de48ddf7cd
All checks were successful
CI / secret-scan (pull_request) Successful in 14s
CI / js-tests (pull_request) Successful in 28s
CI / php-lint (pull_request) Successful in 26s
CI / static-tests (pull_request) Successful in 1m1s
CI / secret-scan (push) Successful in 12s
CI / php-lint (push) Successful in 25s
CI / static-tests (push) Successful in 50s
CI / js-tests (push) Successful in 22s
CI / auto-merge (pull_request) Successful in 4s
CI / auto-merge (push) Has been skipped
Lot R du cycle P3 (Users/RBAC/Stats), dernier lot. Gestion RBAC (mlt 10.4
MANAGE_RBAC, permission role.manage) : matrice roles x permissions + roles
personnalises (RG-4). Action a fort impact (escalade de privileges) -> PIN
equipier + audit_log dans la meme transaction (RG-T13/14), throttle PIN (RG-T22).
- RoleRepository (App\Auth) : roles (CRUD, code immuable), matrice (permissionIds/
CodesFor, setPermissions tx + variante raw replacePermissions pour enrobage
controleur), sources visibles (role_visible_source, tx + raw). Catalogue de
permissions fige (lecture seule).
- RoleController (role.manage) : index ; create/store (role custom : code+label+
default_route+order_source) ; edit/update (champs role + matrice + sources, en
UNE transaction). audit role.manage avec details=DIFF des codes de permission
(ajoutes/retires, RG-6), calcule avant la reecriture delete-and-reinsert.
- Matrice soumise en champs SCALAIRES (perm_<id>, source_<enum>) : Request::formBody
ne garde que les scalaires, donc pas de name[] ni de JS.
- Garde-fous anti-lockout : le role admin conserve role.manage ET reste actif ;
code immuable apres creation ; order_source borne a l'ENUM ; code dupli -> 409.
- Vues admin/roles/{index,form}, 5 routes, nav Roles (gated role.manage).
Tests : unit 263, integration 301 / 916 assertions (WAKDO_DB_TESTS=1, dont
RoleControllerTest 12 + RoleRepositoryDbTest 4), PHPStan L6 propre.
|
||
|---|---|---|
| .. | ||
| Admin | ||
| Auth | ||
| Catalogue | ||
| Core | ||
| ConfigTest.php | ||
| RouterTest.php | ||