AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(admin): RBAC - matrice roles/permissions + roles custom (PIN+audit diff) (P3) #39

Merged
Corentin merged 1 commit from feat/p3-roles into dev 2026-06-17 14:25:44 +02:00
Conversation 0 Commits 1 Files changed 9 +1405 -4
Corentin commented 2026-06-17 14:23:53 +02:00
Owner
Copy link
No description provided.
Corentin added 1 commit 2026-06-17 14:23:53 +02:00
feat(admin): RBAC - matrice roles/permissions + roles custom (PIN+audit diff) (P3)
All checks were successful
CI / secret-scan (pull_request) Successful in 14s
Details
CI / js-tests (pull_request) Successful in 28s
Details
CI / php-lint (pull_request) Successful in 26s
Details
CI / static-tests (pull_request) Successful in 1m1s
Details
CI / secret-scan (push) Successful in 12s
Details
CI / php-lint (push) Successful in 25s
Details
CI / static-tests (push) Successful in 50s
Details
CI / js-tests (push) Successful in 22s
Details
CI / auto-merge (pull_request) Successful in 4s
Details
CI / auto-merge (push) Has been skipped
Details
de48ddf7cd 
Lot R du cycle P3 (Users/RBAC/Stats), dernier lot. Gestion RBAC (mlt 10.4
MANAGE_RBAC, permission role.manage) : matrice roles x permissions + roles
personnalises (RG-4). Action a fort impact (escalade de privileges) -> PIN
equipier + audit_log dans la meme transaction (RG-T13/14), throttle PIN (RG-T22).

- RoleRepository (App\Auth) : roles (CRUD, code immuable), matrice (permissionIds/
  CodesFor, setPermissions tx + variante raw replacePermissions pour enrobage
  controleur), sources visibles (role_visible_source, tx + raw). Catalogue de
  permissions fige (lecture seule).
- RoleController (role.manage) : index ; create/store (role custom : code+label+
  default_route+order_source) ; edit/update (champs role + matrice + sources, en
  UNE transaction). audit role.manage avec details=DIFF des codes de permission
  (ajoutes/retires, RG-6), calcule avant la reecriture delete-and-reinsert.
- Matrice soumise en champs SCALAIRES (perm_<id>, source_<enum>) : Request::formBody
  ne garde que les scalaires, donc pas de name[] ni de JS.
- Garde-fous anti-lockout : le role admin conserve role.manage ET reste actif ;
  code immuable apres creation ; order_source borne a l'ENUM ; code dupli -> 409.
- Vues admin/roles/{index,form}, 5 routes, nav Roles (gated role.manage).

Tests : unit 263, integration 301 / 916 assertions (WAKDO_DB_TESTS=1, dont
RoleControllerTest 12 + RoleRepositoryDbTest 4), PHPStan L6 propre.
Corentin scheduled this pull request to auto merge when all checks succeed 2026-06-17 14:23:54 +02:00
Corentin merged commit d880f2512a into dev 2026-06-17 14:25:44 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
auto-merge

Fusion automatique sur CI verte

No labels
auto-merge
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AcadeNice/corentin_wakdo#39
No description provided.
Delete branch "feat/p3-roles"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?