feat: RBAC P2 (autorisation par permission + garde de session + /api/me) #12

Merged

Corentin merged 2 commits from feat/p2-rbac into dev

2026-06-15 20:45:20 +02:00

Author	SHA1	Message	Date
Imugiii	5b714e9a3a	docs(api): ajoute /api/me au listing des endpoints Some checks failed CI / auto-merge (push) Has been skipped Details CI / auto-merge (pull_request) Failing after 5s Details CI / secret-scan (push) Successful in 8s Details CI / php-lint (push) Successful in 17s Details CI / static-tests (push) Successful in 31s Details CI / secret-scan (pull_request) Successful in 7s Details CI / php-lint (pull_request) Successful in 17s Details CI / static-tests (pull_request) Successful in 30s Details Reflete l'endpoint GET /api/me (session-gated, RG-6/RG-T02/RG-T03) en service dans la section 5.1.	2026-06-15 18:42:09 +00:00
Imugiii	91b6241096	feat(rbac): autorisation par permission + garde de session cablee (GET /api/me) Authorizer verifie une PERMISSION via role_permission (RG-T03), rechargee depuis la base a chaque appel (10.4 RG-3) ; un role desactive ne confere rien. AuthenticatedController (App\Controllers) cable SessionGuard (RG-6 + RG-T02) et Authorizer sans inverser la dependance du Core. MeController expose GET /api/me (identite + permissions ; 401 si session absente/expiree/inactive) : premier consommateur reel du SessionGuard. Tests unitaires + integration DB (auto-skippee sans base) couvrant le predicat is_active et la liaison par code de permission.	2026-06-15 18:42:09 +00:00