AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(admin): gestion des comptes back-office (CRUD users + RGPD, PIN+audit) (P3) #38

Merged
Corentin merged 1 commit from feat/p3-users into dev 2026-06-17 13:49:03 +02:00
Conversation 0 Commits 1 Files changed 11 +1718 -8
Corentin commented 2026-06-17 13:47:35 +02:00
Owner
Copy link
No description provided.
Corentin added 1 commit 2026-06-17 13:47:35 +02:00
feat(admin): gestion des comptes back-office (CRUD users + RGPD, PIN+audit) (P3)
All checks were successful
CI / secret-scan (pull_request) Successful in 9s
Details
CI / php-lint (pull_request) Successful in 24s
Details
CI / static-tests (pull_request) Successful in 47s
Details
CI / js-tests (pull_request) Successful in 20s
Details
CI / secret-scan (push) Successful in 8s
Details
CI / php-lint (push) Successful in 21s
Details
CI / static-tests (push) Successful in 52s
Details
CI / js-tests (push) Successful in 18s
Details
CI / auto-merge (pull_request) Successful in 5s
Details
CI / auto-merge (push) Has been skipped
Details
d3dcc36bc4 
Lot U du cycle P3 (Users/RBAC/Stats). Gestion complete des comptes back-office
(mlt domaine 10) : toutes les mutations sont des actions sensibles (RG-T13) avec
re-autorisation par PIN equipier + ligne audit_log dans la meme transaction
(RG-T14), throttle PIN par acteur agissant (RG-T22).

- UserRepository : all (JOIN role) / find / emailExists / activeRoleExists /
  create / update (allowlist RG-T16) / setPasswordHash / clearPin / deactivate /
  anonymise (RGPD mlt 10.5, tombstone idempotent) / activeAdminCount / isAdmin.
- UserController (user.read/create/update/deactivate) : index ; create/store ;
  edit/update ; deactivate ; reset-pin ; erase-PII. Helper resolvePin mutualise
  le flux throttle+verif+pin.failed. details JSON d'audit = noms de champs/role
  (pas de PII). Conflit d'unicite email -> 409 (convention PR-0).
- Garde-fous d'integrite : pas d'auto-desactivation (mlt 10.3 PRE-2 -> 403) ; on
  ne peut ni desactiver, ni retrograder, ni anonymiser le DERNIER admin actif
  (anti-lockout) ; erase deja anonymise -> 409.
- Vues admin/users/{index,form,confirm} (PIN inline), 11 routes, nav Administration.

Tests : unit 251, integration 285 / 867 assertions (WAKDO_DB_TESTS=1, dont
UserControllerTest 18 + UserRepositoryDbTest 5), PHPStan L6 propre.
Corentin scheduled this pull request to auto merge when all checks succeed 2026-06-17 13:47:36 +02:00
Corentin merged commit e430f54d85 into dev 2026-06-17 13:49:03 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
auto-merge

Fusion automatique sur CI verte

No labels
auto-merge
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AcadeNice/corentin_wakdo#38
No description provided.
Delete branch "feat/p3-users"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?