Corentin JOGUET 32f9baacce

CI / secret-scan (push) Successful in 8s

Details

CI / php-lint (push) Successful in 20s

Details

CI / static-tests (push) Successful in 41s

Details

CI / js-tests (push) Successful in 19s

Details

CI / auto-merge (push) Has been skipped

Details

2026-06-17 15:55:30 +02:00

Domaine — Comptes utilisateurs

Perimetre

Gestion des comptes back-office (mlt domaine 10.1-10.3 + 10.5) : creation, edition, desactivation, reinitialisation de PIN, effacement RGPD.

UserRepository (App\Auth) : all (JOIN role) / find / emailExists / activeRoleExists / create / update (allowlist) / setPasswordHash / clearPin / deactivate / anonymise / activeAdminCount / isAdmin.
UserController : index (user.read), create/store (user.create), edit/update (user.update), deactivate (user.deactivate), reset-pin, erase-PII. Vues admin/users/{index,form,confirm}.

RG-T13/14 : toutes les mutations sont sensibles -> PIN equipier + audit_log (user.create/update/deactivate/erase_pii) dans la meme transaction ; details JSON = noms de champs / role (pas de PII). Throttle RG-T22.
RG-T16 : allowlist (email/prenom/nom/role_id/is_active) ; is_active pose serveur a la creation. Unicite email -> 409.
Self-protection : pas d'auto-desactivation (403 SELF_DEACTIVATION) ; on ne retire pas le statut du dernier admin actif (update/deactivate/erase) ; effacement deja fait -> 409.

ADR-0004 (PIN + audit), ADR-0007 (anonymisation RGPD), ADR-0006 (409/422).

user (+ anonymized_at pour RGPD), audit_log, role (FK). Detail : docs/merise/mlt.md section 10.1-10.5.