src/Module/TimeTracking/Domain/Entity/TimeEntry.php

@@ -48,9 +48,9 @@ use Symfony\Component\Serializer\Attribute\Groups;
             security: "is_granted('time-tracking.entries.view')",
         ),
         new Get(security: "is_granted('time-tracking.entries.view')"),
-        new Post(security: "is_granted('time-tracking.entries.view')"),
-        new Patch(security: "is_granted('ROLE_ADMIN') or (is_granted('time-tracking.entries.view') and object.getUser() == user)"),
-        new Delete(security: "is_granted('ROLE_ADMIN') or (is_granted('time-tracking.entries.view') and object.getUser() == user)"),
+        new Post(security: "is_granted('time-tracking.entries.manage')"),
+        new Patch(security: "is_granted('ROLE_ADMIN') or (is_granted('time-tracking.entries.manage') and object.getUser() == user)"),
+        new Delete(security: "is_granted('ROLE_ADMIN') or (is_granted('time-tracking.entries.manage') and object.getUser() == user)"),
     ],
     normalizationContext: ['groups' => ['time_entry:read']],
     denormalizationContext: ['groups' => ['time_entry:write']],

src/Module/TimeTracking/TimeTrackingModule.php

@@ -26,15 +26,13 @@ final class TimeTrackingModule implements ModuleInterface
     /**
      * Permissions RBAC fin du Module TimeTracking (2.1).
      *
-     * Additif : alimente le catalogue RBAC. La sécurité des opérations API
-     * reste en ROLE_USER (non recâblée ici).
-     *
      * @return list<array{code: string, label: string}>
      */
     public static function permissions(): array
     {
         return [
             ['code' => 'time-tracking.entries.view', 'label' => 'Voir les saisies de temps'],
+            ['code' => 'time-tracking.entries.manage', 'label' => 'Gérer les saisies de temps'],
             ['code' => 'time-tracking.entries.export', 'label' => 'Exporter les saisies de temps'],
         ];
     }