AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(api): ajoute /api/me au listing des endpoints
Some checks failed
CI / auto-merge (push) Has been skipped
Details
CI / auto-merge (pull_request) Failing after 5s
Details
CI / secret-scan (push) Successful in 8s
Details
CI / php-lint (push) Successful in 17s
Details
CI / static-tests (push) Successful in 31s
Details
CI / secret-scan (pull_request) Successful in 7s
Details
CI / php-lint (pull_request) Successful in 17s
Details
CI / static-tests (pull_request) Successful in 30s
Details

Browse source 
Reflete l'endpoint GET /api/me (session-gated, RG-6/RG-T02/RG-T03) en service dans la section 5.1.
This commit is contained in:
Imugiii 2026-06-15 18:42:09 +00:00
parent 91b6241096
commit 5b714e9a3a
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docs/api/conventions.md
View file

@ -99,6 +99,13 @@ Autres regles :
| POST | `/forgot_password` | public + CSRF | HTML (neutre) | envoi du lien (mlt 12.3) |
| GET | `/reset_password` | public (token en query) | HTML | formulaire nouveau mot de passe |
| POST | `/reset_password` | public + CSRF | 302 / HTML | confirmation (mlt 12.3) |
| GET | `/api/me` | session | JSON | identite + permissions du compte courant (RG-6/RG-T02/RG-T03) |
`/api/me` est le premier consommateur reel de `SessionGuard` (RG-6 idle/absolu + RG-T02
is_active) et d'`Authorizer` (RG-T03, permissions rechargees depuis la base). Reponse :
`{ "data": { "user_id", "role_id", "role_code", "permissions": [...] } }` ; `401 AUTH_REQUIRED`
si la session est absente, expiree ou le compte desactive. Les autorisations par operation
(et le PIN des actions sensibles, RG-T13) se cablent quand les operations existent (P3).
### 5.2 API kiosk - lecture catalogue + commande (prevu P4, public)