MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases 32 Wiki Activity
Files
808a29084595873355ee254e5c5c767b9c8a488e
Lesstime/src/Shared/Domain/Contract/UserInterface.php
T
Matthieu 808a290845 feat(client-portal) : phase 1 foundations — ROLE_CLIENT hardening + ClientTicket (back) 
LST-69 (3.2) phase 1. New ClientPortal module + security foundations for the
client portal (spec docs/superpowers/specs/2026-03-15-client-portal-design.md).

- Security: User::getRoles() no longer adds ROLE_USER to ROLE_CLIENT users;
  role_hierarchy ROLE_ADMIN: [ROLE_USER, ROLE_CLIENT]. Existing Task/Project/
  Client/TimeEntry/metadata endpoints already required ROLE_USER -> a pure
  ROLE_CLIENT is walled off (verified: 403).
- User (Core): client (ManyToOne ClientInterface, SET NULL) + allowedProjects
  (ManyToMany ProjectInterface). UserInterface extended (getClient/
  getAllowedProjects).
- New ClientTicket entity (module ClientPortal) + enums + repository + API with
  per-client isolation (ClientTicketProvider: own tickets ∩ allowedProjects),
  per-project numbering under advisory lock (rejects if user.client null),
  status transition rules. ClientTicketInterface contract for Task/TaskDocument.
- TaskDocument generalized: task nullable + clientTicket (CASCADE) + CHECK;
  per-role access. Task.clientTicket exposed in task:read.
- Additive migration; demo client fixtures.
- Tenancy tests assert the isolation invariant (a client never sees another
  client's tickets) rather than brittle absolute counts (shared test DB).

178 tests green, mapping valid, cs-fixer clean.
2026-06-21 00:46:26 +02:00

47 lines
1.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Shared\Domain\Contract;
use Doctrine\Common\Collections\Collection;
/**
* Contrat de LECTURE de l'identité, consommé hors du module Core.
* Les écritures (setPassword, setters HR…) restent sur le concret Core\Domain\Entity\User.
*/
interface UserInterface
{
public function getId(): ?int;
public function getUserIdentifier(): string;
public function getUsername(): ?string;
/** @return list<string> */
public function getRoles(): array;
public function getFirstName(): ?string;
public function getLastName(): ?string;
public function getAvatarUrl(): ?string;
public function getIsEmployee(): bool;
/** @return list<string> */
public function getEffectivePermissions(): array;
/**
* Client this user belongs to, or null for an internal user.
*/
public function getClient(): ?ClientInterface;
/**
* Projects a client user is allowed to access.
*
* @return Collection<int, ProjectInterface>
*/
public function getAllowedProjects(): Collection;
}
Reference in New Issue View Git Blame Copy Permalink