MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 32 Wiki Activity

Compare commits

base: MALIO-DEV/Lesstime:v0.4.53
Branches Tags
MALIO-DEV/Lesstime:develop MALIO-DEV/Lesstime:fix/rbac-integration-gating MALIO-DEV/Lesstime:fix/rbac-default-user-role MALIO-DEV/Lesstime:feat/sentry-backend-error-logs MALIO-DEV/Lesstime:fix/user-soft-delete-orphan-references MALIO-DEV/Lesstime:fix/project-creation-workflow MALIO-DEV/Lesstime:feat/mcp-directory-prestataire-contact-address-report MALIO-DEV/Lesstime:feat/directory-prestataire MALIO-DEV/Lesstime:fix/absence-cp-carryover MALIO-DEV/Lesstime:feat/directory-info-tab MALIO-DEV/Lesstime:feat/rbac-enforcement MALIO-DEV/Lesstime:feat/directory-detail-save MALIO-DEV/Lesstime:integration/modular-monolith-0.1-1.3 MALIO-DEV/Lesstime:feat/lst-61-audit-log MALIO-DEV/Lesstime:feat/lst-57-rbac-fin MALIO-DEV/Lesstime:feat/lst-63-module-core MALIO-DEV/Lesstime:feat/lst-62-socle-front MALIO-DEV/Lesstime:feat/lst-56-socle-back MALIO-DEV/Lesstime:feat/task-notifications MALIO-DEV/Lesstime:fix/lst-52-pagination-audit MALIO-DEV/Lesstime:feat/absence-management MALIO-DEV/Lesstime:main
MALIO-DEV/Lesstime:v0.4.54 MALIO-DEV/Lesstime:v0.4.53 MALIO-DEV/Lesstime:v0.4.52 MALIO-DEV/Lesstime:v0.4.51 MALIO-DEV/Lesstime:v0.4.50 MALIO-DEV/Lesstime:v0.4.49 MALIO-DEV/Lesstime:v0.4.48 MALIO-DEV/Lesstime:v0.4.47 MALIO-DEV/Lesstime:v0.4.46 MALIO-DEV/Lesstime:v0.4.45 MALIO-DEV/Lesstime:v0.4.44 MALIO-DEV/Lesstime:v0.4.43 MALIO-DEV/Lesstime:v0.4.42 MALIO-DEV/Lesstime:v0.4.41 MALIO-DEV/Lesstime:v0.4.40 MALIO-DEV/Lesstime:v0.4.39 MALIO-DEV/Lesstime:v0.4.38 MALIO-DEV/Lesstime:v0.4.37 MALIO-DEV/Lesstime:v0.4.36 MALIO-DEV/Lesstime:v0.4.35 MALIO-DEV/Lesstime:v0.4.34 MALIO-DEV/Lesstime:v0.4.33 MALIO-DEV/Lesstime:v0.4.32 MALIO-DEV/Lesstime:v0.4.31 MALIO-DEV/Lesstime:v0.4.30 MALIO-DEV/Lesstime:v0.4.29 MALIO-DEV/Lesstime:v0.4.28 MALIO-DEV/Lesstime:v0.4.27 MALIO-DEV/Lesstime:v0.4.26 MALIO-DEV/Lesstime:v0.4.25 MALIO-DEV/Lesstime:v0.4.24 MALIO-DEV/Lesstime:v0.4.23 MALIO-DEV/Lesstime:v0.4.22 MALIO-DEV/Lesstime:v0.4.21 MALIO-DEV/Lesstime:v0.4.20 MALIO-DEV/Lesstime:v0.4.19 MALIO-DEV/Lesstime:v0.4.18 MALIO-DEV/Lesstime:v0.4.17 MALIO-DEV/Lesstime:v0.4.16 MALIO-DEV/Lesstime:v0.4.15 MALIO-DEV/Lesstime:v0.4.14 MALIO-DEV/Lesstime:v0.4.13 MALIO-DEV/Lesstime:v0.4.12 MALIO-DEV/Lesstime:v0.4.11 MALIO-DEV/Lesstime:v0.4.10 MALIO-DEV/Lesstime:v0.4.9 MALIO-DEV/Lesstime:v0.4.8 MALIO-DEV/Lesstime:v0.4.7 MALIO-DEV/Lesstime:v0.4.6 MALIO-DEV/Lesstime:v0.4.5 MALIO-DEV/Lesstime:v0.4.4 MALIO-DEV/Lesstime:v0.4.3 MALIO-DEV/Lesstime:v0.4.2 MALIO-DEV/Lesstime:v0.4.1 MALIO-DEV/Lesstime:v0.4.0 MALIO-DEV/Lesstime:v0.3.34 MALIO-DEV/Lesstime:v0.3.33 MALIO-DEV/Lesstime:v0.3.32 MALIO-DEV/Lesstime:v0.3.31 MALIO-DEV/Lesstime:v0.3.30 MALIO-DEV/Lesstime:v0.3.29 MALIO-DEV/Lesstime:v0.3.28 MALIO-DEV/Lesstime:v0.3.27 MALIO-DEV/Lesstime:v0.3.26 MALIO-DEV/Lesstime:v0.3.25 MALIO-DEV/Lesstime:v0.3.24 MALIO-DEV/Lesstime:v0.3.23 MALIO-DEV/Lesstime:v0.3.22 MALIO-DEV/Lesstime:v0.3.21 MALIO-DEV/Lesstime:v0.3.20 MALIO-DEV/Lesstime:v0.3.19 MALIO-DEV/Lesstime:v0.3.18 MALIO-DEV/Lesstime:v0.3.17 MALIO-DEV/Lesstime:v0.3.16 MALIO-DEV/Lesstime:v0.3.15 MALIO-DEV/Lesstime:v0.3.14 MALIO-DEV/Lesstime:v0.3.13 MALIO-DEV/Lesstime:v0.3.12 MALIO-DEV/Lesstime:v0.3.11 MALIO-DEV/Lesstime:v0.3.10 MALIO-DEV/Lesstime:v0.3.9 MALIO-DEV/Lesstime:v0.3.8 MALIO-DEV/Lesstime:v0.3.7 MALIO-DEV/Lesstime:v0.3.6 MALIO-DEV/Lesstime:v0.3.5 MALIO-DEV/Lesstime:v0.3.4 MALIO-DEV/Lesstime:v0.3.3 MALIO-DEV/Lesstime:v0.3.2 MALIO-DEV/Lesstime:v0.3.1 MALIO-DEV/Lesstime:v0.3.0 MALIO-DEV/Lesstime:v0.2.10 MALIO-DEV/Lesstime:v0.2.9 MALIO-DEV/Lesstime:v0.2.8 MALIO-DEV/Lesstime:v0.2.7 MALIO-DEV/Lesstime:v0.2.6 MALIO-DEV/Lesstime:v0.2.5 MALIO-DEV/Lesstime:v0.2.4 MALIO-DEV/Lesstime:v0.2.3 MALIO-DEV/Lesstime:v0.2.2 MALIO-DEV/Lesstime:v0.2.1 MALIO-DEV/Lesstime:v0.2.0 MALIO-DEV/Lesstime:v0.1.2 MALIO-DEV/Lesstime:v0.1.1 MALIO-DEV/Lesstime:v0.1.0
..
compare: MALIO-DEV/Lesstime:fix/rbac-default-user-role
Branches Tags
MALIO-DEV/Lesstime:develop MALIO-DEV/Lesstime:fix/rbac-integration-gating MALIO-DEV/Lesstime:fix/rbac-default-user-role MALIO-DEV/Lesstime:feat/sentry-backend-error-logs MALIO-DEV/Lesstime:fix/user-soft-delete-orphan-references MALIO-DEV/Lesstime:fix/project-creation-workflow MALIO-DEV/Lesstime:feat/mcp-directory-prestataire-contact-address-report MALIO-DEV/Lesstime:feat/directory-prestataire MALIO-DEV/Lesstime:fix/absence-cp-carryover MALIO-DEV/Lesstime:feat/directory-info-tab MALIO-DEV/Lesstime:feat/rbac-enforcement MALIO-DEV/Lesstime:feat/directory-detail-save MALIO-DEV/Lesstime:integration/modular-monolith-0.1-1.3 MALIO-DEV/Lesstime:feat/lst-61-audit-log MALIO-DEV/Lesstime:feat/lst-57-rbac-fin MALIO-DEV/Lesstime:feat/lst-63-module-core MALIO-DEV/Lesstime:feat/lst-62-socle-front MALIO-DEV/Lesstime:feat/lst-56-socle-back MALIO-DEV/Lesstime:feat/task-notifications MALIO-DEV/Lesstime:fix/lst-52-pagination-audit MALIO-DEV/Lesstime:feat/absence-management MALIO-DEV/Lesstime:main
MALIO-DEV/Lesstime:v0.4.54 MALIO-DEV/Lesstime:v0.4.53 MALIO-DEV/Lesstime:v0.4.52 MALIO-DEV/Lesstime:v0.4.51 MALIO-DEV/Lesstime:v0.4.50 MALIO-DEV/Lesstime:v0.4.49 MALIO-DEV/Lesstime:v0.4.48 MALIO-DEV/Lesstime:v0.4.47 MALIO-DEV/Lesstime:v0.4.46 MALIO-DEV/Lesstime:v0.4.45 MALIO-DEV/Lesstime:v0.4.44 MALIO-DEV/Lesstime:v0.4.43 MALIO-DEV/Lesstime:v0.4.42 MALIO-DEV/Lesstime:v0.4.41 MALIO-DEV/Lesstime:v0.4.40 MALIO-DEV/Lesstime:v0.4.39 MALIO-DEV/Lesstime:v0.4.38 MALIO-DEV/Lesstime:v0.4.37 MALIO-DEV/Lesstime:v0.4.36 MALIO-DEV/Lesstime:v0.4.35 MALIO-DEV/Lesstime:v0.4.34 MALIO-DEV/Lesstime:v0.4.33 MALIO-DEV/Lesstime:v0.4.32 MALIO-DEV/Lesstime:v0.4.31 MALIO-DEV/Lesstime:v0.4.30 MALIO-DEV/Lesstime:v0.4.29 MALIO-DEV/Lesstime:v0.4.28 MALIO-DEV/Lesstime:v0.4.27 MALIO-DEV/Lesstime:v0.4.26 MALIO-DEV/Lesstime:v0.4.25 MALIO-DEV/Lesstime:v0.4.24 MALIO-DEV/Lesstime:v0.4.23 MALIO-DEV/Lesstime:v0.4.22 MALIO-DEV/Lesstime:v0.4.21 MALIO-DEV/Lesstime:v0.4.20 MALIO-DEV/Lesstime:v0.4.19 MALIO-DEV/Lesstime:v0.4.18 MALIO-DEV/Lesstime:v0.4.17 MALIO-DEV/Lesstime:v0.4.16 MALIO-DEV/Lesstime:v0.4.15 MALIO-DEV/Lesstime:v0.4.14 MALIO-DEV/Lesstime:v0.4.13 MALIO-DEV/Lesstime:v0.4.12 MALIO-DEV/Lesstime:v0.4.11 MALIO-DEV/Lesstime:v0.4.10 MALIO-DEV/Lesstime:v0.4.9 MALIO-DEV/Lesstime:v0.4.8 MALIO-DEV/Lesstime:v0.4.7 MALIO-DEV/Lesstime:v0.4.6 MALIO-DEV/Lesstime:v0.4.5 MALIO-DEV/Lesstime:v0.4.4 MALIO-DEV/Lesstime:v0.4.3 MALIO-DEV/Lesstime:v0.4.2 MALIO-DEV/Lesstime:v0.4.1 MALIO-DEV/Lesstime:v0.4.0 MALIO-DEV/Lesstime:v0.3.34 MALIO-DEV/Lesstime:v0.3.33 MALIO-DEV/Lesstime:v0.3.32 MALIO-DEV/Lesstime:v0.3.31 MALIO-DEV/Lesstime:v0.3.30 MALIO-DEV/Lesstime:v0.3.29 MALIO-DEV/Lesstime:v0.3.28 MALIO-DEV/Lesstime:v0.3.27 MALIO-DEV/Lesstime:v0.3.26 MALIO-DEV/Lesstime:v0.3.25 MALIO-DEV/Lesstime:v0.3.24 MALIO-DEV/Lesstime:v0.3.23 MALIO-DEV/Lesstime:v0.3.22 MALIO-DEV/Lesstime:v0.3.21 MALIO-DEV/Lesstime:v0.3.20 MALIO-DEV/Lesstime:v0.3.19 MALIO-DEV/Lesstime:v0.3.18 MALIO-DEV/Lesstime:v0.3.17 MALIO-DEV/Lesstime:v0.3.16 MALIO-DEV/Lesstime:v0.3.15 MALIO-DEV/Lesstime:v0.3.14 MALIO-DEV/Lesstime:v0.3.13 MALIO-DEV/Lesstime:v0.3.12 MALIO-DEV/Lesstime:v0.3.11 MALIO-DEV/Lesstime:v0.3.10 MALIO-DEV/Lesstime:v0.3.9 MALIO-DEV/Lesstime:v0.3.8 MALIO-DEV/Lesstime:v0.3.7 MALIO-DEV/Lesstime:v0.3.6 MALIO-DEV/Lesstime:v0.3.5 MALIO-DEV/Lesstime:v0.3.4 MALIO-DEV/Lesstime:v0.3.3 MALIO-DEV/Lesstime:v0.3.2 MALIO-DEV/Lesstime:v0.3.1 MALIO-DEV/Lesstime:v0.3.0 MALIO-DEV/Lesstime:v0.2.10 MALIO-DEV/Lesstime:v0.2.9 MALIO-DEV/Lesstime:v0.2.8 MALIO-DEV/Lesstime:v0.2.7 MALIO-DEV/Lesstime:v0.2.6 MALIO-DEV/Lesstime:v0.2.5 MALIO-DEV/Lesstime:v0.2.4 MALIO-DEV/Lesstime:v0.2.3 MALIO-DEV/Lesstime:v0.2.2 MALIO-DEV/Lesstime:v0.2.1 MALIO-DEV/Lesstime:v0.2.0 MALIO-DEV/Lesstime:v0.1.2 MALIO-DEV/Lesstime:v0.1.1 MALIO-DEV/Lesstime:v0.1.0

2 Commits
v0.4.53 .. fix/rbac-default-user-role

Author SHA1 Message Date
Matthieu 01856b147c fix(rbac) : gate les listes Gitea/BookStack par projects.manage (et non ROLE_USER) 
Suite à la revue de sécurité : ROLE_ADMIN était trop strict (les ressources
sœurs sont en ROLE_USER) mais ROLE_USER brut est trop permissif — ces endpoints
listent TOUS les dépôts/étagères visibles par le token d'intégration global, sans
filtrage par utilisateur. Comme ils ne sont consommés que par le ProjectDrawer
(configuration du dépôt/étagère d'un projet), on les gate sur la permission métier
project-management.projects.manage. Les admins conservent l'accès via le bypass
ROLE_ADMIN du PermissionVoter.
 2026-06-29 11:23:56 +02:00
Matthieu 4a1d611d3c fix(rbac) : ouvre la liste des repos Gitea et des étagères BookStack aux ROLE_USER 
GiteaRepository (/gitea/repositories) et BookStackShelf (/bookstack/shelves)
étaient gardés par ROLE_ADMIN alors que toutes leurs ressources sœurs (branches,
pull requests, recherche, liens) sont en ROLE_USER. Un utilisateur non-admin
pouvait donc consommer les sous-ressources mais récupérait un 403 en listant les
dépôts / étagères racines. Aligné sur ROLE_USER (les *Settings et *TestConnection
restent ROLE_ADMIN : configuration réservée à l'admin).
 2026-06-29 11:19:12 +02:00
4 changed files with 6 additions and 11 deletions
Expand all files Collapse all files
config/version.yaml
+1 -1
View File
@@ -1,2 +1,2 @@
parameters:
app.version: '0.4.53'
app.version: '0.4.49'
frontend/app/layouts/default.vue
+5 -8
View File
@@ -60,16 +60,13 @@ const { sections } = useSidebar()
const isEmployee = computed(() => Boolean(auth.user?.isEmployee))
const { can } = usePermissions()
// L'onglet Messagerie est rendu côté layout (hors sidebar backend) : il faut donc
// reproduire ici le gate de permission. ROLE_ADMIN bypasse via can().
const isMailVisible = computed(() => can('mail.access'))
const isMailVisible = computed(() => {
const roles: string[] = auth.user?.roles ?? []
return roles.includes('ROLE_USER') || roles.includes('ROLE_ADMIN')
})
const { enabled: shareEnabled, ensureLoaded: ensureShareStatus } = useShareStatus()
// Documents = explorateur de partage : visible si le module est actif ET la
// permission d'accès au partage est accordée (alignement avec le middleware de page).
const isDocumentsVisible = computed(() => shareEnabled.value === true && can('integration.share.access'))
const isDocumentsVisible = computed(() => shareEnabled.value === true)
const currentProjectId = computed(() => {
const match = route.path.match(/^\/projects\/(\d+)/)
frontend/modules/mail/pages/mail.vue
-1
View File
@@ -6,7 +6,6 @@ const { t } = useI18n()
const router = useRouter()
const route = useRoute()
definePageMeta({ middleware: ['permission'], permission: 'mail.access' })
useHead({ title: t('mail.title') })
// ─── Store ────────────────────────────────────────────────────────────────
frontend/pages/documents.vue
-1
View File
@@ -85,7 +85,6 @@ import type { Breadcrumb, FileEntry } from '~/modules/integration/services/dto/s
import { useShareService } from '~/modules/integration/services/share'
import { formatFileSize } from '~/utils/format'
definePageMeta({ middleware: ['permission'], permission: 'integration.share.access' })
useHead({ title: 'Documents' })
const { browse, search } = useShareService()