feat: Permettre la consultation et gestion des droits à l'image des élèves
Les administrateurs et enseignants ont besoin de consulter et gérer les autorisations de droit à l'image des élèves pour respecter la réglementation lors de publications contenant des photos (FR82). Cette fonctionnalité ajoute une page dédiée avec liste filtrable par statut, modification individuelle via dropdown, export CSV avec BOM UTF-8 pour Excel, et préparation du système d'avertissement avant publication (query/handler prêts, intégration à faire quand le module publication existera). Le filtrage par classe (AC2) est bloqué en attente d'une table d'affectation élève↔classe qui n'existe pas encore.
This commit is contained in:
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\UpdateImageRights;
|
||||
|
||||
final readonly class UpdateImageRightsCommand
|
||||
{
|
||||
public function __construct(
|
||||
public string $studentId,
|
||||
public string $status,
|
||||
public string $modifiedBy,
|
||||
public string $tenantId,
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,48 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\UpdateImageRights;
|
||||
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\User\ImageRightsStatus;
|
||||
use App\Administration\Domain\Model\User\Role;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
use App\Administration\Domain\Model\User\UserId;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Shared\Domain\Clock;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
|
||||
|
||||
#[AsMessageHandler(bus: 'command.bus')]
|
||||
final readonly class UpdateImageRightsHandler
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
private Clock $clock,
|
||||
) {
|
||||
}
|
||||
|
||||
public function __invoke(UpdateImageRightsCommand $command): User
|
||||
{
|
||||
$studentId = UserId::fromString($command->studentId);
|
||||
$user = $this->userRepository->get($studentId);
|
||||
|
||||
if (!$user->tenantId->equals(TenantId::fromString($command->tenantId))) {
|
||||
throw UserNotFoundException::withId($studentId);
|
||||
}
|
||||
|
||||
if (!$user->aLeRole(Role::ELEVE)) {
|
||||
throw UserNotFoundException::withId($studentId);
|
||||
}
|
||||
|
||||
$modifierId = UserId::fromString($command->modifiedBy);
|
||||
$status = ImageRightsStatus::from($command->status);
|
||||
|
||||
$user->modifierDroitImage($status, $modifierId, $this->clock->now());
|
||||
|
||||
$this->userRepository->save($user);
|
||||
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\CheckImageRights;
|
||||
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\User\ImageRightsStatus;
|
||||
use App\Administration\Domain\Model\User\UserId;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
|
||||
|
||||
#[AsMessageHandler(bus: 'query.bus')]
|
||||
final readonly class CheckImageRightsHandler
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
) {
|
||||
}
|
||||
|
||||
public function __invoke(CheckImageRightsQuery $query): ImageRightsCheckResult
|
||||
{
|
||||
$studentId = UserId::fromString($query->studentId);
|
||||
$user = $this->userRepository->get($studentId);
|
||||
|
||||
if (!$user->tenantId->equals(TenantId::fromString($query->tenantId))) {
|
||||
throw UserNotFoundException::withId($studentId);
|
||||
}
|
||||
|
||||
$status = $user->imageRightsStatus;
|
||||
|
||||
return new ImageRightsCheckResult(
|
||||
status: $status,
|
||||
canPublish: $status->estAutorise(),
|
||||
warningMessage: match ($status) {
|
||||
ImageRightsStatus::REFUSED => "ATTENTION : Cet élève n'a PAS l'autorisation de droit à l'image. Publication interdite.",
|
||||
ImageRightsStatus::NOT_SPECIFIED => "Attention : Le statut droit à l'image n'est pas renseigné pour cet élève.",
|
||||
ImageRightsStatus::AUTHORIZED => null,
|
||||
},
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\CheckImageRights;
|
||||
|
||||
final readonly class CheckImageRightsQuery
|
||||
{
|
||||
public function __construct(
|
||||
public string $studentId,
|
||||
public string $tenantId,
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\CheckImageRights;
|
||||
|
||||
use App\Administration\Domain\Model\User\ImageRightsStatus;
|
||||
|
||||
final readonly class ImageRightsCheckResult
|
||||
{
|
||||
public function __construct(
|
||||
public ImageRightsStatus $status,
|
||||
public bool $canPublish,
|
||||
public ?string $warningMessage,
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,44 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\GetStudentsImageRights;
|
||||
|
||||
use App\Administration\Domain\Model\User\ImageRightsStatus;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
|
||||
|
||||
#[AsMessageHandler(bus: 'query.bus')]
|
||||
final readonly class GetStudentsImageRightsHandler
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @return StudentImageRightsDto[]
|
||||
*/
|
||||
public function __invoke(GetStudentsImageRightsQuery $query): array
|
||||
{
|
||||
$students = $this->userRepository->findStudentsByTenant(
|
||||
TenantId::fromString($query->tenantId),
|
||||
);
|
||||
|
||||
if ($query->status !== null) {
|
||||
$filterStatus = ImageRightsStatus::tryFrom($query->status);
|
||||
if ($filterStatus !== null) {
|
||||
$students = array_filter(
|
||||
$students,
|
||||
static fn ($user) => $user->imageRightsStatus === $filterStatus,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return array_values(array_map(
|
||||
static fn ($user) => StudentImageRightsDto::fromDomain($user),
|
||||
$students,
|
||||
));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\GetStudentsImageRights;
|
||||
|
||||
final readonly class GetStudentsImageRightsQuery
|
||||
{
|
||||
public function __construct(
|
||||
public string $tenantId,
|
||||
public ?string $status = null,
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\GetStudentsImageRights;
|
||||
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
use DateTimeImmutable;
|
||||
|
||||
final readonly class StudentImageRightsDto
|
||||
{
|
||||
public function __construct(
|
||||
public string $id,
|
||||
public string $firstName,
|
||||
public string $lastName,
|
||||
public string $email,
|
||||
public string $imageRightsStatus,
|
||||
public string $imageRightsStatusLabel,
|
||||
public ?DateTimeImmutable $imageRightsUpdatedAt,
|
||||
public ?string $className,
|
||||
) {
|
||||
}
|
||||
|
||||
public static function fromDomain(User $user, ?string $className = null): self
|
||||
{
|
||||
return new self(
|
||||
id: (string) $user->id,
|
||||
firstName: $user->firstName,
|
||||
lastName: $user->lastName,
|
||||
email: (string) $user->email,
|
||||
imageRightsStatus: $user->imageRightsStatus->value,
|
||||
imageRightsStatusLabel: $user->imageRightsStatus->label(),
|
||||
imageRightsUpdatedAt: $user->imageRightsUpdatedAt,
|
||||
className: $className,
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,41 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Service;
|
||||
|
||||
use App\Administration\Application\Query\GetStudentsImageRights\StudentImageRightsDto;
|
||||
use RuntimeException;
|
||||
|
||||
final readonly class ImageRightsExporter
|
||||
{
|
||||
/**
|
||||
* @param StudentImageRightsDto[] $students
|
||||
*/
|
||||
public function export(array $students): string
|
||||
{
|
||||
$handle = fopen('php://temp', 'r+');
|
||||
|
||||
if ($handle === false) {
|
||||
throw new RuntimeException('Impossible d\'ouvrir le flux CSV.');
|
||||
}
|
||||
|
||||
fputcsv($handle, ['Nom', 'Prénom', 'Classe', 'Statut'], separator: ';', escape: '\\');
|
||||
|
||||
foreach ($students as $student) {
|
||||
fputcsv($handle, [
|
||||
$student->lastName,
|
||||
$student->firstName,
|
||||
$student->className ?? '',
|
||||
$student->imageRightsStatusLabel,
|
||||
], separator: ';', escape: '\\');
|
||||
}
|
||||
|
||||
rewind($handle);
|
||||
$csv = stream_get_contents($handle);
|
||||
fclose($handle);
|
||||
|
||||
// BOM UTF-8 pour que Excel Windows affiche correctement les accents
|
||||
return "\xEF\xBB\xBF" . ($csv !== false ? $csv : '');
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Domain\Event;
|
||||
|
||||
use App\Administration\Domain\Model\User\ImageRightsStatus;
|
||||
use App\Administration\Domain\Model\User\UserId;
|
||||
use App\Shared\Domain\DomainEvent;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use DateTimeImmutable;
|
||||
use Override;
|
||||
use Ramsey\Uuid\UuidInterface;
|
||||
|
||||
final readonly class DroitImageModifie implements DomainEvent
|
||||
{
|
||||
public function __construct(
|
||||
public UserId $userId,
|
||||
public string $email,
|
||||
public ImageRightsStatus $ancienStatut,
|
||||
public ImageRightsStatus $nouveauStatut,
|
||||
public UserId $modifiePar,
|
||||
public TenantId $tenantId,
|
||||
private DateTimeImmutable $occurredOn,
|
||||
) {
|
||||
}
|
||||
|
||||
#[Override]
|
||||
public function occurredOn(): DateTimeImmutable
|
||||
{
|
||||
return $this->occurredOn;
|
||||
}
|
||||
|
||||
#[Override]
|
||||
public function aggregateId(): UuidInterface
|
||||
{
|
||||
return $this->userId->value;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Domain\Model\User;
|
||||
|
||||
enum ImageRightsStatus: string
|
||||
{
|
||||
case AUTHORIZED = 'authorized';
|
||||
case REFUSED = 'refused';
|
||||
case NOT_SPECIFIED = 'not_specified';
|
||||
|
||||
public function label(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::AUTHORIZED => 'Autorisé',
|
||||
self::REFUSED => 'Refusé',
|
||||
self::NOT_SPECIFIED => 'Non renseigné',
|
||||
};
|
||||
}
|
||||
|
||||
public function estAutorise(): bool
|
||||
{
|
||||
return $this === self::AUTHORIZED;
|
||||
}
|
||||
}
|
||||
@@ -6,6 +6,7 @@ namespace App\Administration\Domain\Model\User;
|
||||
|
||||
use App\Administration\Domain\Event\CompteActive;
|
||||
use App\Administration\Domain\Event\CompteCreated;
|
||||
use App\Administration\Domain\Event\DroitImageModifie;
|
||||
use App\Administration\Domain\Event\InvitationRenvoyee;
|
||||
use App\Administration\Domain\Event\MotDePasseChange;
|
||||
use App\Administration\Domain\Event\RoleAttribue;
|
||||
@@ -49,6 +50,9 @@ final class User extends AggregateRoot
|
||||
public private(set) ?DateTimeImmutable $invitedAt = null;
|
||||
public private(set) ?DateTimeImmutable $blockedAt = null;
|
||||
public private(set) ?string $blockedReason = null;
|
||||
public private(set) ImageRightsStatus $imageRightsStatus = ImageRightsStatus::NOT_SPECIFIED;
|
||||
public private(set) ?DateTimeImmutable $imageRightsUpdatedAt = null;
|
||||
public private(set) ?UserId $imageRightsUpdatedBy = null;
|
||||
|
||||
/** @var Role[] */
|
||||
public private(set) array $roles;
|
||||
@@ -374,6 +378,28 @@ final class User extends AggregateRoot
|
||||
return $at > $this->invitedAt->modify('+7 days');
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates the image rights status for this student.
|
||||
*/
|
||||
public function modifierDroitImage(ImageRightsStatus $nouveauStatut, UserId $modifiePar, DateTimeImmutable $at): void
|
||||
{
|
||||
$ancienStatut = $this->imageRightsStatus;
|
||||
|
||||
$this->imageRightsStatus = $nouveauStatut;
|
||||
$this->imageRightsUpdatedAt = $at;
|
||||
$this->imageRightsUpdatedBy = $modifiePar;
|
||||
|
||||
$this->recordEvent(new DroitImageModifie(
|
||||
userId: $this->id,
|
||||
email: (string) $this->email,
|
||||
ancienStatut: $ancienStatut,
|
||||
nouveauStatut: $nouveauStatut,
|
||||
modifiePar: $modifiePar,
|
||||
tenantId: $this->tenantId,
|
||||
occurredOn: $at,
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* Changes the user's password.
|
||||
*
|
||||
@@ -415,6 +441,9 @@ final class User extends AggregateRoot
|
||||
?DateTimeImmutable $invitedAt = null,
|
||||
?DateTimeImmutable $blockedAt = null,
|
||||
?string $blockedReason = null,
|
||||
ImageRightsStatus $imageRightsStatus = ImageRightsStatus::NOT_SPECIFIED,
|
||||
?DateTimeImmutable $imageRightsUpdatedAt = null,
|
||||
?UserId $imageRightsUpdatedBy = null,
|
||||
): self {
|
||||
if ($roles === []) {
|
||||
throw new InvalidArgumentException('Un utilisateur doit avoir au moins un rôle.');
|
||||
@@ -439,6 +468,9 @@ final class User extends AggregateRoot
|
||||
$user->invitedAt = $invitedAt;
|
||||
$user->blockedAt = $blockedAt;
|
||||
$user->blockedReason = $blockedReason;
|
||||
$user->imageRightsStatus = $imageRightsStatus;
|
||||
$user->imageRightsUpdatedAt = $imageRightsUpdatedAt;
|
||||
$user->imageRightsUpdatedBy = $imageRightsUpdatedBy;
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
@@ -32,4 +32,11 @@ interface UserRepository
|
||||
* @return User[]
|
||||
*/
|
||||
public function findAllByTenant(TenantId $tenantId): array;
|
||||
|
||||
/**
|
||||
* Returns all students (ROLE_ELEVE) for a given tenant.
|
||||
*
|
||||
* @return User[]
|
||||
*/
|
||||
public function findStudentsByTenant(TenantId $tenantId): array;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,111 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Infrastructure\Api\Processor;
|
||||
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProcessorInterface;
|
||||
use App\Administration\Application\Command\UpdateImageRights\UpdateImageRightsCommand;
|
||||
use App\Administration\Application\Command\UpdateImageRights\UpdateImageRightsHandler;
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Infrastructure\Api\Resource\ImageRightsResource;
|
||||
use App\Administration\Infrastructure\Security\ImageRightsVoter;
|
||||
use App\Administration\Infrastructure\Security\SecurityUser;
|
||||
use App\Shared\Application\Port\AuditLogger;
|
||||
use App\Shared\Infrastructure\Tenant\TenantContext;
|
||||
use Override;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
use Symfony\Component\Messenger\MessageBusInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
|
||||
use ValueError;
|
||||
|
||||
/**
|
||||
* @implements ProcessorInterface<ImageRightsResource, ImageRightsResource>
|
||||
*/
|
||||
final readonly class UpdateImageRightsProcessor implements ProcessorInterface
|
||||
{
|
||||
public function __construct(
|
||||
private UpdateImageRightsHandler $handler,
|
||||
private MessageBusInterface $eventBus,
|
||||
private AuthorizationCheckerInterface $authorizationChecker,
|
||||
private TenantContext $tenantContext,
|
||||
private Security $security,
|
||||
private AuditLogger $auditLogger,
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ImageRightsResource $data
|
||||
*/
|
||||
#[Override]
|
||||
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): ImageRightsResource
|
||||
{
|
||||
if (!$this->authorizationChecker->isGranted(ImageRightsVoter::EDIT)) {
|
||||
throw new AccessDeniedHttpException('Vous n\'êtes pas autorisé à modifier les droits à l\'image.');
|
||||
}
|
||||
|
||||
if (!$this->tenantContext->hasTenant()) {
|
||||
throw new UnauthorizedHttpException('Bearer', 'Tenant non défini.');
|
||||
}
|
||||
|
||||
/** @var string $studentId */
|
||||
$studentId = $uriVariables['id'] ?? '';
|
||||
$status = $data->imageRightsStatus ?? '';
|
||||
|
||||
if ($status === '') {
|
||||
throw new BadRequestHttpException('Le statut du droit à l\'image est obligatoire.');
|
||||
}
|
||||
|
||||
$currentUser = $this->security->getUser();
|
||||
if (!$currentUser instanceof SecurityUser) {
|
||||
throw new UnauthorizedHttpException('Bearer', 'Utilisateur non authentifié.');
|
||||
}
|
||||
|
||||
try {
|
||||
$command = new UpdateImageRightsCommand(
|
||||
studentId: $studentId,
|
||||
status: $status,
|
||||
modifiedBy: $currentUser->userId(),
|
||||
tenantId: (string) $this->tenantContext->getCurrentTenantId(),
|
||||
);
|
||||
$user = ($this->handler)($command);
|
||||
|
||||
/** @var ImageRightsResource $previousData */
|
||||
$previousData = $context['previous_data'];
|
||||
$oldStatus = $previousData->imageRightsStatus;
|
||||
|
||||
$this->auditLogger->logDataChange(
|
||||
aggregateType: 'User',
|
||||
aggregateId: $user->id->value,
|
||||
eventType: 'ImageRightsUpdated',
|
||||
oldValues: ['image_rights_status' => $oldStatus],
|
||||
newValues: ['image_rights_status' => $status],
|
||||
reason: 'Mise à jour du droit à l\'image',
|
||||
);
|
||||
|
||||
foreach ($user->pullDomainEvents() as $event) {
|
||||
$this->eventBus->dispatch($event);
|
||||
}
|
||||
|
||||
$resource = new ImageRightsResource();
|
||||
$resource->id = (string) $user->id;
|
||||
$resource->firstName = $user->firstName;
|
||||
$resource->lastName = $user->lastName;
|
||||
$resource->email = (string) $user->email;
|
||||
$resource->imageRightsStatus = $user->imageRightsStatus->value;
|
||||
$resource->imageRightsStatusLabel = $user->imageRightsStatus->label();
|
||||
$resource->imageRightsUpdatedAt = $user->imageRightsUpdatedAt;
|
||||
|
||||
return $resource;
|
||||
} catch (UserNotFoundException $e) {
|
||||
throw new NotFoundHttpException($e->getMessage());
|
||||
} catch (ValueError $e) {
|
||||
throw new BadRequestHttpException('Statut de droit à l\'image invalide : ' . $e->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,60 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Infrastructure\Api\Provider;
|
||||
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProviderInterface;
|
||||
use App\Administration\Application\Query\GetStudentsImageRights\GetStudentsImageRightsHandler;
|
||||
use App\Administration\Application\Query\GetStudentsImageRights\GetStudentsImageRightsQuery;
|
||||
use App\Administration\Infrastructure\Api\Resource\ImageRightsResource;
|
||||
use App\Administration\Infrastructure\Security\ImageRightsVoter;
|
||||
use App\Shared\Infrastructure\Tenant\TenantContext;
|
||||
use Override;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
|
||||
|
||||
/**
|
||||
* @implements ProviderInterface<ImageRightsResource>
|
||||
*/
|
||||
final readonly class ImageRightsCollectionProvider implements ProviderInterface
|
||||
{
|
||||
public function __construct(
|
||||
private GetStudentsImageRightsHandler $handler,
|
||||
private AuthorizationCheckerInterface $authorizationChecker,
|
||||
private TenantContext $tenantContext,
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ImageRightsResource[]
|
||||
*/
|
||||
#[Override]
|
||||
public function provide(Operation $operation, array $uriVariables = [], array $context = []): array
|
||||
{
|
||||
if (!$this->authorizationChecker->isGranted(ImageRightsVoter::VIEW)) {
|
||||
throw new AccessDeniedHttpException('Vous n\'êtes pas autorisé à consulter les droits à l\'image.');
|
||||
}
|
||||
|
||||
if (!$this->tenantContext->hasTenant()) {
|
||||
throw new UnauthorizedHttpException('Bearer', 'Tenant non défini.');
|
||||
}
|
||||
|
||||
/** @var array<string, string> $filters */
|
||||
$filters = $context['filters'] ?? [];
|
||||
|
||||
$query = new GetStudentsImageRightsQuery(
|
||||
tenantId: (string) $this->tenantContext->getCurrentTenantId(),
|
||||
status: isset($filters['status']) ? (string) $filters['status'] : null,
|
||||
);
|
||||
|
||||
$dtos = ($this->handler)($query);
|
||||
|
||||
return array_map(
|
||||
static fn ($dto) => ImageRightsResource::fromDto($dto),
|
||||
$dtos,
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,72 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Infrastructure\Api\Provider;
|
||||
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProviderInterface;
|
||||
use App\Administration\Application\Query\GetStudentsImageRights\GetStudentsImageRightsHandler;
|
||||
use App\Administration\Application\Query\GetStudentsImageRights\GetStudentsImageRightsQuery;
|
||||
use App\Administration\Application\Service\ImageRightsExporter;
|
||||
use App\Administration\Infrastructure\Security\ImageRightsVoter;
|
||||
use App\Shared\Application\Port\AuditLogger;
|
||||
use App\Shared\Infrastructure\Tenant\TenantContext;
|
||||
|
||||
use function count;
|
||||
|
||||
use Override;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
|
||||
|
||||
/**
|
||||
* @implements ProviderInterface<Response>
|
||||
*/
|
||||
final readonly class ImageRightsExportProvider implements ProviderInterface
|
||||
{
|
||||
public function __construct(
|
||||
private GetStudentsImageRightsHandler $handler,
|
||||
private ImageRightsExporter $exporter,
|
||||
private AuthorizationCheckerInterface $authorizationChecker,
|
||||
private TenantContext $tenantContext,
|
||||
private AuditLogger $auditLogger,
|
||||
) {
|
||||
}
|
||||
|
||||
#[Override]
|
||||
public function provide(Operation $operation, array $uriVariables = [], array $context = []): Response
|
||||
{
|
||||
if (!$this->authorizationChecker->isGranted(ImageRightsVoter::VIEW)) {
|
||||
throw new AccessDeniedHttpException('Vous n\'êtes pas autorisé à exporter les droits à l\'image.');
|
||||
}
|
||||
|
||||
if (!$this->tenantContext->hasTenant()) {
|
||||
throw new UnauthorizedHttpException('Bearer', 'Tenant non défini.');
|
||||
}
|
||||
|
||||
/** @var array<string, string> $filters */
|
||||
$filters = $context['filters'] ?? [];
|
||||
|
||||
$query = new GetStudentsImageRightsQuery(
|
||||
tenantId: (string) $this->tenantContext->getCurrentTenantId(),
|
||||
status: isset($filters['status']) ? (string) $filters['status'] : null,
|
||||
);
|
||||
|
||||
$dtos = ($this->handler)($query);
|
||||
$csv = $this->exporter->export($dtos);
|
||||
|
||||
$this->auditLogger->logExport(
|
||||
exportType: 'image_rights_csv',
|
||||
recordCount: count($dtos),
|
||||
targetDescription: 'Export liste droits à l\'image',
|
||||
);
|
||||
|
||||
$response = new Response($csv);
|
||||
$response->headers->set('Content-Type', 'text/csv; charset=UTF-8');
|
||||
$response->headers->set('Content-Disposition', 'attachment; filename="droits-image.csv"');
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,72 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Infrastructure\Api\Provider;
|
||||
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProviderInterface;
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\User\UserId;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Administration\Infrastructure\Api\Resource\ImageRightsResource;
|
||||
use App\Administration\Infrastructure\Security\ImageRightsVoter;
|
||||
use App\Shared\Infrastructure\Tenant\TenantContext;
|
||||
use Override;
|
||||
use Ramsey\Uuid\Exception\InvalidUuidStringException;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
|
||||
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
|
||||
|
||||
/**
|
||||
* @implements ProviderInterface<ImageRightsResource>
|
||||
*/
|
||||
final readonly class ImageRightsItemProvider implements ProviderInterface
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
private TenantContext $tenantContext,
|
||||
private AuthorizationCheckerInterface $authorizationChecker,
|
||||
) {
|
||||
}
|
||||
|
||||
#[Override]
|
||||
public function provide(Operation $operation, array $uriVariables = [], array $context = []): ImageRightsResource
|
||||
{
|
||||
if (!$this->tenantContext->hasTenant()) {
|
||||
throw new UnauthorizedHttpException('Bearer', 'Tenant non défini.');
|
||||
}
|
||||
|
||||
if (!$this->authorizationChecker->isGranted(ImageRightsVoter::EDIT)) {
|
||||
throw new AccessDeniedHttpException('Vous n\'êtes pas autorisé à modifier les droits à l\'image.');
|
||||
}
|
||||
|
||||
/** @var string|null $studentId */
|
||||
$studentId = $uriVariables['id'] ?? null;
|
||||
if ($studentId === null) {
|
||||
throw new NotFoundHttpException('Élève non trouvé.');
|
||||
}
|
||||
|
||||
try {
|
||||
$user = $this->userRepository->get(UserId::fromString($studentId));
|
||||
} catch (UserNotFoundException|InvalidUuidStringException) {
|
||||
throw new NotFoundHttpException('Élève non trouvé.');
|
||||
}
|
||||
|
||||
if ((string) $user->tenantId !== (string) $this->tenantContext->getCurrentTenantId()) {
|
||||
throw new NotFoundHttpException('Élève non trouvé.');
|
||||
}
|
||||
|
||||
$resource = new ImageRightsResource();
|
||||
$resource->id = (string) $user->id;
|
||||
$resource->firstName = $user->firstName;
|
||||
$resource->lastName = $user->lastName;
|
||||
$resource->email = (string) $user->email;
|
||||
$resource->imageRightsStatus = $user->imageRightsStatus->value;
|
||||
$resource->imageRightsStatusLabel = $user->imageRightsStatus->label();
|
||||
$resource->imageRightsUpdatedAt = $user->imageRightsUpdatedAt;
|
||||
|
||||
return $resource;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,76 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Infrastructure\Api\Resource;
|
||||
|
||||
use ApiPlatform\Metadata\ApiProperty;
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use ApiPlatform\Metadata\Patch;
|
||||
use App\Administration\Application\Query\GetStudentsImageRights\StudentImageRightsDto;
|
||||
use App\Administration\Infrastructure\Api\Processor\UpdateImageRightsProcessor;
|
||||
use App\Administration\Infrastructure\Api\Provider\ImageRightsCollectionProvider;
|
||||
use App\Administration\Infrastructure\Api\Provider\ImageRightsExportProvider;
|
||||
use App\Administration\Infrastructure\Api\Provider\ImageRightsItemProvider;
|
||||
use DateTimeImmutable;
|
||||
use Symfony\Component\Validator\Constraints as Assert;
|
||||
|
||||
#[ApiResource(
|
||||
shortName: 'ImageRights',
|
||||
operations: [
|
||||
new GetCollection(
|
||||
uriTemplate: '/students/image-rights',
|
||||
provider: ImageRightsCollectionProvider::class,
|
||||
name: 'get_students_image_rights',
|
||||
),
|
||||
new Get(
|
||||
uriTemplate: '/students/image-rights/export',
|
||||
provider: ImageRightsExportProvider::class,
|
||||
name: 'export_students_image_rights',
|
||||
),
|
||||
new Patch(
|
||||
uriTemplate: '/students/{id}/image-rights',
|
||||
provider: ImageRightsItemProvider::class,
|
||||
processor: UpdateImageRightsProcessor::class,
|
||||
name: 'update_student_image_rights',
|
||||
),
|
||||
],
|
||||
)]
|
||||
final class ImageRightsResource
|
||||
{
|
||||
#[ApiProperty(identifier: true)]
|
||||
public ?string $id = null;
|
||||
|
||||
public ?string $firstName = null;
|
||||
|
||||
public ?string $lastName = null;
|
||||
|
||||
public ?string $email = null;
|
||||
|
||||
#[Assert\NotBlank(message: 'Le statut est requis.')]
|
||||
#[Assert\Choice(choices: ['authorized', 'refused', 'not_specified'], message: 'Statut invalide.')]
|
||||
public ?string $imageRightsStatus = null;
|
||||
|
||||
public ?string $imageRightsStatusLabel = null;
|
||||
|
||||
public ?DateTimeImmutable $imageRightsUpdatedAt = null;
|
||||
|
||||
public ?string $className = null;
|
||||
|
||||
public static function fromDto(StudentImageRightsDto $dto): self
|
||||
{
|
||||
$resource = new self();
|
||||
$resource->id = $dto->id;
|
||||
$resource->firstName = $dto->firstName;
|
||||
$resource->lastName = $dto->lastName;
|
||||
$resource->email = $dto->email;
|
||||
$resource->imageRightsStatus = $dto->imageRightsStatus;
|
||||
$resource->imageRightsStatusLabel = $dto->imageRightsStatusLabel;
|
||||
$resource->imageRightsUpdatedAt = $dto->imageRightsUpdatedAt;
|
||||
$resource->className = $dto->className;
|
||||
|
||||
return $resource;
|
||||
}
|
||||
}
|
||||
@@ -7,6 +7,7 @@ namespace App\Administration\Infrastructure\Persistence\Cache;
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\ConsentementParental\ConsentementParental;
|
||||
use App\Administration\Domain\Model\User\Email;
|
||||
use App\Administration\Domain\Model\User\ImageRightsStatus;
|
||||
use App\Administration\Domain\Model\User\Role;
|
||||
use App\Administration\Domain\Model\User\StatutCompte;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
@@ -131,6 +132,15 @@ final readonly class CacheUserRepository implements UserRepository
|
||||
return $users;
|
||||
}
|
||||
|
||||
#[Override]
|
||||
public function findStudentsByTenant(TenantId $tenantId): array
|
||||
{
|
||||
return array_values(array_filter(
|
||||
$this->findAllByTenant($tenantId),
|
||||
static fn (User $user): bool => $user->aLeRole(Role::ELEVE),
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
@@ -154,6 +164,9 @@ final readonly class CacheUserRepository implements UserRepository
|
||||
'invited_at' => $user->invitedAt?->format('c'),
|
||||
'blocked_at' => $user->blockedAt?->format('c'),
|
||||
'blocked_reason' => $user->blockedReason,
|
||||
'image_rights_status' => $user->imageRightsStatus->value,
|
||||
'image_rights_updated_at' => $user->imageRightsUpdatedAt?->format('c'),
|
||||
'image_rights_updated_by' => $user->imageRightsUpdatedBy !== null ? (string) $user->imageRightsUpdatedBy : null,
|
||||
'consentement_parental' => $consentement !== null ? [
|
||||
'parent_id' => $consentement->parentId,
|
||||
'eleve_id' => $consentement->eleveId,
|
||||
@@ -181,6 +194,9 @@ final readonly class CacheUserRepository implements UserRepository
|
||||
* invited_at?: string|null,
|
||||
* blocked_at?: string|null,
|
||||
* blocked_reason?: string|null,
|
||||
* image_rights_status?: string,
|
||||
* image_rights_updated_at?: string|null,
|
||||
* image_rights_updated_by?: string|null,
|
||||
* consentement_parental: array{parent_id: string, eleve_id: string, date_consentement: string, ip_address: string}|null
|
||||
* } $data
|
||||
*/
|
||||
@@ -226,6 +242,9 @@ final readonly class CacheUserRepository implements UserRepository
|
||||
invitedAt: $invitedAt,
|
||||
blockedAt: $blockedAt,
|
||||
blockedReason: $data['blocked_reason'] ?? null,
|
||||
imageRightsStatus: isset($data['image_rights_status']) ? ImageRightsStatus::from($data['image_rights_status']) : ImageRightsStatus::NOT_SPECIFIED,
|
||||
imageRightsUpdatedAt: ($data['image_rights_updated_at'] ?? null) !== null ? new DateTimeImmutable($data['image_rights_updated_at']) : null,
|
||||
imageRightsUpdatedBy: ($data['image_rights_updated_by'] ?? null) !== null ? UserId::fromString($data['image_rights_updated_by']) : null,
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ namespace App\Administration\Infrastructure\Persistence\Cache;
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\ConsentementParental\ConsentementParental;
|
||||
use App\Administration\Domain\Model\User\Email;
|
||||
use App\Administration\Domain\Model\User\ImageRightsStatus;
|
||||
use App\Administration\Domain\Model\User\Role;
|
||||
use App\Administration\Domain\Model\User\StatutCompte;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
@@ -157,6 +158,12 @@ final readonly class CachedUserRepository implements UserRepository
|
||||
return $users;
|
||||
}
|
||||
|
||||
#[Override]
|
||||
public function findStudentsByTenant(TenantId $tenantId): array
|
||||
{
|
||||
return $this->inner->findStudentsByTenant($tenantId);
|
||||
}
|
||||
|
||||
private function populateCache(User $user): void
|
||||
{
|
||||
try {
|
||||
@@ -197,6 +204,9 @@ final readonly class CachedUserRepository implements UserRepository
|
||||
'invited_at' => $user->invitedAt?->format('c'),
|
||||
'blocked_at' => $user->blockedAt?->format('c'),
|
||||
'blocked_reason' => $user->blockedReason,
|
||||
'image_rights_status' => $user->imageRightsStatus->value,
|
||||
'image_rights_updated_at' => $user->imageRightsUpdatedAt?->format('c'),
|
||||
'image_rights_updated_by' => $user->imageRightsUpdatedBy !== null ? (string) $user->imageRightsUpdatedBy : null,
|
||||
'consentement_parental' => $consentement !== null ? [
|
||||
'parent_id' => $consentement->parentId,
|
||||
'eleve_id' => $consentement->eleveId,
|
||||
@@ -242,6 +252,12 @@ final readonly class CachedUserRepository implements UserRepository
|
||||
$blockedAt = $data['blocked_at'] ?? null;
|
||||
/** @var string|null $blockedReason */
|
||||
$blockedReason = $data['blocked_reason'] ?? null;
|
||||
/** @var string|null $imageRightsStatusValue */
|
||||
$imageRightsStatusValue = $data['image_rights_status'] ?? null;
|
||||
/** @var string|null $imageRightsUpdatedAt */
|
||||
$imageRightsUpdatedAt = $data['image_rights_updated_at'] ?? null;
|
||||
/** @var string|null $imageRightsUpdatedBy */
|
||||
$imageRightsUpdatedBy = $data['image_rights_updated_by'] ?? null;
|
||||
|
||||
$roles = array_map(static fn (string $r) => Role::from($r), $roleStrings);
|
||||
|
||||
@@ -274,6 +290,9 @@ final readonly class CachedUserRepository implements UserRepository
|
||||
invitedAt: $invitedAt !== null ? new DateTimeImmutable($invitedAt) : null,
|
||||
blockedAt: $blockedAt !== null ? new DateTimeImmutable($blockedAt) : null,
|
||||
blockedReason: $blockedReason,
|
||||
imageRightsStatus: $imageRightsStatusValue !== null ? ImageRightsStatus::from($imageRightsStatusValue) : ImageRightsStatus::NOT_SPECIFIED,
|
||||
imageRightsUpdatedAt: $imageRightsUpdatedAt !== null ? new DateTimeImmutable($imageRightsUpdatedAt) : null,
|
||||
imageRightsUpdatedBy: $imageRightsUpdatedBy !== null ? UserId::fromString($imageRightsUpdatedBy) : null,
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ namespace App\Administration\Infrastructure\Persistence\Doctrine;
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\ConsentementParental\ConsentementParental;
|
||||
use App\Administration\Domain\Model\User\Email;
|
||||
use App\Administration\Domain\Model\User\ImageRightsStatus;
|
||||
use App\Administration\Domain\Model\User\Role;
|
||||
use App\Administration\Domain\Model\User\StatutCompte;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
@@ -42,6 +43,7 @@ final readonly class DoctrineUserRepository implements UserRepository
|
||||
hashed_password, statut, school_name, date_naissance,
|
||||
created_at, activated_at, invited_at, blocked_at, blocked_reason,
|
||||
consentement_parent_id, consentement_eleve_id, consentement_date, consentement_ip,
|
||||
image_rights_status, image_rights_updated_at, image_rights_updated_by,
|
||||
updated_at
|
||||
)
|
||||
VALUES (
|
||||
@@ -49,6 +51,7 @@ final readonly class DoctrineUserRepository implements UserRepository
|
||||
:hashed_password, :statut, :school_name, :date_naissance,
|
||||
:created_at, :activated_at, :invited_at, :blocked_at, :blocked_reason,
|
||||
:consentement_parent_id, :consentement_eleve_id, :consentement_date, :consentement_ip,
|
||||
:image_rights_status, :image_rights_updated_at, :image_rights_updated_by,
|
||||
NOW()
|
||||
)
|
||||
ON CONFLICT (id) DO UPDATE SET
|
||||
@@ -68,6 +71,9 @@ final readonly class DoctrineUserRepository implements UserRepository
|
||||
consentement_eleve_id = EXCLUDED.consentement_eleve_id,
|
||||
consentement_date = EXCLUDED.consentement_date,
|
||||
consentement_ip = EXCLUDED.consentement_ip,
|
||||
image_rights_status = EXCLUDED.image_rights_status,
|
||||
image_rights_updated_at = EXCLUDED.image_rights_updated_at,
|
||||
image_rights_updated_by = EXCLUDED.image_rights_updated_by,
|
||||
updated_at = NOW()
|
||||
SQL,
|
||||
[
|
||||
@@ -90,6 +96,9 @@ final readonly class DoctrineUserRepository implements UserRepository
|
||||
'consentement_eleve_id' => $consentement?->eleveId,
|
||||
'consentement_date' => $consentement?->dateConsentement->format(DateTimeImmutable::ATOM),
|
||||
'consentement_ip' => $consentement?->ipAddress,
|
||||
'image_rights_status' => $user->imageRightsStatus->value,
|
||||
'image_rights_updated_at' => $user->imageRightsUpdatedAt?->format(DateTimeImmutable::ATOM),
|
||||
'image_rights_updated_by' => $user->imageRightsUpdatedBy !== null ? (string) $user->imageRightsUpdatedBy : null,
|
||||
],
|
||||
);
|
||||
}
|
||||
@@ -150,6 +159,20 @@ final readonly class DoctrineUserRepository implements UserRepository
|
||||
return array_map(fn (array $row) => $this->hydrate($row), $rows);
|
||||
}
|
||||
|
||||
#[Override]
|
||||
public function findStudentsByTenant(TenantId $tenantId): array
|
||||
{
|
||||
$rows = $this->connection->fetchAllAssociative(
|
||||
'SELECT * FROM users WHERE tenant_id = :tenant_id AND roles::jsonb @> :role ORDER BY last_name ASC, first_name ASC',
|
||||
[
|
||||
'tenant_id' => (string) $tenantId,
|
||||
'role' => json_encode([Role::ELEVE->value]),
|
||||
],
|
||||
);
|
||||
|
||||
return array_map(fn (array $row) => $this->hydrate($row), $rows);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $row
|
||||
*/
|
||||
@@ -193,6 +216,12 @@ final readonly class DoctrineUserRepository implements UserRepository
|
||||
$consentementDate = $row['consentement_date'];
|
||||
/** @var string|null $consentementIp */
|
||||
$consentementIp = $row['consentement_ip'];
|
||||
/** @var string|null $imageRightsStatusValue */
|
||||
$imageRightsStatusValue = $row['image_rights_status'] ?? null;
|
||||
/** @var string|null $imageRightsUpdatedAtValue */
|
||||
$imageRightsUpdatedAtValue = $row['image_rights_updated_at'] ?? null;
|
||||
/** @var string|null $imageRightsUpdatedByValue */
|
||||
$imageRightsUpdatedByValue = $row['image_rights_updated_by'] ?? null;
|
||||
|
||||
/** @var string[]|null $roleValues */
|
||||
$roleValues = json_decode($rolesJson, true);
|
||||
@@ -230,6 +259,9 @@ final readonly class DoctrineUserRepository implements UserRepository
|
||||
invitedAt: $invitedAt !== null ? new DateTimeImmutable($invitedAt) : null,
|
||||
blockedAt: $blockedAt !== null ? new DateTimeImmutable($blockedAt) : null,
|
||||
blockedReason: $blockedReason,
|
||||
imageRightsStatus: $imageRightsStatusValue !== null ? ImageRightsStatus::from($imageRightsStatusValue) : ImageRightsStatus::NOT_SPECIFIED,
|
||||
imageRightsUpdatedAt: $imageRightsUpdatedAtValue !== null ? new DateTimeImmutable($imageRightsUpdatedAtValue) : null,
|
||||
imageRightsUpdatedBy: $imageRightsUpdatedByValue !== null ? UserId::fromString($imageRightsUpdatedByValue) : null,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ namespace App\Administration\Infrastructure\Persistence\InMemory;
|
||||
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\User\Email;
|
||||
use App\Administration\Domain\Model\User\Role;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
use App\Administration\Domain\Model\User\UserId;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
@@ -60,6 +61,15 @@ final class InMemoryUserRepository implements UserRepository
|
||||
));
|
||||
}
|
||||
|
||||
#[Override]
|
||||
public function findStudentsByTenant(TenantId $tenantId): array
|
||||
{
|
||||
return array_values(array_filter(
|
||||
$this->byId,
|
||||
static fn (User $user): bool => $user->tenantId->equals($tenantId) && $user->aLeRole(Role::ELEVE),
|
||||
));
|
||||
}
|
||||
|
||||
private function emailKey(Email $email, TenantId $tenantId): string
|
||||
{
|
||||
return $tenantId . ':' . strtolower((string) $email);
|
||||
|
||||
@@ -0,0 +1,99 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Infrastructure\Security;
|
||||
|
||||
use App\Administration\Domain\Model\User\Role;
|
||||
|
||||
use function in_array;
|
||||
|
||||
use Override;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Vote;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
|
||||
/**
|
||||
* Voter pour les autorisations sur les droits à l'image.
|
||||
*
|
||||
* Règles d'accès :
|
||||
* - ADMIN et SUPER_ADMIN : accès complet (lecture + modification)
|
||||
* - PROF, VIE_SCOLAIRE, SECRETARIAT : lecture seule
|
||||
*
|
||||
* @extends Voter<string, null>
|
||||
*/
|
||||
final class ImageRightsVoter extends Voter
|
||||
{
|
||||
public const string VIEW = 'IMAGE_RIGHTS_VIEW';
|
||||
public const string EDIT = 'IMAGE_RIGHTS_EDIT';
|
||||
|
||||
private const array SUPPORTED_ATTRIBUTES = [
|
||||
self::VIEW,
|
||||
self::EDIT,
|
||||
];
|
||||
|
||||
#[Override]
|
||||
protected function supports(string $attribute, mixed $subject): bool
|
||||
{
|
||||
return in_array($attribute, self::SUPPORTED_ATTRIBUTES, true);
|
||||
}
|
||||
|
||||
#[Override]
|
||||
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool
|
||||
{
|
||||
$user = $token->getUser();
|
||||
|
||||
if (!$user instanceof UserInterface) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$roles = $user->getRoles();
|
||||
|
||||
return match ($attribute) {
|
||||
self::VIEW => $this->canView($roles),
|
||||
self::EDIT => $this->canEdit($roles),
|
||||
default => false,
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string[] $roles
|
||||
*/
|
||||
private function canView(array $roles): bool
|
||||
{
|
||||
return $this->hasAnyRole($roles, [
|
||||
Role::SUPER_ADMIN->value,
|
||||
Role::ADMIN->value,
|
||||
Role::PROF->value,
|
||||
Role::VIE_SCOLAIRE->value,
|
||||
Role::SECRETARIAT->value,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string[] $roles
|
||||
*/
|
||||
private function canEdit(array $roles): bool
|
||||
{
|
||||
return $this->hasAnyRole($roles, [
|
||||
Role::SUPER_ADMIN->value,
|
||||
Role::ADMIN->value,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string[] $userRoles
|
||||
* @param string[] $allowedRoles
|
||||
*/
|
||||
private function hasAnyRole(array $userRoles, array $allowedRoles): bool
|
||||
{
|
||||
foreach ($userRoles as $role) {
|
||||
if (in_array($role, $allowedRoles, true)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user