MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 32 Wiki Activity

Compare commits

base: MALIO-DEV/Lesstime:v0.4.51
Branches Tags
MALIO-DEV/Lesstime:develop MALIO-DEV/Lesstime:fix/rbac-integration-gating MALIO-DEV/Lesstime:fix/rbac-default-user-role MALIO-DEV/Lesstime:feat/sentry-backend-error-logs MALIO-DEV/Lesstime:fix/user-soft-delete-orphan-references MALIO-DEV/Lesstime:fix/project-creation-workflow MALIO-DEV/Lesstime:feat/mcp-directory-prestataire-contact-address-report MALIO-DEV/Lesstime:feat/directory-prestataire MALIO-DEV/Lesstime:fix/absence-cp-carryover MALIO-DEV/Lesstime:feat/directory-info-tab MALIO-DEV/Lesstime:feat/rbac-enforcement MALIO-DEV/Lesstime:feat/directory-detail-save MALIO-DEV/Lesstime:integration/modular-monolith-0.1-1.3 MALIO-DEV/Lesstime:feat/lst-61-audit-log MALIO-DEV/Lesstime:feat/lst-57-rbac-fin MALIO-DEV/Lesstime:feat/lst-63-module-core MALIO-DEV/Lesstime:feat/lst-62-socle-front MALIO-DEV/Lesstime:feat/lst-56-socle-back MALIO-DEV/Lesstime:feat/task-notifications MALIO-DEV/Lesstime:fix/lst-52-pagination-audit MALIO-DEV/Lesstime:feat/absence-management MALIO-DEV/Lesstime:main
MALIO-DEV/Lesstime:v0.4.54 MALIO-DEV/Lesstime:v0.4.53 MALIO-DEV/Lesstime:v0.4.52 MALIO-DEV/Lesstime:v0.4.51 MALIO-DEV/Lesstime:v0.4.50 MALIO-DEV/Lesstime:v0.4.49 MALIO-DEV/Lesstime:v0.4.48 MALIO-DEV/Lesstime:v0.4.47 MALIO-DEV/Lesstime:v0.4.46 MALIO-DEV/Lesstime:v0.4.45 MALIO-DEV/Lesstime:v0.4.44 MALIO-DEV/Lesstime:v0.4.43 MALIO-DEV/Lesstime:v0.4.42 MALIO-DEV/Lesstime:v0.4.41 MALIO-DEV/Lesstime:v0.4.40 MALIO-DEV/Lesstime:v0.4.39 MALIO-DEV/Lesstime:v0.4.38 MALIO-DEV/Lesstime:v0.4.37 MALIO-DEV/Lesstime:v0.4.36 MALIO-DEV/Lesstime:v0.4.35 MALIO-DEV/Lesstime:v0.4.34 MALIO-DEV/Lesstime:v0.4.33 MALIO-DEV/Lesstime:v0.4.32 MALIO-DEV/Lesstime:v0.4.31 MALIO-DEV/Lesstime:v0.4.30 MALIO-DEV/Lesstime:v0.4.29 MALIO-DEV/Lesstime:v0.4.28 MALIO-DEV/Lesstime:v0.4.27 MALIO-DEV/Lesstime:v0.4.26 MALIO-DEV/Lesstime:v0.4.25 MALIO-DEV/Lesstime:v0.4.24 MALIO-DEV/Lesstime:v0.4.23 MALIO-DEV/Lesstime:v0.4.22 MALIO-DEV/Lesstime:v0.4.21 MALIO-DEV/Lesstime:v0.4.20 MALIO-DEV/Lesstime:v0.4.19 MALIO-DEV/Lesstime:v0.4.18 MALIO-DEV/Lesstime:v0.4.17 MALIO-DEV/Lesstime:v0.4.16 MALIO-DEV/Lesstime:v0.4.15 MALIO-DEV/Lesstime:v0.4.14 MALIO-DEV/Lesstime:v0.4.13 MALIO-DEV/Lesstime:v0.4.12 MALIO-DEV/Lesstime:v0.4.11 MALIO-DEV/Lesstime:v0.4.10 MALIO-DEV/Lesstime:v0.4.9 MALIO-DEV/Lesstime:v0.4.8 MALIO-DEV/Lesstime:v0.4.7 MALIO-DEV/Lesstime:v0.4.6 MALIO-DEV/Lesstime:v0.4.5 MALIO-DEV/Lesstime:v0.4.4 MALIO-DEV/Lesstime:v0.4.3 MALIO-DEV/Lesstime:v0.4.2 MALIO-DEV/Lesstime:v0.4.1 MALIO-DEV/Lesstime:v0.4.0 MALIO-DEV/Lesstime:v0.3.34 MALIO-DEV/Lesstime:v0.3.33 MALIO-DEV/Lesstime:v0.3.32 MALIO-DEV/Lesstime:v0.3.31 MALIO-DEV/Lesstime:v0.3.30 MALIO-DEV/Lesstime:v0.3.29 MALIO-DEV/Lesstime:v0.3.28 MALIO-DEV/Lesstime:v0.3.27 MALIO-DEV/Lesstime:v0.3.26 MALIO-DEV/Lesstime:v0.3.25 MALIO-DEV/Lesstime:v0.3.24 MALIO-DEV/Lesstime:v0.3.23 MALIO-DEV/Lesstime:v0.3.22 MALIO-DEV/Lesstime:v0.3.21 MALIO-DEV/Lesstime:v0.3.20 MALIO-DEV/Lesstime:v0.3.19 MALIO-DEV/Lesstime:v0.3.18 MALIO-DEV/Lesstime:v0.3.17 MALIO-DEV/Lesstime:v0.3.16 MALIO-DEV/Lesstime:v0.3.15 MALIO-DEV/Lesstime:v0.3.14 MALIO-DEV/Lesstime:v0.3.13 MALIO-DEV/Lesstime:v0.3.12 MALIO-DEV/Lesstime:v0.3.11 MALIO-DEV/Lesstime:v0.3.10 MALIO-DEV/Lesstime:v0.3.9 MALIO-DEV/Lesstime:v0.3.8 MALIO-DEV/Lesstime:v0.3.7 MALIO-DEV/Lesstime:v0.3.6 MALIO-DEV/Lesstime:v0.3.5 MALIO-DEV/Lesstime:v0.3.4 MALIO-DEV/Lesstime:v0.3.3 MALIO-DEV/Lesstime:v0.3.2 MALIO-DEV/Lesstime:v0.3.1 MALIO-DEV/Lesstime:v0.3.0 MALIO-DEV/Lesstime:v0.2.10 MALIO-DEV/Lesstime:v0.2.9 MALIO-DEV/Lesstime:v0.2.8 MALIO-DEV/Lesstime:v0.2.7 MALIO-DEV/Lesstime:v0.2.6 MALIO-DEV/Lesstime:v0.2.5 MALIO-DEV/Lesstime:v0.2.4 MALIO-DEV/Lesstime:v0.2.3 MALIO-DEV/Lesstime:v0.2.2 MALIO-DEV/Lesstime:v0.2.1 MALIO-DEV/Lesstime:v0.2.0 MALIO-DEV/Lesstime:v0.1.2 MALIO-DEV/Lesstime:v0.1.1 MALIO-DEV/Lesstime:v0.1.0
..
compare: MALIO-DEV/Lesstime:fix/rbac-default-user-role
Branches Tags
MALIO-DEV/Lesstime:develop MALIO-DEV/Lesstime:fix/rbac-integration-gating MALIO-DEV/Lesstime:fix/rbac-default-user-role MALIO-DEV/Lesstime:feat/sentry-backend-error-logs MALIO-DEV/Lesstime:fix/user-soft-delete-orphan-references MALIO-DEV/Lesstime:fix/project-creation-workflow MALIO-DEV/Lesstime:feat/mcp-directory-prestataire-contact-address-report MALIO-DEV/Lesstime:feat/directory-prestataire MALIO-DEV/Lesstime:fix/absence-cp-carryover MALIO-DEV/Lesstime:feat/directory-info-tab MALIO-DEV/Lesstime:feat/rbac-enforcement MALIO-DEV/Lesstime:feat/directory-detail-save MALIO-DEV/Lesstime:integration/modular-monolith-0.1-1.3 MALIO-DEV/Lesstime:feat/lst-61-audit-log MALIO-DEV/Lesstime:feat/lst-57-rbac-fin MALIO-DEV/Lesstime:feat/lst-63-module-core MALIO-DEV/Lesstime:feat/lst-62-socle-front MALIO-DEV/Lesstime:feat/lst-56-socle-back MALIO-DEV/Lesstime:feat/task-notifications MALIO-DEV/Lesstime:fix/lst-52-pagination-audit MALIO-DEV/Lesstime:feat/absence-management MALIO-DEV/Lesstime:main
MALIO-DEV/Lesstime:v0.4.54 MALIO-DEV/Lesstime:v0.4.53 MALIO-DEV/Lesstime:v0.4.52 MALIO-DEV/Lesstime:v0.4.51 MALIO-DEV/Lesstime:v0.4.50 MALIO-DEV/Lesstime:v0.4.49 MALIO-DEV/Lesstime:v0.4.48 MALIO-DEV/Lesstime:v0.4.47 MALIO-DEV/Lesstime:v0.4.46 MALIO-DEV/Lesstime:v0.4.45 MALIO-DEV/Lesstime:v0.4.44 MALIO-DEV/Lesstime:v0.4.43 MALIO-DEV/Lesstime:v0.4.42 MALIO-DEV/Lesstime:v0.4.41 MALIO-DEV/Lesstime:v0.4.40 MALIO-DEV/Lesstime:v0.4.39 MALIO-DEV/Lesstime:v0.4.38 MALIO-DEV/Lesstime:v0.4.37 MALIO-DEV/Lesstime:v0.4.36 MALIO-DEV/Lesstime:v0.4.35 MALIO-DEV/Lesstime:v0.4.34 MALIO-DEV/Lesstime:v0.4.33 MALIO-DEV/Lesstime:v0.4.32 MALIO-DEV/Lesstime:v0.4.31 MALIO-DEV/Lesstime:v0.4.30 MALIO-DEV/Lesstime:v0.4.29 MALIO-DEV/Lesstime:v0.4.28 MALIO-DEV/Lesstime:v0.4.27 MALIO-DEV/Lesstime:v0.4.26 MALIO-DEV/Lesstime:v0.4.25 MALIO-DEV/Lesstime:v0.4.24 MALIO-DEV/Lesstime:v0.4.23 MALIO-DEV/Lesstime:v0.4.22 MALIO-DEV/Lesstime:v0.4.21 MALIO-DEV/Lesstime:v0.4.20 MALIO-DEV/Lesstime:v0.4.19 MALIO-DEV/Lesstime:v0.4.18 MALIO-DEV/Lesstime:v0.4.17 MALIO-DEV/Lesstime:v0.4.16 MALIO-DEV/Lesstime:v0.4.15 MALIO-DEV/Lesstime:v0.4.14 MALIO-DEV/Lesstime:v0.4.13 MALIO-DEV/Lesstime:v0.4.12 MALIO-DEV/Lesstime:v0.4.11 MALIO-DEV/Lesstime:v0.4.10 MALIO-DEV/Lesstime:v0.4.9 MALIO-DEV/Lesstime:v0.4.8 MALIO-DEV/Lesstime:v0.4.7 MALIO-DEV/Lesstime:v0.4.6 MALIO-DEV/Lesstime:v0.4.5 MALIO-DEV/Lesstime:v0.4.4 MALIO-DEV/Lesstime:v0.4.3 MALIO-DEV/Lesstime:v0.4.2 MALIO-DEV/Lesstime:v0.4.1 MALIO-DEV/Lesstime:v0.4.0 MALIO-DEV/Lesstime:v0.3.34 MALIO-DEV/Lesstime:v0.3.33 MALIO-DEV/Lesstime:v0.3.32 MALIO-DEV/Lesstime:v0.3.31 MALIO-DEV/Lesstime:v0.3.30 MALIO-DEV/Lesstime:v0.3.29 MALIO-DEV/Lesstime:v0.3.28 MALIO-DEV/Lesstime:v0.3.27 MALIO-DEV/Lesstime:v0.3.26 MALIO-DEV/Lesstime:v0.3.25 MALIO-DEV/Lesstime:v0.3.24 MALIO-DEV/Lesstime:v0.3.23 MALIO-DEV/Lesstime:v0.3.22 MALIO-DEV/Lesstime:v0.3.21 MALIO-DEV/Lesstime:v0.3.20 MALIO-DEV/Lesstime:v0.3.19 MALIO-DEV/Lesstime:v0.3.18 MALIO-DEV/Lesstime:v0.3.17 MALIO-DEV/Lesstime:v0.3.16 MALIO-DEV/Lesstime:v0.3.15 MALIO-DEV/Lesstime:v0.3.14 MALIO-DEV/Lesstime:v0.3.13 MALIO-DEV/Lesstime:v0.3.12 MALIO-DEV/Lesstime:v0.3.11 MALIO-DEV/Lesstime:v0.3.10 MALIO-DEV/Lesstime:v0.3.9 MALIO-DEV/Lesstime:v0.3.8 MALIO-DEV/Lesstime:v0.3.7 MALIO-DEV/Lesstime:v0.3.6 MALIO-DEV/Lesstime:v0.3.5 MALIO-DEV/Lesstime:v0.3.4 MALIO-DEV/Lesstime:v0.3.3 MALIO-DEV/Lesstime:v0.3.2 MALIO-DEV/Lesstime:v0.3.1 MALIO-DEV/Lesstime:v0.3.0 MALIO-DEV/Lesstime:v0.2.10 MALIO-DEV/Lesstime:v0.2.9 MALIO-DEV/Lesstime:v0.2.8 MALIO-DEV/Lesstime:v0.2.7 MALIO-DEV/Lesstime:v0.2.6 MALIO-DEV/Lesstime:v0.2.5 MALIO-DEV/Lesstime:v0.2.4 MALIO-DEV/Lesstime:v0.2.3 MALIO-DEV/Lesstime:v0.2.2 MALIO-DEV/Lesstime:v0.2.1 MALIO-DEV/Lesstime:v0.2.0 MALIO-DEV/Lesstime:v0.1.2 MALIO-DEV/Lesstime:v0.1.1 MALIO-DEV/Lesstime:v0.1.0

2 Commits
v0.4.51 .. fix/rbac-default-user-role

Author SHA1 Message Date
Matthieu 01856b147c fix(rbac) : gate les listes Gitea/BookStack par projects.manage (et non ROLE_USER) 
Suite à la revue de sécurité : ROLE_ADMIN était trop strict (les ressources
sœurs sont en ROLE_USER) mais ROLE_USER brut est trop permissif — ces endpoints
listent TOUS les dépôts/étagères visibles par le token d'intégration global, sans
filtrage par utilisateur. Comme ils ne sont consommés que par le ProjectDrawer
(configuration du dépôt/étagère d'un projet), on les gate sur la permission métier
project-management.projects.manage. Les admins conservent l'accès via le bypass
ROLE_ADMIN du PermissionVoter.
 2026-06-29 11:23:56 +02:00
Matthieu 4a1d611d3c fix(rbac) : ouvre la liste des repos Gitea et des étagères BookStack aux ROLE_USER 
GiteaRepository (/gitea/repositories) et BookStackShelf (/bookstack/shelves)
étaient gardés par ROLE_ADMIN alors que toutes leurs ressources sœurs (branches,
pull requests, recherche, liens) sont en ROLE_USER. Un utilisateur non-admin
pouvait donc consommer les sous-ressources mais récupérait un 403 en listant les
dépôts / étagères racines. Aligné sur ROLE_USER (les *Settings et *TestConnection
restent ROLE_ADMIN : configuration réservée à l'admin).
 2026-06-29 11:19:12 +02:00
1 changed files with 1 additions and 1 deletions
Expand all files Collapse all files
config/version.yaml
+1 -1
View File
@@ -1,2 +1,2 @@
parameters: parameters:
app.version: '0.4.51' app.version: '0.4.49'