Matthieu
9705b335ef
Les ressources métier (ProjectManagement, Directory, TimeTracking) étaient
gardées par is_granted('ROLE_USER')/'ROLE_ADMIN', ignorant les permissions
RBAC granulaires déclarées par les modules : un utilisateur sans permission
voyait quand même projets, tâches, clients, etc.
- PermissionVoter : le regex excluait les tirets, donc project-management.* et
time-tracking.* n'étaient supportées par aucun voter (refus pour tous, admin
compris car le bypass ROLE_ADMIN est interne au voter). Ajout du tiret.
- Câblage des permissions *.view (lecture) / *.manage (écriture) sur les 17
ressources métier. Métadonnées tâches lisibles via projects.view OR tasks.view.
Directory partagé client/prospect via clients.* OR prospects.*. TimeEntry
conserve le self-service (object.getUser() == user).
- Sidebar : gating par permission effective des onglets Projets / Mes tâches /
Suivi du temps (config/sidebar.php).
- Test fonctionnel ProjectAccessControlTest (0 perm -> 403, view -> 200,
view ne donne pas l'écriture -> 403).
117 lines
3.2 KiB
PHP
117 lines
3.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Module\Directory\Domain\Entity;
|
|
|
|
use ApiPlatform\Metadata\ApiResource;
|
|
use ApiPlatform\Metadata\Delete;
|
|
use ApiPlatform\Metadata\Get;
|
|
use ApiPlatform\Metadata\GetCollection;
|
|
use ApiPlatform\Metadata\Patch;
|
|
use ApiPlatform\Metadata\Post;
|
|
use App\Module\Directory\Infrastructure\Doctrine\DoctrineClientRepository;
|
|
use App\Shared\Domain\Attribute\Auditable;
|
|
use App\Shared\Domain\Contract\BlamableInterface;
|
|
use App\Shared\Domain\Contract\ClientInterface;
|
|
use App\Shared\Domain\Contract\ProjectInterface;
|
|
use App\Shared\Domain\Contract\TimestampableInterface;
|
|
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
|
|
use Doctrine\Common\Collections\ArrayCollection;
|
|
use Doctrine\Common\Collections\Collection;
|
|
use Doctrine\ORM\Mapping as ORM;
|
|
use Symfony\Component\Serializer\Attribute\Groups;
|
|
|
|
#[Auditable]
|
|
#[ApiResource(
|
|
operations: [
|
|
new GetCollection(paginationEnabled: false, security: "is_granted('directory.clients.view')"),
|
|
new Get(security: "is_granted('directory.clients.view')"),
|
|
new Post(security: "is_granted('directory.clients.manage')"),
|
|
new Patch(security: "is_granted('directory.clients.manage')"),
|
|
new Delete(security: "is_granted('directory.clients.manage')"),
|
|
],
|
|
normalizationContext: ['groups' => ['client:read']],
|
|
denormalizationContext: ['groups' => ['client:write']],
|
|
order: ['name' => 'ASC'],
|
|
)]
|
|
#[ORM\Entity(repositoryClass: DoctrineClientRepository::class)]
|
|
class Client implements ClientInterface, TimestampableInterface, BlamableInterface
|
|
{
|
|
use TimestampableBlamableTrait;
|
|
|
|
#[ORM\Id]
|
|
#[ORM\GeneratedValue]
|
|
#[ORM\Column]
|
|
#[Groups(['client:read', 'project:read', 'user:list'])]
|
|
private ?int $id = null;
|
|
|
|
#[ORM\Column(length: 255)]
|
|
#[Groups(['client:read', 'client:write', 'project:read', 'user:list'])]
|
|
private ?string $name = null;
|
|
|
|
#[ORM\Column(length: 255, nullable: true)]
|
|
#[Groups(['client:read', 'client:write'])]
|
|
private ?string $email = null;
|
|
|
|
#[ORM\Column(length: 50, nullable: true)]
|
|
#[Groups(['client:read', 'client:write'])]
|
|
private ?string $phone = null;
|
|
|
|
/** @var Collection<int, ProjectInterface> */
|
|
#[ORM\OneToMany(targetEntity: ProjectInterface::class, mappedBy: 'client')]
|
|
private Collection $projects;
|
|
|
|
public function __construct()
|
|
{
|
|
$this->projects = new ArrayCollection();
|
|
}
|
|
|
|
public function getId(): ?int
|
|
{
|
|
return $this->id;
|
|
}
|
|
|
|
public function getName(): ?string
|
|
{
|
|
return $this->name;
|
|
}
|
|
|
|
public function setName(string $name): static
|
|
{
|
|
$this->name = $name;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function getEmail(): ?string
|
|
{
|
|
return $this->email;
|
|
}
|
|
|
|
public function setEmail(?string $email): static
|
|
{
|
|
$this->email = $email;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function getPhone(): ?string
|
|
{
|
|
return $this->phone;
|
|
}
|
|
|
|
public function setPhone(?string $phone): static
|
|
{
|
|
$this->phone = $phone;
|
|
|
|
return $this;
|
|
}
|
|
|
|
/** @return Collection<int, ProjectInterface> */
|
|
public function getProjects(): Collection
|
|
{
|
|
return $this->projects;
|
|
}
|
|
}
|