refactor(core) : RBAC #345 - replace ROLE_ADMIN placeholders with RBAC codes

2026-04-15 16:02:57 +02:00
parent 80b63cd7d7
commit b05c10097f
3 changed files with 14 additions and 21 deletions
--- a/src/Module/Core/Domain/Entity/Permission.php
+++ b/src/Module/Core/Domain/Entity/Permission.php
@@ -19,13 +19,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
    operations: [
        new GetCollection(
            normalizationContext: ['groups' => ['permission:read']],
-            // TODO ticket #345 : remplacer par is_granted('core.permissions.view')
+            security: "is_granted('core.permissions.view')",
            security: "is_granted('ROLE_ADMIN')",
        ),
        new Get(
            normalizationContext: ['groups' => ['permission:read']],
-            // TODO ticket #345 : remplacer par is_granted('core.permissions.view')
+            security: "is_granted('core.permissions.view')",
            security: "is_granted('ROLE_ADMIN')",
        ),
    ],
 )]
--- a/src/Module/Core/Domain/Entity/Role.php
+++ b/src/Module/Core/Domain/Entity/Role.php
@@ -35,31 +35,26 @@ use Symfony\Component\Validator\Constraints as Assert;
    operations: [
        new GetCollection(
            normalizationContext: ['groups' => ['role:read']],
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
+            security: "is_granted('core.roles.view')",
            security: "is_granted('ROLE_ADMIN')",
        ),
        new Get(
            normalizationContext: ['groups' => ['role:read']],
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
+            security: "is_granted('core.roles.view')",
            security: "is_granted('ROLE_ADMIN')",
        ),
        new Post(
            normalizationContext: ['groups' => ['role:read']],
            denormalizationContext: ['groups' => ['role:write']],
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
+            security: "is_granted('core.roles.manage')",
            security: "is_granted('ROLE_ADMIN')",
            processor: RoleProcessor::class,
        ),
        new Patch(
            normalizationContext: ['groups' => ['role:read']],
            denormalizationContext: ['groups' => ['role:write']],
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
+            security: "is_granted('core.roles.manage')",
            security: "is_granted('ROLE_ADMIN')",
            processor: RoleProcessor::class,
        ),
        new Delete(
-            // TODO ticket #345 : remplacer par is_granted('core.roles.manage')
+            security: "is_granted('core.roles.manage')",
            security: "is_granted('ROLE_ADMIN')",
            processor: RoleProcessor::class,
        ),
    ],
--- a/src/Module/Core/Domain/Entity/User.php
+++ b/src/Module/Core/Domain/Entity/User.php
@@ -11,6 +11,7 @@ use ApiPlatform\Metadata\GetCollection;
 use ApiPlatform\Metadata\Patch;
 use ApiPlatform\Metadata\Post;
 use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserPasswordHasherProcessor;
 use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserProcessor;
 use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserRbacProcessor;
 use App\Module\Core\Infrastructure\ApiPlatform\State\Provider\MeProvider;
 use App\Module\Core\Infrastructure\Doctrine\DoctrineUserRepository;
@@ -31,25 +32,24 @@ use Symfony\Component\Serializer\Attribute\SerializedName;
            normalizationContext: ['groups' => ['me:read']],
        ),
        new Get(
-            security: "is_granted('ROLE_ADMIN')",  // TODO ticket #345 : remplacer par is_granted('core.users.view')
+            security: "is_granted('core.users.view')",
            normalizationContext: ['groups' => ['user:list']],
        ),
        new GetCollection(
-            security: "is_granted('ROLE_ADMIN')",  // TODO ticket #345 : remplacer par is_granted('core.users.view')
+            security: "is_granted('core.users.view')",
            normalizationContext: ['groups' => ['user:list']],
        ),
-        new Post(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class),
+        new Post(security: "is_granted('core.users.manage')", processor: UserPasswordHasherProcessor::class),
-        new Patch(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class),
+        new Patch(security: "is_granted('core.users.manage')", processor: UserPasswordHasherProcessor::class),
        new Patch(
            name: 'user_rbac_patch',
            uriTemplate: '/users/{id}/rbac',
-            // TODO ticket #345 : remplacer par is_granted('core.users.manage')
+            security: "is_granted('core.users.manage')",
            security: "is_granted('ROLE_ADMIN')",
            normalizationContext: ['groups' => ['user:rbac:read']],
            denormalizationContext: ['groups' => ['user:rbac:write']],
            processor: UserRbacProcessor::class,
        ),
-        new Delete(security: "is_granted('ROLE_ADMIN')"),
+        new Delete(security: "is_granted('core.users.manage')", processor: UserProcessor::class),
    ],
    denormalizationContext: ['groups' => ['user:write']],
 )]