="tertiary"
                    button-class="w-auto px-4"
                    :label="$t('common.cancel')"
                    @click="isOpen = false"
                />
                <MalioButton
                    button-class="w-auto px-6"
                    :label="$t('common.save')"
                    :disabled="isSubmitting"
                    @click="handleSubmit"
                />
            </div>
        </form>
    </MalioDrawer>
 </template>
 <script setup lang="ts">
 import type { CommercialReport, CommercialReportWrite, ReportType } from '~/modules/directory/services/dto/commercial-report'
 import { useCommercialReportService } from '~/modules/directory/services/commercial-reports'
 const props = defineProps<{
    modelValue: boolean
    report: CommercialReport | null
    owner: { client?: string, prospect?: string }
 }>()
 const emit = defineEmits<{
    (e: 'update:modelValue', value: boolean): void
    (e: 'saved'): void
 }>()
 const { t } = useI18n()
 const { create, update } = useCommercialReportService()
 const isOpen = computed({
    get: () => props.modelValue,
    set: (v) => emit('update:modelValue', v),
 })
 const isEditing = computed(() => !!props.report)
 const isSubmitting = ref(false)
 const typeOptions: { label: string, value: ReportType }[] = [
    { label: t('directory.reports.types.call'), value: 'call' },
    { label: t('directory.reports.types.meeting'), value: 'meeting' },
    { label: t('directory.reports.types.email'), value: 'email' },
    { label: t('directory.reports.types.note'), value: 'note' },
 ]
 function today(): string {
    return new Date().toISOString().slice(0, 10)
 }
 // L'éditeur riche émet du HTML : un contenu « vide » vaut `<p></p>`. On le
 // normalise en null pour ne pas persister une coquille vide.
 function normalizeBody(html: string): string | null {
    const stripped = html.replace(/<[^>]*>/g, '').replace(/&nbsp;/g, ' ').trim()
    return stripped ? html : null
 }
 const form = reactive<{ subject: string, type: ReportType, occurredAt: string, body: string }>({
    subject: '',
    type: 'note',
    occurredAt: today(),
    body: '',
 })
 const touched = reactive({ subject: false })
 watch(() => props.modelValue, (open) => {
    if (!open) return
    if (props.report) {
        form.subject = props.report.subject
        form.type = props.report.type
        form.occurredAt = props.report.occurredAt.slice(0, 10)
        form.body = props.report.body ?? ''
    } else {
        form.subject = ''
        form.type = 'note'
        form.occurredAt = today()
        form.body = ''
    }
    touched.subject = false
 })
 async function handleSubmit(): Promise<void> {
    touched.subject = true
    if (!form.subject.trim() || isSubmitting.value) return
    isSubmitting.value = true
    try {
        const payload: CommercialReportWrite = {
            subject: form.subject.trim(),
            type: form.type,
            occurredAt: form.occurredAt,
            body: normalizeBody(form.body),
            ...props.owner,
        }
        if (isEditing.value && props.report) {
            await update(props.report.id, payload)
        } else {
            await create(payload)
        }
        emit('saved')
        isOpen.value = false
    } finally {
        isSubmitting.value = false
    }
 }
 </script>
@@ -1,158 +1,235 @@
 <template>
-    <div class="flex flex-col gap-6 pt-6">
+    <div class="flex flex-col gap-5 pt-6">
-        <!-- Formulaire d'ajout / édition -->
+        <!-- Barre d'action -->
-        <div v-if="isAdmin" class="grid grid-cols-2 gap-x-8 gap-y-3 rounded bg-white p-4 shadow">
+        <div class="flex items-center justify-between gap-3">
-            <MalioInputText
+            <p class="text-sm text-neutral-500">
-                class="col-span-2"
+                <span v-if="reports.length">{{ $t('directory.reports.count', { n: reports.length }, reports.length) }}</span>
-                :label="$t('directory.reports.fields.subject')"
+            </p>
-                v-model="draft.subject"
+            <MalioButton
                v-if="canManage"
                icon-name="mdi:plus"
                icon-position="left"
                button-class="w-auto px-4"
                :label="$t('directory.reports.add')"
                @click="openCreate"
            />
            <MalioSelect
                :label="$t('directory.reports.fields.type')"
                v-model="draft.type"
                :options="typeOptions"
                group-class="w-full"
            />
            <MalioDate
                :label="$t('directory.reports.fields.occurredAt')"
                v-model="draft.occurredAt"
            />
            <MalioInputTextArea
                class="col-span-2"
                :label="$t('directory.reports.fields.body')"
                v-model="draft.body"
            />
            <div class="col-span-2 flex justify-end gap-3">
                <MalioButton
                    v-if="editingId"
                    variant="secondary"
                    button-class="w-auto px-4"
                    :label="$t('common.cancel')"
                    @click="resetDraft"
                />
                <MalioButton
                    button-class="w-auto px-4"
                    :label="editingId ? $t('common.save') : $t('directory.reports.add')"
                    :disabled="!draft.subject"
                    @click="save"
                />
            </div>
        </div>
-        <!-- Liste des comptes-rendus -->
+        <!-- État vide -->
-        <div v-for="report in reports" :key="report.id" class="rounded border border-neutral-200 p-4">
+        <div
-            <div class="flex items-start justify-between">
+            v-if="!loading && !reports.length"
-                <div>
+            class="flex flex-col items-center gap-2 rounded-lg border border-dashed border-neutral-200 bg-neutral-50 px-6 py-12 text-center"
-                    <p class="font-semibold text-neutral-800">{{ report.subject }}</p>
+        >
-                    <p class="text-xs text-neutral-500">
+            <Icon name="mdi:message-text-outline" class="text-4xl text-neutral-300" />
-                        {{ formatDate(report.occurredAt) }} · {{ $t(`directory.reports.types.${report.type}`) }}
+            <p class="font-medium text-neutral-600">{{ $t('directory.reports.empty') }}</p>
-                        <span v-if="report.author"> · {{ report.author.username }}</span>
+            <p class="max-w-sm text-sm text-neutral-400">{{ $t('directory.reports.emptyHint') }}</p>
-                    </p>
+            <MalioButton
-                </div>
+                v-if="canManage"
-                <div v-if="isAdmin" class="flex gap-2">
+                variant="tertiary"
-                    <MalioButtonIcon icon="mdi:pencil-outline" :aria-label="$t('common.edit')" @click="edit(report)" />
+                icon-name="mdi:plus"
-                    <MalioButtonIcon icon="mdi:trash-can-outline" button-class="!text-red-600" :aria-label="$t('common.delete')" @click="remove(report.id)" />
+                icon-position="left"
-                </div>
+                button-class="mt-2 w-auto px-4"
-            </div>
+                :label="$t('directory.reports.add')"
-            <p v-if="report.body" class="mt-2 whitespace-pre-wrap text-sm text-neutral-700">{{ report.body }}</p>
+                @click="openCreate"
-
+            />
            <div class="mt-3 flex flex-col gap-2">
                <ReportDocumentList
                    :documents="report.documents ?? []"
                    :is-admin="isAdmin"
                    @delete="(id) => removeDocument(report, id)"
                />
                <ReportDocumentUpload
                    v-if="isAdmin"
                    :report-id="report.id"
                    @uploaded="reload"
                />
            </div>
        </div>
-        <p v-if="!reports.length" class="text-sm text-neutral-400">
+        <!-- Timeline antéchronologique -->
-            {{ $t('directory.reports.empty') }}
+        <ol v-else class="flex flex-col">
-        </p>
+            <li
                v-for="report in sortedReports"
                :key="report.id"
                class="relative flex gap-4 pb-6 last:pb-0"
            >
                <!-- Rail + pastille de type -->
                <div class="flex flex-col items-center">
                    <span
                        class="flex h-9 w-9 shrink-0 items-center justify-center rounded-full"
                        :class="typeStyle(report.type).badge"
                    >
                        <Icon :name="typeStyle(report.type).icon" class="text-lg" />
                    </span>
                    <span class="mt-1 w-px grow bg-neutral-200" aria-hidden="true" />
                </div>
                <!-- Carte -->
                <div class="flex-1 rounded-lg border border-neutral-200 bg-white p-4 shadow-[0_1px_2px_0_rgba(0,0,0,0.05)]">
                    <div class="flex items-start justify-between gap-3">
                        <div class="min-w-0">
                            <div class="flex flex-wrap items-center gap-2">
                                <span
                                    class="rounded-full px-2 py-0.5 text-xs font-medium"
                                    :class="typeStyle(report.type).chip"
                                >
                                    {{ $t(`directory.reports.types.${report.type}`) }}
                                </span>
                                <p class="truncate font-semibold text-neutral-800">{{ report.subject }}</p>
                            </div>
                            <p class="mt-1 text-xs text-neutral-500">
                                <span :title="absoluteDate(report.occurredAt)">{{ relativeDate(report.occurredAt) }}</span>
                                <span v-if="report.author"> · {{ report.author.username }}</span>
                            </p>
                        </div>
                        <div v-if="canManage" class="flex shrink-0 gap-1">
                            <MalioButtonIcon
                                icon="mdi:pencil-outline"
                                variant="ghost"
                                :aria-label="$t('common.edit')"
                                @click="openEdit(report)"
                            />
                            <MalioButtonIcon
                                icon="mdi:delete-outline"
                                variant="ghost"
                                :aria-label="$t('common.delete')"
                                @click="askDelete(report)"
                            />
                        </div>
                    </div>
                    <MalioInputRichText
                        v-if="report.body"
                        :model-value="report.body"
                        :editable="false"
                        :reserve-message-space="false"
                        editor-class="!border-0 !rounded-none !bg-transparent !p-0 text-sm text-neutral-700"
                        class="mt-2"
                    />
                    <!-- Documents joints -->
                    <div
                        v-if="(report.documents?.length ?? 0) || canManage"
                        class="mt-3 border-t border-neutral-100 pt-3"
                    >
                        <p class="mb-2 text-xs font-medium uppercase tracking-wide text-neutral-400">
                            {{ $t('directory.reports.documentsLabel') }}
                        </p>
                        <div class="flex flex-col gap-2">
                            <ReportDocumentList
                                v-if="report.documents?.length"
                                :documents="report.documents"
                                :can-manage="canManage"
                                @delete="(docId) => removeDocument(docId)"
                            />
                            <ReportDocumentUpload
                                v-if="canManage"
                                :report-id="report.id"
                                @uploaded="reload"
                            />
                        </div>
                    </div>
                </div>
            </li>
        </ol>
        <CommercialReportDrawer
            v-model="drawerOpen"
            :report="editing"
            :owner="owner"
            @saved="reload"
        />
        <ConfirmDeleteReportModal
            v-model="confirmOpen"
            :busy="deleting"
            @confirm="confirmDelete"
        />
    </div>
 </template>
 <script setup lang="ts">
-import type { CommercialReport, CommercialReportWrite, ReportType } from '~/modules/directory/services/dto/commercial-report'
+import type { CommercialReport, ReportType } from '~/modules/directory/services/dto/commercial-report'
 import { useCommercialReportService } from '~/modules/directory/services/commercial-reports'
 import { useReportDocumentService } from '~/modules/directory/services/report-documents'
 const props = defineProps<{
    owner: { client?: string, prospect?: string }
-    isAdmin: boolean
+    canManage: boolean
 }>()
 const { t } = useI18n()
 const reportService = useCommercialReportService()
 const documentService = useReportDocumentService()
 const reports = ref<CommercialReport[]>([])
-const editingId = ref<number | null>(null)
+const loading = ref(true)
-function emptyDraft(): CommercialReportWrite {
+const drawerOpen = ref(false)
-    return {
+const editing = ref<CommercialReport | null>(null)
-        subject: '',
+
-        body: null,
+const confirmOpen = ref(false)
-        occurredAt: new Date().toISOString().slice(0, 10),
+const pendingDelete = ref<CommercialReport | null>(null)
-        type: 'note',
+const deleting = ref(false)
-        ...props.owner,
+
 // Le plus récent en haut (l'API ne garantit pas l'ordre).
 const sortedReports = computed(() =>
    [...reports.value].sort((a, b) => b.occurredAt.localeCompare(a.occurredAt)),
 )
 const typeStyles: Record<ReportType, { icon: string, badge: string, chip: string }> = {
    call: { icon: 'mdi:phone-outline', badge: 'bg-emerald-100 text-emerald-700', chip: 'bg-emerald-50 text-emerald-700' },
    meeting: { icon: 'mdi:account-group-outline', badge: 'bg-violet-100 text-violet-700', chip: 'bg-violet-50 text-violet-700' },
    email: { icon: 'mdi:email-outline', badge: 'bg-sky-100 text-sky-700', chip: 'bg-sky-50 text-sky-700' },
    note: { icon: 'mdi:note-text-outline', badge: 'bg-amber-100 text-amber-700', chip: 'bg-amber-50 text-amber-700' },
 }
 function typeStyle(type: ReportType) {
    return typeStyles[type]
 }
 function startOfDay(d: Date): number {
    return new Date(d.getFullYear(), d.getMonth(), d.getDate()).getTime()
 }
 function absoluteDate(iso: string): string {
    return new Date(iso).toLocaleDateString('fr-FR')
 }
 // Date relative lisible (« aujourd'hui », « il y a 3 jours »…) avec repli sur la
 // date absolue au-delà d'un an. La date exacte reste disponible en infobulle.
 function relativeDate(iso: string): string {
    const diffDays = Math.round((startOfDay(new Date(iso)) - startOfDay(new Date())) / 86400000)
    const rtf = new Intl.RelativeTimeFormat('fr-FR', { numeric: 'auto' })
    const abs = Math.abs(diffDays)
    if (abs < 1) return rtf.format(0, 'day')
    if (abs < 7) return rtf.format(diffDays, 'day')
    if (abs < 31) return rtf.format(Math.round(diffDays / 7), 'week')
    if (abs < 365) return rtf.format(Math.round(diffDays / 30), 'month')
    return absoluteDate(iso)
 }
 function openCreate(): void {
    editing.value = null
    drawerOpen.value = true
 }
 function openEdit(report: CommercialReport): void {
    editing.value = report
    drawerOpen.value = true
 }
 function askDelete(report: CommercialReport): void {
    pendingDelete.value = report
    confirmOpen.value = true
 }
 async function confirmDelete(): Promise<void> {
    if (!pendingDelete.value || deleting.value) return
    deleting.value = true
    try {
        await reportService.remove(pendingDelete.value.id)
        confirmOpen.value = false
        pendingDelete.value = null
        await reload()
    } finally {
        deleting.value = false
    }
 }
 const draft = ref<CommercialReportWrite>(emptyDraft())
-const typeOptions: { label: string, value: ReportType }[] = [
+async function removeDocument(id: number): Promise<void> {
-    { label: t('directory.reports.types.call'), value: 'call' },
+    await documentService.remove(id)
-    { label: t('directory.reports.types.meeting'), value: 'meeting' },
+    await reload()
    { label: t('directory.reports.types.email'), value: 'email' },
    { label: t('directory.reports.types.note'), value: 'note' },
 ]
 function formatDate(iso: string): string {
    return new Date(iso).toLocaleDateString('fr-FR')
 }
 async function reload(): Promise<void> {
    reports.value = await reportService.getByOwner(props.owner)
-}
+    loading.value = false
 function resetDraft(): void {
    editingId.value = null
    draft.value = emptyDraft()
 }
 function edit(report: CommercialReport): void {
    editingId.value = report.id
    draft.value = {
        subject: report.subject,
        body: report.body,
        occurredAt: report.occurredAt.slice(0, 10),
        type: report.type,
        ...props.owner,
    }
 }
 async function save(): Promise<void> {
    if (editingId.value) {
        await reportService.update(editingId.value, draft.value)
    } else {
        await reportService.create(draft.value)
    }
    resetDraft()
    await reload()
 }
 async function remove(id: number): Promise<void> {
    await reportService.remove(id)
    await reload()
 }
 async function removeDocument(report: CommercialReport, id: number): Promise<void> {
    await documentService.remove(id)
    await reload()
 }
 onMounted(reload)
@@ -0,0 +1,58 @@
 <template>
    <Teleport v-if="modelValue" to="body">
        <Transition name="modal" appear>
            <div class="fixed inset-0 z-50 flex items-center justify-center">
                <div class="absolute inset-0 bg-black/30" @click="cancel" />
                <div class="relative z-10 w-full max-w-md rounded-lg bg-white p-6 shadow-xl">
                    <h3 class="text-lg font-bold text-neutral-900">{{ title }}</h3>
                    <p class="mt-3 text-sm text-neutral-600">
                        {{ message }}
                    </p>
                    <div class="mt-6 flex justify-end gap-3">
                        <MalioButton
                            variant="tertiary"
                            :label="$t('common.cancel')"
                            button-class="w-auto px-4"
                            @click="cancel"
                        />
                        <MalioButton
                            variant="danger"
                            :label="$t('common.delete')"
                            button-class="w-auto px-4"
                            @click="$emit('confirm')"
                        />
                    </div>
                </div>
            </div>
        </Transition>
    </Teleport>
 </template>
 <script setup lang="ts">
 defineProps<{
    modelValue: boolean
    title: string
    message: string
 }>()
 const emit = defineEmits<{
    (e: 'update:modelValue', value: boolean): void
    (e: 'confirm'): void
 }>()
 function cancel() {
    emit('update:modelValue', false)
 }
 </script>
 <style scoped>
 .modal-enter-active,
 .modal-leave-active {
    transition: opacity 0.2s ease;
 }
 .modal-enter-from,
 .modal-leave-to {
    opacity: 0;
 }
 </style>
@@ -1,13 +1,13 @@
 <template>
-    <div class="relative grid grid-cols-2 gap-x-8 gap-y-3 rounded bg-white p-4 shadow">
+    <div class="relative grid grid-cols-2 gap-x-[44px] gap-y-4 rounded-lg bg-white px-7 py-5 shadow-[0_4px_4px_0_rgba(0,0,0,0.10)]">
        <h3 class="col-span-2 text-sm font-semibold text-neutral-700">
            {{ title }}
        </h3>
        <MalioButtonIcon
            v-if="removable && !readonly"
-            icon="mdi:trash-can-outline"
+            icon="mdi:delete-outline"
-            class="absolute right-2 top-2"
+            variant="ghost"
-            button-class="!text-red-600"
+            class="absolute right-3 top-3"
            :aria-label="$t('common.delete')"
            @click="$emit('remove')"
        />
@@ -1,13 +1,13 @@
 <template>
-    <div class="relative grid grid-cols-2 gap-x-8 gap-y-3 rounded bg-white p-4 shadow">
+    <div class="relative grid grid-cols-2 gap-x-[44px] gap-y-4 rounded-lg bg-white px-7 py-5 shadow-[0_4px_4px_0_rgba(0,0,0,0.10)]">
        <h3 class="col-span-2 text-sm font-semibold text-neutral-700">
            {{ title }}
        </h3>
        <MalioButtonIcon
            v-if="removable && !readonly"
-            icon="mdi:trash-can-outline"
+            icon="mdi:delete-outline"
-            class="absolute right-2 top-2"
+            variant="ghost"
-            button-class="!text-red-600"
+            class="absolute right-3 top-3"
            :aria-label="$t('common.delete')"
            @click="$emit('remove')"
        />
@@ -6,41 +6,11 @@
        <form @submit.prevent="handleSubmit" class="flex flex-col gap-2">
            <MalioInputText
                v-model="form.name"
-                :label="$t('prospects.fields.name')"
+                label="Nom société"
                input-class="w-full"
                :error="touched.name && !form.name.trim() ? $t('prospects.validation.nameRequired') : ''"
                @blur="touched.name = true"
            />
            <MalioInputText
                v-model="form.company"
                :label="$t('prospects.fields.company')"
                input-class="w-full"
            />
            <MalioInputText
                v-model="form.email"
                :label="$t('prospects.fields.email')"
                input-class="w-full"
            />
            <MalioInputText
                v-model="form.phone"
                :label="$t('prospects.fields.phone')"
                input-class="w-full"
            />
            <MalioSelect
                v-model="form.status"
                :label="$t('prospects.fields.status')"
                :options="statusOptions"
                group-class="w-full"
            />
            <MalioInputText
                v-model="form.source"
                :label="$t('prospects.fields.source')"
                input-class="w-full"
            />
            <MalioInputTextArea
                v-model="form.notes"
                :label="$t('prospects.fields.notes')"
            />
            <div class="mt-6 flex items-center justify-between gap-2">
                <MalioButton
@@ -69,7 +39,7 @@
 </template>
 <script setup lang="ts">
-import type { Prospect, ProspectStatus, ProspectWrite } from '~/modules/directory/services/dto/prospect'
+import type { Prospect, ProspectWrite } from '~/modules/directory/services/dto/prospect'
 import { useProspectService } from '~/modules/directory/services/prospects'
 const props = defineProps<{
@@ -82,8 +52,6 @@ const emit = defineEmits<{
    (e: 'saved'): void
 }>()
 const { t } = useI18n()
 const isOpen = computed({
    get: () => props.modelValue,
    set: (v) => emit('update:modelValue', v),
@@ -93,30 +61,8 @@ const isEditing = computed(() => !!props.prospect)
 const isConverted = computed(() => !!props.prospect?.convertedClient)
 const isSubmitting = ref(false)
-const statusOptions = [
+const form = reactive({
    { label: t('prospects.status.new'), value: 'new' },
    { label: t('prospects.status.contacted'), value: 'contacted' },
    { label: t('prospects.status.qualified'), value: 'qualified' },
    { label: t('prospects.status.won'), value: 'won' },
    { label: t('prospects.status.lost'), value: 'lost' },
 ]
 const form = reactive<{
    name: string
    company: string
    email: string
    phone: string
    status: ProspectStatus
    source: string
    notes: string
 }>({
    name: '',
    company: '',
    email: '',
    phone: '',
    status: 'new',
    source: '',
    notes: '',
 })
 const touched = reactive({
@@ -125,23 +71,7 @@ const touched = reactive({
 watch(() => props.modelValue, (open) => {
    if (open) {
-        if (props.prospect) {
+        form.name = props.prospect?.name ?? ''
            form.name = props.prospect.name ?? ''
            form.company = props.prospect.company ?? ''
            form.email = props.prospect.email ?? ''
            form.phone = props.prospect.phone ?? ''
            form.status = props.prospect.status ?? 'new'
            form.source = props.prospect.source ?? ''
            form.notes = props.prospect.notes ?? ''
        } else {
            form.name = ''
            form.company = ''
            form.email = ''
            form.phone = ''
            form.status = 'new'
            form.source = ''
            form.notes = ''
        }
        touched.name = false
    }
 })
@@ -156,12 +86,6 @@ async function handleSubmit() {
    try {
        const payload: ProspectWrite = {
            name: form.name.trim(),
            company: form.company.trim() || null,
            email: form.email.trim() || null,
            phone: form.phone.trim() || null,
            status: form.status,
            source: form.source.trim() || null,
            notes: form.notes.trim() || null,
        }
        if (isEditing.value && props.prospect) {
@@ -15,7 +15,7 @@
                {{ doc.originalName }}
            </a>
            <MalioButtonIcon
-                v-if="isAdmin"
+                v-if="canManage"
                icon="mdi:trash-can-outline"
                button-class="!text-red-600"
                :aria-label="$t('common.delete')"
@@ -32,7 +32,7 @@
 import type { ReportDocument } from '~/modules/directory/services/dto/report-document'
 import { useReportDocumentService } from '~/modules/directory/services/report-documents'
-defineProps<{ documents: ReportDocument[], isAdmin: boolean }>()
+defineProps<{ documents: ReportDocument[], canManage: boolean }>()
 defineEmits<{ delete: [id: number] }>()
 const { getDownloadUrl } = useReportDocumentService()
@@ -6,10 +6,12 @@ import { useAddressService } from '~/modules/directory/services/addresses'
 type Owner = { client?: string, prospect?: string }
 /**
- * Logique partagée des fiches détail Client/Prospect : gestion des blocs
+ * Logique partagée des fiches détail Client/Prospect : blocs répétables Contact
- * répétables Contact et Adresse (chargement, ajout, édition par bloc avec
+ * et Adresse (chargement, ajout, suppression). L'édition est tenue en mémoire
- * persistance immédiate, suppression). Paramétré par l'IRI du propriétaire
+ * localement ; la persistance se fait au clic sur « Enregistrer » (saveContacts/
- * (`{ client }` ou `{ prospect }`), réutilisé tel quel par les deux pages.
+ * saveAddresses), comme les formulaires de tâche — pas d'enregistrement au blur.
 * Paramétré par l'IRI du propriétaire (`{ client }` ou `{ prospect }`), réutilisé
 * tel quel par les deux pages.
 */
 export function useDirectoryDetail(owner: Owner) {
    const contactService = useContactService()
@@ -17,6 +19,8 @@ export function useDirectoryDetail(owner: Owner) {
    const contacts = ref<Contact[]>([])
    const addresses = ref<Address[]>([])
    const savingContacts = ref(false)
    const savingAddresses = ref(false)
    function emptyContact(): Contact {
        return { id: 0, firstName: null, lastName: null, jobTitle: null, email: null, phonePrimary: null, phoneSecondary: null, ...owner }
@@ -25,54 +29,75 @@ export function useDirectoryDetail(owner: Owner) {
        return { id: 0, label: null, street: null, streetComplement: null, postalCode: null, city: null, country: 'FR', ...owner }
    }
-    async function onContactInput(index: number, value: Contact): Promise<void> {
+    // Édition locale uniquement : on remplace le bloc en mémoire, rien n'est
    // persisté tant que l'utilisateur n'a pas cliqué sur « Enregistrer ».
    function onContactInput(index: number, value: Contact): void {
        contacts.value[index] = value
        await persistContact(index)
    }
-    async function persistContact(index: number): Promise<void> {
+    function onAddressInput(index: number, value: Address): void {
-        const c = contacts.value[index]
+        addresses.value[index] = value
        if (!c) return
        const payload = { firstName: c.firstName, lastName: c.lastName, jobTitle: c.jobTitle, email: c.email, phonePrimary: c.phonePrimary, phoneSecondary: c.phoneSecondary, ...owner }
        if (c.id && c.id > 0) {
            await contactService.update(c.id, payload)
        } else if (c.lastName || c.firstName) {
            const created = await contactService.create(payload)
            contacts.value[index] = created
        }
    }
    function addContact(): void {
        contacts.value.push(emptyContact())
    }
    function addAddress(): void {
        addresses.value.push(emptyAddress())
    }
    // Suppression immédiate (comme la corbeille du formulaire de tâche) : un bloc
    // déjà enregistré est supprimé côté serveur, une amorce non enregistrée est
    // simplement retirée de la liste.
    async function removeContact(index: number): Promise<void> {
        const c = contacts.value[index]
        if (c?.id && c.id > 0) await contactService.remove(c.id)
        contacts.value.splice(index, 1)
    }
    async function onAddressInput(index: number, value: Address): Promise<void> {
        addresses.value[index] = value
        await persistAddress(index)
    }
    async function persistAddress(index: number): Promise<void> {
        const a = addresses.value[index]
        if (!a) return
        const payload = { label: a.label, street: a.street, streetComplement: a.streetComplement, postalCode: a.postalCode, city: a.city, country: a.country, ...owner }
        if (a.id && a.id > 0) {
            await addressService.update(a.id, payload)
        } else if (a.street || a.city || a.postalCode) {
            const created = await addressService.create(payload)
            addresses.value[index] = created
        }
    }
    function addAddress(): void {
        addresses.value.push(emptyAddress())
    }
    async function removeAddress(index: number): Promise<void> {
        const a = addresses.value[index]
        if (a?.id && a.id > 0) await addressService.remove(a.id)
        addresses.value.splice(index, 1)
    }
    // Persistance au clic : met à jour les blocs existants, crée les nouveaux
    // blocs renseignés. Les amorces vides (sans contenu) sont ignorées.
    async function saveContacts(): Promise<void> {
        if (savingContacts.value) return
        savingContacts.value = true
        try {
            for (let i = 0; i < contacts.value.length; i++) {
                const c = contacts.value[i]
                if (!c) continue
                const payload = { firstName: c.firstName, lastName: c.lastName, jobTitle: c.jobTitle, email: c.email, phonePrimary: c.phonePrimary, phoneSecondary: c.phoneSecondary, ...owner }
                if (c.id && c.id > 0) {
                    contacts.value[i] = await contactService.update(c.id, payload)
                } else if (c.lastName || c.firstName) {
                    contacts.value[i] = await contactService.create(payload)
                }
            }
        } finally {
            savingContacts.value = false
        }
    }
    async function saveAddresses(): Promise<void> {
        if (savingAddresses.value) return
        savingAddresses.value = true
        try {
            for (let i = 0; i < addresses.value.length; i++) {
                const a = addresses.value[i]
                if (!a) continue
                const payload = { label: a.label, street: a.street, streetComplement: a.streetComplement, postalCode: a.postalCode, city: a.city, country: a.country, ...owner }
                if (a.id && a.id > 0) {
                    addresses.value[i] = await addressService.update(a.id, payload)
                } else if (a.street || a.city || a.postalCode) {
                    addresses.value[i] = await addressService.create(payload)
                }
            }
        } finally {
            savingAddresses.value = false
        }
    }
    async function load(): Promise<void> {
        contacts.value = await contactService.getByOwner(owner)
        addresses.value = await addressService.getByOwner(owner)
@@ -81,12 +106,16 @@ export function useDirectoryDetail(owner: Owner) {
    return {
        contacts,
        addresses,
        savingContacts,
        savingAddresses,
        onContactInput,
        addContact,
        removeContact,
        saveContacts,
        onAddressInput,
        addAddress,
        removeAddress,
        saveAddresses,
        load,
    }
 }
@@ -8,6 +8,36 @@
        <p v-if="loading">{{ $t('common.loading') }}</p>
        <template v-else-if="client">
            <MalioTabList v-model="activeTab" :tabs="tabs">
                <template #info>
                    <div class="flex flex-col gap-4 pt-6">
                        <div class="relative grid grid-cols-2 gap-x-[44px] gap-y-4 rounded-lg bg-white px-7 py-5 shadow-[0_4px_4px_0_rgba(0,0,0,0.10)]">
                            <MalioInputText
                                v-model="info.name"
                                class="col-span-2"
                                :label="$t('directory.info.fields.name')"
                                :error="infoTouched.name && !info.name.trim() ? $t('directory.validation.nameRequired') : ''"
                                @blur="infoTouched.name = true"
                            />
                            <MalioInputText
                                v-model="info.email"
                                :label="$t('directory.info.fields.email')"
                            />
                            <MalioInputText
                                v-model="info.phone"
                                :label="$t('directory.info.fields.phone')"
                            />
                        </div>
                        <div class="flex justify-center pt-2">
                            <MalioButton
                                button-class="w-auto px-6"
                                :label="$t('common.save')"
                                :disabled="savingInfo"
                                @click="saveInfo"
                            />
                        </div>
                    </div>
                </template>
                <template #contact>
                    <div class="flex flex-col gap-4 pt-6">
                        <DirectoryContactBlock
@@ -19,13 +49,22 @@
                            @update:model-value="(v) => onContactInput(i, v)"
                            @remove="removeContact(i)"
                        />
-                        <MalioButton
+                        <div class="flex justify-center gap-3 pt-2">
-                            icon-name="mdi:plus"
+                            <MalioButton
-                            icon-position="left"
+                                variant="tertiary"
-                            button-class="w-auto px-4"
+                                icon-name="mdi:plus"
-                            :label="$t('directory.contacts.add')"
+                                icon-position="left"
-                            @click="addContact"
+                                button-class="w-auto px-4"
-                        />
+                                :label="$t('directory.contacts.add')"
                                @click="addContact"
                            />
                            <MalioButton
                                button-class="w-auto px-6"
                                :label="$t('common.save')"
                                :disabled="savingContacts"
                                @click="saveContacts"
                            />
                        </div>
                    </div>
                </template>
@@ -40,18 +79,27 @@
                            @update:model-value="(v) => onAddressInput(i, v)"
                            @remove="removeAddress(i)"
                        />
-                        <MalioButton
+                        <div class="flex justify-center gap-3 pt-2">
-                            icon-name="mdi:plus"
+                            <MalioButton
-                            icon-position="left"
+                                variant="tertiary"
-                            button-class="w-auto px-4"
+                                icon-name="mdi:plus"
-                            :label="$t('directory.addresses.add')"
+                                icon-position="left"
-                            @click="addAddress"
+                                button-class="w-auto px-4"
-                        />
+                                :label="$t('directory.addresses.add')"
                                @click="addAddress"
                            />
                            <MalioButton
                                button-class="w-auto px-6"
                                :label="$t('common.save')"
                                :disabled="savingAddresses"
                                @click="saveAddresses"
                            />
                        </div>
                    </div>
                </template>
                <template #report>
-                    <CommercialReportTab :owner="owner" :is-admin="true" />
+                    <CommercialReportTab :owner="owner" :can-manage="canManage" />
                </template>
            </MalioTabList>
        </template>
@@ -76,31 +124,63 @@ const clientService = useClientService()
 const {
    contacts,
    addresses,
    savingContacts,
    savingAddresses,
    onContactInput,
    addContact,
    removeContact,
    saveContacts,
    onAddressInput,
    addAddress,
    removeAddress,
    saveAddresses,
    load,
 } = useDirectoryDetail(owner)
 const { can } = usePermissions()
 const canManage = computed(() => can('directory.clients.manage'))
 const client = ref<Client | null>(null)
 const loading = ref(true)
-const activeTab = ref('contact')
+const activeTab = ref('info')
 const tabs = [
    { key: 'info', label: t('directory.tabs.info'), icon: 'mdi:information-outline' },
    { key: 'contact', label: t('directory.tabs.contact'), icon: 'mdi:account-outline' },
    { key: 'address', label: t('directory.tabs.address'), icon: 'mdi:map-marker-outline' },
    { key: 'report', label: t('directory.tabs.report'), icon: 'mdi:file-document-outline' },
 ]
 // Champs de base de la fiche, édités en mémoire et persistés au clic sur
 // « Enregistrer » (PATCH), comme les onglets Contact/Adresse.
 const info = reactive({ name: '', email: '', phone: '' })
 const infoTouched = reactive({ name: false })
 const savingInfo = ref(false)
 async function saveInfo(): Promise<void> {
    infoTouched.name = true
    if (!info.name.trim() || savingInfo.value) return
    savingInfo.value = true
    try {
        client.value = await clientService.update(id, {
            name: info.name.trim(),
            email: info.email.trim() || null,
            phone: info.phone.trim() || null,
        })
    } finally {
        savingInfo.value = false
    }
 }
 function goBack(): void {
    router.push('/directory')
 }
 onMounted(async () => {
    client.value = await clientService.getById(id)
    info.name = client.value.name ?? ''
    info.email = client.value.email ?? ''
    info.phone = client.value.phone ?? ''
    await load()
    loading.value = false
 })
@@ -31,6 +31,17 @@
                        <template #cell-phone="{ item }">
                            {{ (item as Client).phone ?? '—' }}
                        </template>
                        <template #cell-actions="{ item }">
                            <div class="flex justify-end" @click.stop>
                                <MalioButtonIcon
                                    icon="mdi:trash-can-outline"
                                    :aria-label="$t('common.delete')"
                                    button-class="!bg-red-100 !text-red-700"
                                    :icon-size="18"
                                    @click="askDeleteClient(item as Client)"
                                />
                            </div>
                        </template>
                    </MalioDataTable>
                </div>
            </template>
@@ -75,20 +86,23 @@
                            {{ (item as ProspectRow).phone ?? '—' }}
                        </template>
                        <template #cell-actions="{ item }">
-                            <div
+                            <div class="flex justify-end gap-2" @click.stop>
                                v-if="!(item as ProspectRow).convertedClient"
                                class="flex justify-end"
                                @click.stop
                            >
                                <MalioButtonIcon
                                    v-if="!(item as ProspectRow).convertedClient"
                                    icon="mdi:account-convert"
                                    :aria-label="$t('prospects.convert')"
                                    button-class="!bg-green-100 !text-green-700"
                                    :icon-size="18"
                                    @click="convertProspect(item as ProspectRow)"
                                />
                                <MalioButtonIcon
                                    icon="mdi:trash-can-outline"
                                    :aria-label="$t('common.delete')"
                                    button-class="!bg-red-100 !text-red-700"
                                    :icon-size="18"
                                    @click="askDeleteProspect(item as ProspectRow)"
                                />
                            </div>
                            <span v-else class="text-neutral-300">—</span>
                        </template>
                    </MalioDataTable>
                </div>
@@ -105,6 +119,13 @@
            :prospect="selectedProspect"
            @saved="onProspectSaved"
        />
        <ConfirmDeleteModal
            v-model="deleteModalOpen"
            :title="deleteModalTitle"
            :message="deleteModalMessage"
            @confirm="confirmDelete"
        />
    </div>
 </template>
@@ -139,6 +160,7 @@ const clientColumns = [
    { key: 'name', label: t('prospects.fields.name') },
    { key: 'email', label: t('prospects.fields.email') },
    { key: 'phone', label: t('prospects.fields.phone') },
    { key: 'actions', label: '' },
 ]
 async function loadClients() {
@@ -225,6 +247,54 @@ async function onProspectSaved() {
    await Promise.all([loadProspects(), loadClients()])
 }
 // --- Suppression (clients & prospects) ---
 type DeleteTarget =
    | { type: 'client'; item: Client }
    | { type: 'prospect'; item: Prospect }
 const deleteModalOpen = ref(false)
 const deleteTarget = ref<DeleteTarget | null>(null)
 const deleteModalTitle = computed(() =>
    deleteTarget.value?.type === 'prospect'
        ? t('prospects.deleteConfirmTitle')
        : t('clients.deleteConfirmTitle'),
 )
 const deleteModalMessage = computed(() => {
    if (!deleteTarget.value) return ''
    const name = deleteTarget.value.item.name
    return deleteTarget.value.type === 'prospect'
        ? t('prospects.deleteConfirmMessage', { name })
        : t('clients.deleteConfirmMessage', { name })
 })
 function askDeleteClient(item: Client) {
    deleteTarget.value = { type: 'client', item }
    deleteModalOpen.value = true
 }
 function askDeleteProspect(item: Prospect) {
    deleteTarget.value = { type: 'prospect', item }
    deleteModalOpen.value = true
 }
 async function confirmDelete() {
    const target = deleteTarget.value
    if (!target) return
    if (target.type === 'client') {
        await clientService.remove(target.item.id)
        await loadClients()
    } else {
        await prospectService.remove(target.item.id)
        await loadProspects()
    }
    deleteModalOpen.value = false
    deleteTarget.value = null
 }
 watch(statusFilter, loadProspects)
 onMounted(async () => {
@@ -8,6 +8,56 @@
        <p v-if="loading">{{ $t('common.loading') }}</p>
        <template v-else-if="prospect">
            <MalioTabList v-model="activeTab" :tabs="tabs">
                <template #info>
                    <div class="flex flex-col gap-4 pt-6">
                        <div class="relative grid grid-cols-2 gap-x-[44px] gap-y-4 rounded-lg bg-white px-7 py-5 shadow-[0_4px_4px_0_rgba(0,0,0,0.10)]">
                            <MalioInputText
                                v-model="info.name"
                                class="col-span-2"
                                :label="$t('prospects.fields.name')"
                                :error="infoTouched.name && !info.name.trim() ? $t('prospects.validation.nameRequired') : ''"
                                @blur="infoTouched.name = true"
                            />
                            <MalioInputText
                                v-model="info.company"
                                :label="$t('prospects.fields.company')"
                            />
                            <MalioSelect
                                v-model="info.status"
                                :label="$t('prospects.fields.status')"
                                :options="statusOptions"
                                group-class="w-full"
                            />
                            <MalioInputText
                                v-model="info.email"
                                :label="$t('prospects.fields.email')"
                            />
                            <MalioInputText
                                v-model="info.phone"
                                :label="$t('prospects.fields.phone')"
                            />
                            <MalioInputText
                                v-model="info.source"
                                class="col-span-2"
                                :label="$t('prospects.fields.source')"
                            />
                            <MalioInputTextArea
                                v-model="info.notes"
                                class="col-span-2"
                                :label="$t('prospects.fields.notes')"
                            />
                        </div>
                        <div class="flex justify-center pt-2">
                            <MalioButton
                                button-class="w-auto px-6"
                                :label="$t('common.save')"
                                :disabled="savingInfo"
                                @click="saveInfo"
                            />
                        </div>
                    </div>
                </template>
                <template #contact>
                    <div class="flex flex-col gap-4 pt-6">
                        <DirectoryContactBlock
@@ -19,13 +69,22 @@
                            @update:model-value="(v) => onContactInput(i, v)"
                            @remove="removeContact(i)"
                        />
-                        <MalioButton
+                        <div class="flex justify-center gap-3 pt-2">
-                            icon-name="mdi:plus"
+                            <MalioButton
-                            icon-position="left"
+                                variant="tertiary"
-                            button-class="w-auto px-4"
+                                icon-name="mdi:plus"
-                            :label="$t('directory.contacts.add')"
+                                icon-position="left"
-                            @click="addContact"
+                                button-class="w-auto px-4"
-                        />
+                                :label="$t('directory.contacts.add')"
                                @click="addContact"
                            />
                            <MalioButton
                                button-class="w-auto px-6"
                                :label="$t('common.save')"
                                :disabled="savingContacts"
                                @click="saveContacts"
                            />
                        </div>
                    </div>
                </template>
@@ -40,18 +99,27 @@
                            @update:model-value="(v) => onAddressInput(i, v)"
                            @remove="removeAddress(i)"
                        />
-                        <MalioButton
+                        <div class="flex justify-center gap-3 pt-2">
-                            icon-name="mdi:plus"
+                            <MalioButton
-                            icon-position="left"
+                                variant="tertiary"
-                            button-class="w-auto px-4"
+                                icon-name="mdi:plus"
-                            :label="$t('directory.addresses.add')"
+                                icon-position="left"
-                            @click="addAddress"
+                                button-class="w-auto px-4"
-                        />
+                                :label="$t('directory.addresses.add')"
                                @click="addAddress"
                            />
                            <MalioButton
                                button-class="w-auto px-6"
                                :label="$t('common.save')"
                                :disabled="savingAddresses"
                                @click="saveAddresses"
                            />
                        </div>
                    </div>
                </template>
                <template #report>
-                    <CommercialReportTab :owner="owner" :is-admin="true" />
+                    <CommercialReportTab :owner="owner" :can-manage="canManage" />
                </template>
            </MalioTabList>
        </template>
@@ -59,7 +127,7 @@
 </template>
 <script setup lang="ts">
-import type { Prospect } from '~/modules/directory/services/dto/prospect'
+import type { Prospect, ProspectStatus } from '~/modules/directory/services/dto/prospect'
 import { useProspectService } from '~/modules/directory/services/prospects'
 definePageMeta({ middleware: ['admin'] })
@@ -76,31 +144,87 @@ const prospectService = useProspectService()
 const {
    contacts,
    addresses,
    savingContacts,
    savingAddresses,
    onContactInput,
    addContact,
    removeContact,
    saveContacts,
    onAddressInput,
    addAddress,
    removeAddress,
    saveAddresses,
    load,
 } = useDirectoryDetail(owner)
 const { can } = usePermissions()
 const canManage = computed(() => can('directory.prospects.manage'))
 const prospect = ref<Prospect | null>(null)
 const loading = ref(true)
-const activeTab = ref('contact')
+const activeTab = ref('info')
 const tabs = [
    { key: 'info', label: t('directory.tabs.info'), icon: 'mdi:information-outline' },
    { key: 'contact', label: t('directory.tabs.contact'), icon: 'mdi:account-outline' },
    { key: 'address', label: t('directory.tabs.address'), icon: 'mdi:map-marker-outline' },
    { key: 'report', label: t('directory.tabs.report'), icon: 'mdi:file-document-outline' },
 ]
 const statusOptions = [
    { label: t('prospects.status.new'), value: 'new' },
    { label: t('prospects.status.contacted'), value: 'contacted' },
    { label: t('prospects.status.qualified'), value: 'qualified' },
    { label: t('prospects.status.won'), value: 'won' },
    { label: t('prospects.status.lost'), value: 'lost' },
 ]
 // Champs de base de la fiche, édités en mémoire et persistés au clic sur
 // « Enregistrer » (PATCH), comme les onglets Contact/Adresse.
 const info = reactive<{
    name: string
    company: string
    email: string
    phone: string
    status: ProspectStatus
    source: string
    notes: string
 }>({ name: '', company: '', email: '', phone: '', status: 'new', source: '', notes: '' })
 const infoTouched = reactive({ name: false })
 const savingInfo = ref(false)
 async function saveInfo(): Promise<void> {
    infoTouched.name = true
    if (!info.name.trim() || savingInfo.value) return
    savingInfo.value = true
    try {
        prospect.value = await prospectService.update(id, {
            name: info.name.trim(),
            company: info.company.trim() || null,
            email: info.email.trim() || null,
            phone: info.phone.trim() || null,
            status: info.status,
            source: info.source.trim() || null,
            notes: info.notes.trim() || null,
        })
    } finally {
        savingInfo.value = false
    }
 }
 function goBack(): void {
    router.push('/directory')
 }
 onMounted(async () => {
    prospect.value = await prospectService.getById(id)
    info.name = prospect.value.name ?? ''
    info.company = prospect.value.company ?? ''
    info.email = prospect.value.email ?? ''
    info.phone = prospect.value.phone ?? ''
    info.status = prospect.value.status ?? 'new'
    info.source = prospect.value.source ?? ''
    info.notes = prospect.value.notes ?? ''
    await load()
    loading.value = false
 })
@@ -8,6 +8,6 @@ export type Client = {
 export type ClientWrite = {
    name: string
-    email: string | null
+    email?: string | null
-    phone: string | null
+    phone?: string | null
 }
@@ -19,10 +19,10 @@ export type Prospect = {
 export type ProspectWrite = {
    name: string
-    company: string | null
+    company?: string | null
-    email: string | null
+    email?: string | null
-    phone: string | null
+    phone?: string | null
-    status: ProspectStatus
+    status?: ProspectStatus
-    source: string | null
+    source?: string | null
-    notes: string | null
+    notes?: string | null
 }
@@ -27,6 +27,9 @@ sudo docker compose cp app:/var/www/html/public/maintenance.html public/maintena
 echo "==> Running migrations..."
 sudo docker compose exec -T -u www-data app php bin/console doctrine:migrations:migrate --no-interaction
 echo "==> Seeding RBAC system roles (idempotent)..."
 sudo docker compose exec -T -u www-data app php bin/console app:seed-rbac
 echo "==> Syncing RBAC permissions catalog..."
 sudo docker compose exec -T -u www-data app php bin/console app:sync-permissions
@@ -14,7 +14,9 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 */
 final class PermissionVoter extends Voter
 {
-    private const string PATTERN = '/^[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+$/';
+    // Les codes de permission sont au format module.resource.action où chaque
    // segment peut contenir des tirets (ex. project-management, time-tracking).
    private const string PATTERN = '/^[a-z][a-z0-9_-]*(\.[a-z][a-z0-9_-]*)+$/';
    protected function supports(string $attribute, mixed $subject): bool
    {
@@ -23,11 +23,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[Auditable]
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('directory.clients.view') or is_granted('directory.prospects.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('directory.clients.view') or is_granted('directory.prospects.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
    ],
    normalizationContext: ['groups' => ['address:read']],
    denormalizationContext: ['groups' => ['address:write']],
@@ -25,11 +25,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[Auditable]
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('directory.clients.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('directory.clients.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('directory.clients.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('directory.clients.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('directory.clients.manage')"),
    ],
    normalizationContext: ['groups' => ['client:read']],
    denormalizationContext: ['groups' => ['client:write']],
@@ -26,11 +26,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('directory.clients.view') or is_granted('directory.prospects.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('directory.clients.view') or is_granted('directory.prospects.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
    ],
    normalizationContext: ['groups' => ['commercial_report:read']],
    denormalizationContext: ['groups' => ['commercial_report:write']],
@@ -23,11 +23,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[Auditable]
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('directory.clients.view') or is_granted('directory.prospects.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('directory.clients.view') or is_granted('directory.prospects.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
    ],
    normalizationContext: ['groups' => ['contact:read']],
    denormalizationContext: ['groups' => ['contact:write']],
@@ -27,14 +27,14 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[Auditable]
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('directory.prospects.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('directory.prospects.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('directory.prospects.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('directory.prospects.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('directory.prospects.manage')"),
        new Post(
            uriTemplate: '/prospects/{id}/convert',
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('directory.prospects.manage')",
            processor: ConvertProspectProcessor::class,
        ),
    ],
@@ -20,14 +20,14 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('directory.clients.view') or is_granted('directory.prospects.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('directory.clients.view') or is_granted('directory.prospects.view')"),
        new Post(
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')",
            processor: ReportDocumentProcessor::class,
            deserialize: false,
        ),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('directory.clients.manage') or is_granted('directory.prospects.manage')"),
    ],
    normalizationContext: ['groups' => ['report_document:read']],
    denormalizationContext: ['groups' => ['report_document:write']],
@@ -30,18 +30,18 @@ use Symfony\Component\Validator\Constraints as Assert;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.projects.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.projects.view')"),
        new Post(
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('project-management.projects.manage')",
            denormalizationContext: ['groups' => ['project:write', 'project:create']],
        ),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('project-management.projects.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('project-management.projects.manage')"),
        new Post(
            uriTemplate: '/projects/{id}/switch-workflow',
            uriVariables: ['id' => new Link(fromClass: Project::class)],
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('project-management.projects.manage')",
            input: false,
            output: SwitchWorkflowOutput::class,
            normalizationContext: ['groups' => ['switch_workflow:read']],
@@ -33,11 +33,11 @@ use Symfony\Component\Validator\Context\ExecutionContextInterface;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.tasks.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.tasks.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')", processor: TaskNumberProcessor::class),
+        new Post(security: "is_granted('project-management.tasks.manage')", processor: TaskNumberProcessor::class),
-        new Patch(security: "is_granted('ROLE_ADMIN')", processor: TaskCalendarProcessor::class),
+        new Patch(security: "is_granted('project-management.tasks.manage')", processor: TaskCalendarProcessor::class),
-        new Delete(security: "is_granted('ROLE_ADMIN')", processor: TaskCalendarProcessor::class),
+        new Delete(security: "is_granted('project-management.tasks.manage')", processor: TaskCalendarProcessor::class),
    ],
    normalizationContext: ['groups' => ['task:read']],
    denormalizationContext: ['groups' => ['task:write']],
@@ -21,14 +21,14 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')", provider: TaskDocumentProvider::class),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.tasks.view')", provider: TaskDocumentProvider::class),
-        new Get(security: "is_granted('ROLE_USER')", provider: TaskDocumentProvider::class),
+        new Get(security: "is_granted('project-management.tasks.view')", provider: TaskDocumentProvider::class),
        new Post(
-            security: "is_granted('ROLE_ADMIN')",
+            security: "is_granted('project-management.tasks.manage')",
            processor: TaskDocumentProcessor::class,
            deserialize: false,
        ),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('project-management.tasks.manage')"),
    ],
    normalizationContext: ['groups' => ['task_document:read']],
    denormalizationContext: ['groups' => ['task_document:write']],
@@ -16,11 +16,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
    ],
    normalizationContext: ['groups' => ['task_effort:read']],
    denormalizationContext: ['groups' => ['task_effort:write']],
@@ -19,11 +19,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
    ],
    normalizationContext: ['groups' => ['task_group:read']],
    denormalizationContext: ['groups' => ['task_group:write']],
@@ -16,11 +16,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
    ],
    normalizationContext: ['groups' => ['task_priority:read']],
    denormalizationContext: ['groups' => ['task_priority:write']],
@@ -20,11 +20,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
    ],
    normalizationContext: ['groups' => ['task_recurrence:read']],
    denormalizationContext: ['groups' => ['task_recurrence:write']],
@@ -18,11 +18,11 @@ use Symfony\Component\Validator\Constraints as Assert;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
    ],
    normalizationContext: ['groups' => ['task_status:read']],
    denormalizationContext: ['groups' => ['task_status:write']],
@@ -17,11 +17,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
    ],
    normalizationContext: ['groups' => ['task_tag:read']],
    denormalizationContext: ['groups' => ['task_tag:write']],
@@ -21,11 +21,11 @@ use Symfony\Component\Validator\Constraints as Assert;
 #[ApiResource(
    operations: [
-        new GetCollection(paginationEnabled: false, security: "is_granted('ROLE_USER')"),
+        new GetCollection(paginationEnabled: false, security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('project-management.projects.view') or is_granted('project-management.tasks.view')"),
-        new Post(security: "is_granted('ROLE_ADMIN')"),
+        new Post(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN')"),
+        new Patch(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')"),
-        new Delete(security: "is_granted('ROLE_ADMIN')", processor: WorkflowDeleteProcessor::class),
+        new Delete(security: "is_granted('project-management.projects.manage') or is_granted('project-management.tasks.manage')", processor: WorkflowDeleteProcessor::class),
    ],
    normalizationContext: ['groups' => ['workflow:read']],
    denormalizationContext: ['groups' => ['workflow:write']],
@@ -31,13 +31,13 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
    operations: [
-        new GetCollection(security: "is_granted('ROLE_USER')"),
+        new GetCollection(security: "is_granted('time-tracking.entries.view')"),
        new GetCollection(
            name: 'time_entries_range',
            uriTemplate: '/time_entries/range',
            description: 'List time entries for a bounded date range without pagination (used by the time-tracking calendar)',
            paginationEnabled: false,
-            security: "is_granted('ROLE_USER')",
+            security: "is_granted('time-tracking.entries.view')",
        ),
        new GetCollection(
            name: 'active_time_entry',
@@ -45,12 +45,12 @@ use Symfony\Component\Serializer\Attribute\Groups;
            provider: ActiveTimeEntryProvider::class,
            description: 'Get the active timer for the current user',
            paginationEnabled: false,
-            security: "is_granted('ROLE_USER')",
+            security: "is_granted('time-tracking.entries.view')",
        ),
-        new Get(security: "is_granted('ROLE_USER')"),
+        new Get(security: "is_granted('time-tracking.entries.view')"),
-        new Post(security: "is_granted('ROLE_USER')"),
+        new Post(security: "is_granted('time-tracking.entries.manage')"),
-        new Patch(security: "is_granted('ROLE_ADMIN') or object.getUser() == user"),
+        new Patch(security: "is_granted('ROLE_ADMIN') or (is_granted('time-tracking.entries.manage') and object.getUser() == user)"),
-        new Delete(security: "is_granted('ROLE_ADMIN') or object.getUser() == user"),
+        new Delete(security: "is_granted('ROLE_ADMIN') or (is_granted('time-tracking.entries.manage') and object.getUser() == user)"),
    ],
    normalizationContext: ['groups' => ['time_entry:read']],
    denormalizationContext: ['groups' => ['time_entry:write']],
@@ -26,15 +26,13 @@ final class TimeTrackingModule implements ModuleInterface
    /**
     * Permissions RBAC fin du Module TimeTracking (2.1).
     *
     * Additif : alimente le catalogue RBAC. La sécurité des opérations API
     * reste en ROLE_USER (non recâblée ici).
     *
     * @return list<array{code: string, label: string}>
     */
    public static function permissions(): array
    {
        return [
            ['code' => 'time-tracking.entries.view', 'label' => 'Voir les saisies de temps'],
            ['code' => 'time-tracking.entries.manage', 'label' => 'Gérer les saisies de temps'],
            ['code' => 'time-tracking.entries.export', 'label' => 'Exporter les saisies de temps'],
        ];
    }
@@ -0,0 +1,96 @@
 <?php
 declare(strict_types=1);
 namespace App\Shared\Infrastructure\ApiPlatform\Serializer;
 use ApiPlatform\Metadata\IriConverterInterface;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\DenormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
 use Throwable;
 use function array_key_exists;
 use function is_string;
 /**
 * Modular monolith: cross-module relations are typed with a Shared\Domain\Contract
 * interface (e.g. UserInterface, TaskTagInterface) instead of the concrete entity,
 * to keep modules decoupled. Doctrine maps those back to the concrete entity through
 * resolve_target_entities.
 *
 * API Platform denormalizes *single* interface relations fine (the concrete class is
 * derived from the IRI), but blows up on *collections*: the collection value type stays
 * the interface, which is not a registered API resource, so no normalizer supports it
 * and the request fails with NotNormalizableValueException.
 *
 * This denormalizer bridges that gap for every contract interface, reusing Doctrine's
 * resolve_target_entities mapping (no per-entity config):
 *  - a string value is an IRI -> resolved through the IriConverter
 *  - an array value is an embedded object -> denormalized into the concrete entity
 */
 final class ContractRelationDenormalizer implements DenormalizerInterface, DenormalizerAwareInterface
 {
    use DenormalizerAwareTrait;
    private const CONTRACT_NAMESPACE = 'App\Shared\Domain\Contract\\';
    /** @var array<string, ?class-string> */
    private array $resolved = [];
    public function __construct(
        private readonly IriConverterInterface $iriConverter,
        private readonly EntityManagerInterface $entityManager,
    ) {}
    public function supportsDenormalization(mixed $data, string $type, ?string $format = null, array $context = []): bool
    {
        return null !== $this->concreteClassFor($type);
    }
    public function denormalize(mixed $data, string $type, ?string $format = null, array $context = []): ?object
    {
        $concrete = $this->concreteClassFor($type);
        if (null === $concrete) {
            return null;
        }
        if (is_string($data)) {
            return $this->iriConverter->getResourceFromIri($data, $context);
        }
        // Embedded object payload: denormalize into the resolved concrete entity.
        return $this->denormalizer->denormalize($data, $concrete, $format, $context);
    }
    public function getSupportedTypes(?string $format): array
    {
        // Support depends on the runtime-resolved Doctrine mapping, so it cannot be
        // statically cached by the serializer.
        return ['object' => false];
    }
    /**
     * @return ?class-string the concrete entity a contract interface resolves to, or null
     */
    private function concreteClassFor(string $type): ?string
    {
        if (array_key_exists($type, $this->resolved)) {
            return $this->resolved[$type];
        }
        if (!str_starts_with($type, self::CONTRACT_NAMESPACE) || !interface_exists($type)) {
            return $this->resolved[$type] = null;
        }
        try {
            $name = $this->entityManager->getClassMetadata($type)->getName();
        } catch (Throwable) {
            // Not a Doctrine-mapped (resolve_target_entities) interface.
            return $this->resolved[$type] = null;
        }
        return $this->resolved[$type] = ($name !== $type ? $name : null);
    }
 }
@@ -0,0 +1,82 @@
 <?php
 declare(strict_types=1);
 namespace App\Tests\Functional\Module\ProjectManagement;
 use App\Module\Core\Domain\Entity\Permission;
 use App\Module\Core\Domain\Entity\User;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
 /**
 * Vérifie que les ressources métier sont bien gardées par les permissions RBAC
 * granulaires et non plus par le simple ROLE_USER.
 *
 * @internal
 */
 final class ProjectAccessControlTest extends WebTestCase
 {
    public function testAuthenticatedUserWithoutPermissionIsForbidden(): void
    {
        $client = self::createClient();
        $em     = self::getContainer()->get(EntityManagerInterface::class);
        $user = $this->createPlainUser($em, 'proj-noperm-'.uniqid());
        $em->flush();
        $client->loginUser($user);
        $client->request('GET', '/api/projects');
        self::assertResponseStatusCodeSame(403);
    }
    public function testUserWithViewPermissionCanListProjects(): void
    {
        $client = self::createClient();
        $em     = self::getContainer()->get(EntityManagerInterface::class);
        $permission = $em->getRepository(Permission::class)->findOneBy(['code' => 'project-management.projects.view']);
        self::assertInstanceOf(Permission::class, $permission, 'Le catalogue de permissions doit contenir project-management.projects.view (lancer app:sync-permissions).');
        $user = $this->createPlainUser($em, 'proj-view-'.uniqid());
        $user->addDirectPermission($permission);
        $em->flush();
        $client->loginUser($user);
        $client->request('GET', '/api/projects');
        self::assertResponseIsSuccessful();
    }
    public function testViewPermissionDoesNotGrantWrite(): void
    {
        $client = self::createClient();
        $em     = self::getContainer()->get(EntityManagerInterface::class);
        $permission = $em->getRepository(Permission::class)->findOneBy(['code' => 'project-management.projects.view']);
        self::assertInstanceOf(Permission::class, $permission);
        $user = $this->createPlainUser($em, 'proj-noWrite-'.uniqid());
        $user->addDirectPermission($permission);
        $em->flush();
        $client->loginUser($user);
        $client->request('POST', '/api/projects', server: [
            'CONTENT_TYPE' => 'application/ld+json',
        ], content: json_encode(['name' => 'Should be denied']));
        self::assertResponseStatusCodeSame(403);
    }
    private function createPlainUser(EntityManagerInterface $em, string $username): User
    {
        $user = new User();
        $user->setUsername($username);
        $user->setPassword('x');
        $user->setRoles(['ROLE_USER']);
        $em->persist($user);
        return $user;
    }
 }
@@ -0,0 +1,119 @@
 <?php
 declare(strict_types=1);
 namespace App\Tests\Functional\Module\Shared;
 use App\Module\Core\Domain\Entity\User;
 use App\Module\ProjectManagement\Domain\Entity\Project;
 use App\Module\ProjectManagement\Domain\Entity\TaskTag;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\KernelBrowser;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
 /**
 * Regression: cross-module to-many relations are typed with a Shared contract
 * interface (TaskTagInterface[], UserInterface[]). API Platform cannot
 * denormalize a collection whose value type is an interface (no resource
 * normalizer supports it), so every POST/PATCH carrying such a collection
 * blew up with NotNormalizableValueException.
 *
 * @internal
 */
 final class InterfaceCollectionDenormalizationTest extends WebTestCase
 {
    protected function tearDown(): void
    {
        $conn = self::getContainer()->get(EntityManagerInterface::class)->getConnection();
        $conn->executeStatement("DELETE FROM time_entry_task_type WHERE time_entry_id IN (SELECT id FROM time_entry WHERE title = 'iface-denorm-te')");
        $conn->executeStatement("DELETE FROM time_entry WHERE title = 'iface-denorm-te'");
        $conn->executeStatement("DELETE FROM task_collaborator WHERE task_id IN (SELECT id FROM task WHERE title = 'iface-denorm-task')");
        $conn->executeStatement("DELETE FROM task WHERE title = 'iface-denorm-task'");
        parent::tearDown();
    }
    public function testPostTimeEntryWithInterfaceTypedTags(): void
    {
        $client = self::createClient();
        $em     = self::getContainer()->get(EntityManagerInterface::class);
        $this->loginAdmin($client);
        $userId = $this->adminId($em);
        $tagId  = $this->aTaskTagId($em);
        $client->request('POST', '/api/time_entries', server: [
            'CONTENT_TYPE' => 'application/json',
            'HTTP_ACCEPT'  => 'application/json',
        ], content: json_encode([
            'title'     => 'iface-denorm-te',
            'startedAt' => '2026-06-22T10:00:00+02:00',
            'stoppedAt' => '2026-06-22T11:00:00+02:00',
            'user'      => '/api/users/'.$userId,
            'tags'      => ['/api/task_tags/'.$tagId],
        ]));
        self::assertResponseStatusCodeSame(201, $client->getResponse()->getContent() ?: '');
        $data = json_decode($client->getResponse()->getContent(), true);
        self::assertCount(1, $data['tags'] ?? []);
    }
    public function testPostTaskWithInterfaceTypedCollaborators(): void
    {
        $client = self::createClient();
        $em     = self::getContainer()->get(EntityManagerInterface::class);
        $this->loginAdmin($client);
        $userId    = $this->adminId($em);
        $projectId = $this->aProjectId($em);
        $client->request('POST', '/api/tasks', server: [
            'CONTENT_TYPE' => 'application/json',
            'HTTP_ACCEPT'  => 'application/json',
        ], content: json_encode([
            'title'         => 'iface-denorm-task',
            'project'       => '/api/projects/'.$projectId,
            'collaborators' => ['/api/users/'.$userId],
        ]));
        self::assertResponseStatusCodeSame(201, $client->getResponse()->getContent() ?: '');
        $data = json_decode($client->getResponse()->getContent(), true);
        self::assertCount(1, $data['collaborators'] ?? []);
    }
    private function loginAdmin(KernelBrowser $client): void
    {
        $em   = self::getContainer()->get(EntityManagerInterface::class);
        $user = $em->getRepository(User::class)->findOneBy(['username' => 'admin']);
        self::assertInstanceOf(User::class, $user);
        $client->loginUser($user);
    }
    private function adminId(EntityManagerInterface $em): int
    {
        $user = $em->getRepository(User::class)->findOneBy(['username' => 'admin']);
        self::assertInstanceOf(User::class, $user);
        return $user->getId();
    }
    private function aTaskTagId(EntityManagerInterface $em): int
    {
        $tag = $em->getRepository(TaskTag::class)->findOneBy([]);
        if (null === $tag) {
            $tag = new TaskTag();
            $tag->setLabel('iface-denorm-tag');
            $em->persist($tag);
            $em->flush();
        }
        return $tag->getId();
    }
    private function aProjectId(EntityManagerInterface $em): int
    {
        $project = $em->getRepository(Project::class)->findOneBy([]);
        self::assertInstanceOf(Project::class, $project);
        return $project->getId();
    }
 }
Author	SHA1	Message	Date
gitea-actions	b467dbc584	chore: bump version to v0.4.35 Auto Tag Develop / tag (push) Successful in 9s Details Build & Push Docker Image / build (push) Successful in 1m48s Details	2026-06-24 08:13:40 +00:00
matthieu	17a0566f77	Merge pull request 'Directory : onglet Informations éditable + refonte de l'onglet Rapport' (#21 ) from feat/directory-info-tab into develop Auto Tag Develop / tag (push) Successful in 8s Details Reviewed-on: #21	2026-06-24 08:13:32 +00:00
matthieu	68c3e6fbac	Merge branch 'develop' into feat/directory-info-tab Pull Request — Quality gate / Frontend (build) (pull_request) Successful in 41s Details Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Successful in 57s Details	2026-06-24 08:10:10 +00:00
Matthieu	0f14f26fd3	refactor(directory) : gate report actions via RBAC permissions + guard report deletion Pull Request — Quality gate / Frontend (build) (pull_request) Successful in 39s Details Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Successful in 1m0s Details - replace hardcoded ROLE_ADMIN check with usePermissions().can('directory.{clients,prospects}.manage') - rename misleading isAdmin prop to canManage in CommercialReportTab and ReportDocumentList - add busy guard on delete confirmation modal to prevent duplicate DELETE on double-click	2026-06-24 10:06:25 +02:00
Matthieu	80b2fa5ce6	feat(directory) : revamp commercial report tab and polish info tab Pull Request — Quality gate / Frontend (build) (pull_request) Successful in 39s Details Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Successful in 1m31s Details - report tab redesigned as a reverse-chronological timeline with type badges/icons, relative dates and author - add/edit moved to a side drawer; body now uses the rich text editor (MalioInputRichText), displayed read-only as inline prose - delete now asks for confirmation (ConfirmDeleteReportModal) - empty state with CTA and pluralized count - info tab: use v-model, neutral i18n validation key, real admin flag instead of hardcoded true on CommercialReportTab	2026-06-24 09:34:58 +02:00
Matthieu	3fe108d38a	feat(directory) : add editable Information tab on client/prospect detail Add an Information tab (first, active by default) to the client and prospect detail pages so base fields can be edited directly from the record. Client: name/email/phone. Prospect: name/company/status/email/phone/source/notes. Fields are edited in memory and persisted only on explicit save (PATCH), matching the Contact/Address tabs pattern.	2026-06-24 09:07:13 +02:00
gitea-actions	6710c3015e	chore: bump version to v0.4.34 Auto Tag Develop / tag (push) Successful in 9s Details Build & Push Docker Image / build (push) Successful in 53s Details	2026-06-23 15:46:57 +00:00
matthieu	b6dd3ad194	Merge pull request 'RBAC : enforcement des permissions granulaires + suppression client/prospect' (#20 ) from feat/rbac-enforcement into develop Auto Tag Develop / tag (push) Successful in 13s Details Reviewed-on: #20	2026-06-23 15:46:46 +00:00
matthieu	b4062618f7	Merge branch 'develop' into feat/rbac-enforcement Pull Request — Quality gate / Frontend (build) (pull_request) Successful in 40s Details Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Successful in 1m8s Details	2026-06-23 15:46:41 +00:00
Matthieu	3d991f78e5	feat(directory) : add client/prospect deletion from list with confirm modal Pull Request — Quality gate / Frontend (build) (pull_request) Successful in 39s Details Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Successful in 1m35s Details	2026-06-23 17:38:17 +02:00
gitea-actions	3294b0c361	chore: bump version to v0.4.33 Auto Tag Develop / tag (push) Successful in 9s Details Build & Push Docker Image / build (push) Successful in 35s Details	2026-06-23 15:15:20 +00:00
matthieu	46e23874bd	Merge pull request 'fix(rbac) : appliquer les permissions granulaires sur les ressources métier' (#19 ) from feat/rbac-enforcement into develop Auto Tag Develop / tag (push) Successful in 12s Details Reviewed-on: #19	2026-06-23 15:15:07 +00:00
Matthieu	4a7fd46493	fix(rbac) : add dedicated time-tracking.entries.manage permission Pull Request — Quality gate / Frontend (build) (pull_request) Successful in 1m15s Details Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Successful in 2m32s Details La revue de sécurité a relevé que les écritures de TimeEntry (Post/Patch/Delete) étaient gardées par time-tracking.entries.view : une permission de lecture accordait l'écriture (confusion lecture/écriture, least-privilege). - Ajout de la permission time-tracking.entries.manage (catalogue cohérent avec les autres modules en view/manage). - Écritures TimeEntry recâblées sur entries.manage ; self-service conservé (object.getUser() == user). Lecture inchangée (entries.view).	2026-06-23 17:10:58 +02:00
Matthieu	5e3607658a	refactor(directory) : reduce client/prospect forms to company name Pull Request — Quality gate / Frontend (build) (pull_request) Successful in 1m20s Details Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Successful in 4m39s Details Les formulaires d'ajout/édition client et prospect ne conservent que le champ « Nom société ». Les coordonnées (email, téléphone) et les champs prospect (société, statut, source, notes) sont retirés : ils seront gérés via Contact. Le statut prospect prend son défaut New à la création ; DTO assouplis, payload réduit à { name }.	2026-06-23 17:06:04 +02:00
Matthieu	9705b335ef	fix(rbac) : enforce granular permissions on business resources Les ressources métier (ProjectManagement, Directory, TimeTracking) étaient gardées par is_granted('ROLE_USER')/'ROLE_ADMIN', ignorant les permissions RBAC granulaires déclarées par les modules : un utilisateur sans permission voyait quand même projets, tâches, clients, etc. - PermissionVoter : le regex excluait les tirets, donc project-management.* et time-tracking.* n'étaient supportées par aucun voter (refus pour tous, admin compris car le bypass ROLE_ADMIN est interne au voter). Ajout du tiret. - Câblage des permissions .view (lecture) / .manage (écriture) sur les 17 ressources métier. Métadonnées tâches lisibles via projects.view OR tasks.view. Directory partagé client/prospect via clients.* OR prospects.*. TimeEntry conserve le self-service (object.getUser() == user). - Sidebar : gating par permission effective des onglets Projets / Mes tâches / Suivi du temps (config/sidebar.php). - Test fonctionnel ProjectAccessControlTest (0 perm -> 403, view -> 200, view ne donne pas l'écriture -> 403).	2026-06-23 17:05:33 +02:00
gitea-actions	903030afbc	chore: bump version to v0.4.32 Auto Tag Develop / tag (push) Successful in 7s Details Build & Push Docker Image / build (push) Successful in 1m58s Details	2026-06-23 14:25:40 +00:00
matthieu	961b7f56b4	Merge pull request 'Directory : save contacts/adresses au clic, denormalizer interface & seed RBAC au déploiement' (#18 ) from feat/directory-detail-save into develop Auto Tag Develop / tag (push) Successful in 7s Details Reviewed-on: #18	2026-06-23 14:25:33 +00:00
Matthieu	8e00c5f5a8	fix(deploy) : seed RBAC system roles during deployment Pull Request — Quality gate / Frontend (build) (pull_request) Successful in 1m8s Details Pull Request — Quality gate / Backend (PHP CS + PHPUnit) (pull_request) Successful in 1m37s Details deploy.sh only synced the permission catalog; the system roles (admin, user) were never seeded, leaving the admin Roles page empty after a fresh deploy. Add app:seed-rbac (idempotent) to the deploy script, refresh the embedded script in deployment-docker.md, document the RBAC post-deploy step (with the manual fix for an already-deployed prod), and note it in CLAUDE.md.	2026-06-23 16:11:58 +02:00
Matthieu	f2d945b0c3	fix(directory) : persist contacts/addresses on explicit save instead of on blur Hold contact/address block edits in memory and persist them via explicit saveContacts/saveAddresses on click (with saving guards), matching the task forms. Keep immediate deletion. Minor restyle of blocks and action buttons.	2026-06-23 16:04:02 +02:00
Matthieu	610e99eeb9	fix(api) : denormalize interface-typed relation collections Add ContractRelationDenormalizer to resolve IRIs for collections typed against an interface (Contract), fixing POST/PATCH 400 errors. Cover it with InterfaceCollectionDenormalizationTest.	2026-06-23 16:03:32 +02:00
gitea-actions	932fccf75f	chore: bump version to v0.4.31 Auto Tag Develop / tag (push) Successful in 8s Details Build & Push Docker Image / build (push) Successful in 2m48s Details	2026-06-23 13:50:52 +00:00
matthieu	8313c759c6	Migration modular monolith DDD (0.1 → 3.3) (#17 ) Auto Tag Develop / tag (push) Successful in 9s Details ## Migration modular monolith DDD — Lesstime (0.1 → 3.3) Cette MR regroupe l'intégralité de la refonte en monolithe modulaire (strangler progressif, additif). Elle remplace les MR stackées de Phase 1 (#12–#16), désormais incluses ici. Ne pas merger avant validation fonctionnelle : branche destinée à être testée telle quelle. ### Périmètre — 9 modules sous `src/Module/` \| Phase \| Module \| Contenu \| \|------\|--------\|---------\| \| 0.1 \| (socle) \| infrastructure modulaire, `ModuleInterface`, mapping Doctrine par module \| \| 0.2 \| (socle front) \| auto-détection des layers Nuxt sous `frontend/modules/` \| \| 1.1 \| Core* \| Identité (User/Auth), Notifications, Notifier \| \| 1.2 \| Core \| RBAC fin (permissions `module.resource.action`, sidebar gated) \| \| 1.3 \| Core \| Audit log (`#[Auditable]`, listener, provider DBAL) \| \| 2.1 \| TimeTracking \| TimeEntry + MCP + export \| \| 2.2 \| ProjectManagement \| cœur métier Projets/Tâches + 38 MCP tools \| \| 2.3 \| Absence \| demandes, soldes, policies, justificatifs \| \| 2.4 \| Directory \| Clients (migrés) + Prospects (nouveau, conversion → Client) \| \| 2.5 \| Mail \| intégration IMAP OVH + liens tâches \| \| 2.6 \| Integration \| Gitea / BookStack / Zimbra / Share \| \| 3.1 \| Reporting \| rapports transverses (DBAL read-only, 0 import inter-module) \| \| 3.2 \| ClientPortal \| portail client (ROLE_CLIENT cloisonné, tickets, notifications) \| \| 3.3 \| (finition) \| nettoyage legacy — `src/Entity` vide, app 100% modulaire \| ### Architecture - Découplage inter-modules par contrats (`UserInterface`, `ProjectInterface`, `TaskInterface`, `TaskTagInterface`, `ClientInterface`, `ClientTicketInterface`, `LeaveProfileInterface`) + `resolve_target_entities` 100% modulaire (aucune cible legacy). - Repositories : interface `Domain/Repository` + implémentation `Infrastructure/Doctrine`, bindées. - Reporting en DBAL read-only pur (aucun import d'entité d'un autre module). - Chaque migration de module : déplacement à comportement préservé (API publique et noms d'outils MCP inchangés), migrations additives uniquement (zéro destructif). ### Sécurité - ROLE_CLIENT cloisonné : un utilisateur client n'accède qu'à `/portal` et à ses propres tickets (filtrés par `allowedProjects`), interdit sur toute l'API interne. - Correctif : interdiction pour un client de créer un lien vers le partage SMB (upload uniquement). ### QA non-régression (branche reconstruite from scratch) - Migrations from scratch + fixtures : OK. - Compilation dev + prod : OK. - 180 tests PHPUnit verts, php-cs-fixer clean, ~96 routes, 66 outils MCP tous sous `App\Module\`. - Smoke test runtime multi-rôles (admin / ROLE_USER / ROLE_CLIENT) : 44 vérifications HTTP, 0 écart, cloisonnement client étanche. - Build Nuxt OK, 9 layers, 0 import legacy résiduel. ### Points à arbitrer (hors périmètre de cette migration) - Durcissement MCP/IDOR pré-existant (`userId` explicite sans scoping sur certains tools TimeTracking/Absence/TaskDocument) — ticket dédié recommandé. - Validation fonctionnelle de Prospect* et ClientPortal (conçus depuis les specs disque). - Harmonisation visuelle Malio finale (3.3) — finition esthétique inter-modules laissée au PO. --- ## ⚠️ Déploiement / migration des données — à ne pas oublier ### 1. Resynchroniser les séquences PostgreSQL après tout import/restore de dump Si la prod (ou tout environnement) est montée depuis un dump (`pg_restore` / `COPY`), les lignes sont chargées avec leurs `id` explicites sans avancer les séquences → au premier `INSERT` : `duplicate key value violates unique constraint "..._pkey"` (constaté en local sur `notification`, `task`, `time_entry`…). À lancer juste après chaque restore/import : ```sql DO $$ DECLARE r RECORD; maxid BIGINT; seq TEXT; BEGIN FOR r IN SELECT table_name, column_name FROM information_schema.columns WHERE table_schema='public' LOOP seq := pg_get_serial_sequence(quote_ident(r.table_name), r.column_name); IF seq IS NOT NULL THEN EXECUTE format('SELECT COALESCE(MAX(%I),0) FROM %I', r.column_name, r.table_name) INTO maxid; PERFORM setval(seq, GREATEST(maxid,1), maxid > 0); END IF; END LOOP; END $$; ``` > Ne concerne pas une prod qui tourne déjà (séquences avancées organiquement) — uniquement le cas restore/import. Idempotent, sans risque. ### 2. Fix dénormalisation des collections typées-contrat (code, inclus dans la branche) Les relations to-many typées par une interface `Shared\Domain\Contract\` (`TimeEntry::tags` → `TaskTagInterface`, `Task::collaborators` → `UserInterface`) étaient indénormalisables par API Platform* (mono-valué OK via IRI, collection KO) → tout POST/PATCH portant une telle collection renvoyait 400/500. Corrigé par un dénormaliseur générique `ContractRelationDenormalizer` (réutilise `resolve_target_entities`, zéro couplage par-entité) + test fonctionnel de non-régression. --------- Co-authored-by: Matthieu <contact@malio.fr> Reviewed-on: #17	2026-06-23 13:50:42 +00:00
`@@ -1,2 +1,2 @@`
	`parameters:`	`parameters:`
	`app.version: '0.4.30'`	`app.version: '0.4.35'`