AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: shell back-office P3 (pages rendues serveur + garde) #14

Merged
Corentin merged 1 commit from feat/p3-admin-shell into dev 2026-06-15 21:25:07 +02:00
Conversation 0 Commits 1 Files changed 11 +619 -3
Corentin commented 2026-06-15 21:22:07 +02:00
Owner
Copy link

Shell back-office rendu serveur (P3, fondation du CRUD admin).

  • AdminController : guard(permission?) = RG-6/RG-T02 (302 /login si session KO) puis RG-T03 (403 si
    permission manquante), sinon GuardResult ; adminView() rend dans le shell avec identite + permissions
    • CSRF. Controller gagne layoutName() (defaut inchange, retro-compatible).
  • DashboardController -> GET /admin/dashboard (landing authentifie ; KPI reels = chunk stats).
  • UserDirectory : nom + libelle de role pour la topbar (fakeable).
  • Vues admin/{layout,dashboard,forbidden} : nav conditionnee aux permissions, logout POST + CSRF,
    sorties echappees (RG-T15, initiales multibyte), assets en chemins absolus.
  • Premier cablage reel de SessionGuard sur une page protegee.

Qualite : 127 tests (dont la garde 403 RG-T03 et l'echappement XSS), PHPStan L6 vert, E2E (302 sans
session, 200 shell apres login). Revue adversariale passee, 5 findings corriges (initiales multibyte,
couverture 403, test d'echappement, marqueur de fragment, commentaire d'heritage).

Base volontaire : dev.

Shell back-office rendu serveur (P3, fondation du CRUD admin). - AdminController : guard(permission?) = RG-6/RG-T02 (302 /login si session KO) puis RG-T03 (403 si permission manquante), sinon GuardResult ; adminView() rend dans le shell avec identite + permissions + CSRF. Controller gagne layoutName() (defaut inchange, retro-compatible). - DashboardController -> GET /admin/dashboard (landing authentifie ; KPI reels = chunk stats). - UserDirectory : nom + libelle de role pour la topbar (fakeable). - Vues admin/{layout,dashboard,forbidden} : nav conditionnee aux permissions, logout POST + CSRF, sorties echappees (RG-T15, initiales multibyte), assets en chemins absolus. - Premier cablage reel de SessionGuard sur une page protegee. Qualite : 127 tests (dont la garde 403 RG-T03 et l'echappement XSS), PHPStan L6 vert, E2E (302 sans session, 200 shell apres login). Revue adversariale passee, 5 findings corriges (initiales multibyte, couverture 403, test d'echappement, marqueur de fragment, commentaire d'heritage). Base volontaire : dev.
Corentin added 1 commit 2026-06-15 21:22:07 +02:00
feat(admin): shell back-office rendu serveur + garde de page (P3)
Some checks failed
CI / secret-scan (push) Successful in 8s
Details
CI / static-tests (push) Successful in 28s
Details
CI / static-tests (pull_request) Successful in 27s
Details
CI / auto-merge (push) Has been skipped
Details
CI / php-lint (push) Successful in 18s
Details
CI / secret-scan (pull_request) Successful in 9s
Details
CI / php-lint (pull_request) Successful in 18s
Details
CI / auto-merge (pull_request) Failing after 4s
Details
65cb3008ee 
AdminController : base des pages back-office. guard(permission?) applique RG-6/RG-T02 (302 vers
/login si session absente/expiree/inactive) puis RG-T03 (403 si permission manquante), sinon renvoie
la GuardResult ; adminView() rend dans le shell admin en injectant identite + permissions + jeton CSRF.
Controller gagne un hook layoutName() (defaut inchange). DashboardController -> GET /admin/dashboard
(landing authentifie ; KPI reels = chunk stats). UserDirectory : nom + libelle de role pour la topbar.
Vues admin/{layout,dashboard,forbidden} : navigation conditionnee aux permissions, logout en POST CSRF,
sorties echappees (RG-T15), assets en chemins absolus. Premier cablage de SessionGuard sur une page.
127 tests (dont 403 garde, echappement XSS), PHPStan L6.
Corentin added the
auto-merge
 label 2026-06-15 21:22:08 +02:00
Corentin merged commit 2bc22ab5c8 into dev 2026-06-15 21:25:07 +02:00
Corentin deleted branch feat/p3-admin-shell 2026-06-15 21:25:07 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
auto-merge

Fusion automatique sur CI verte

No labels
auto-merge
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AcadeNice/corentin_wakdo#14
No description provided.
Delete branch "feat/p3-admin-shell"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?