Roukmoute/Classeo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Permettre à l'élève de consulter ses devoirs

Browse Source 
L'élève n'avait aucun moyen de voir les devoirs assignés à sa classe.
Cette fonctionnalité ajoute la consultation complète : liste triée par
échéance, détail avec pièces jointes, filtrage par matière, et marquage
personnel « fait » en localStorage.

Le dashboard élève affiche désormais les devoirs à venir avec ouverture
du détail en modale, et un lien vers la page complète. L'accès API est
sécurisé par vérification de la classe de l'élève (pas d'IDOR) et
validation du chemin des pièces jointes (pas de path traversal).
This commit is contained in:
Mathias STRASSER
2026-03-22 17:01:32 +01:00
parent 14c7849179
commit 2e2328c6ca
20 changed files with 2442 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/src/Scolarite/Application/Query/GetStudentHomework/AttachmentDto.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
declare(strict_types=1);
namespace App\Scolarite\Application\Query\GetStudentHomework;
final readonly class AttachmentDto
{
public function __construct(
public string $id,
public string $filename,
public int $fileSize,
public string $mimeType,
) {
}
}

97
backend/src/Scolarite/Application/Query/GetStudentHomework/GetStudentHomeworkHandler.php Normal file
View File

@@ -0,0 +1,97 @@
<?php
declare(strict_types=1);
namespace App\Scolarite\Application\Query\GetStudentHomework;
use App\Administration\Domain\Model\SchoolClass\ClassId;
use App\Scolarite\Application\Port\ScheduleDisplayReader;
use App\Scolarite\Application\Port\StudentClassReader;
use App\Scolarite\Domain\Model\Homework\Homework;
use App\Scolarite\Domain\Model\Homework\HomeworkId;
use App\Scolarite\Domain\Repository\HomeworkAttachmentRepository;
use App\Scolarite\Domain\Repository\HomeworkRepository;
use App\Shared\Domain\Tenant\TenantId;
use function array_filter;
use function array_map;
use function array_unique;
use function array_values;
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
use function usort;
#[AsMessageHandler(bus: 'query.bus')]
final readonly class GetStudentHomeworkHandler
{
public function __construct(
private StudentClassReader $studentClassReader,
private HomeworkRepository $homeworkRepository,
private HomeworkAttachmentRepository $attachmentRepository,
private ScheduleDisplayReader $displayReader,
) {
}
/** @return array<StudentHomeworkDto> */
public function __invoke(GetStudentHomeworkQuery $query): array
{
$tenantId = TenantId::fromString($query->tenantId);
$classId = $this->studentClassReader->currentClassId($query->studentId, $tenantId);
if ($classId === null) {
return [];
}
$homeworks = $this->homeworkRepository->findByClass(ClassId::fromString($classId), $tenantId);
if ($query->subjectId !== null) {
$filterSubjectId = $query->subjectId;
$homeworks = array_values(array_filter(
$homeworks,
static fn (Homework $h): bool => (string) $h->subjectId === $filterSubjectId,
));
}
usort($homeworks, static fn (Homework $a, Homework $b): int => $a->dueDate <=> $b->dueDate);
return $this->enrichHomeworks($homeworks, $query->tenantId);
}
/**
* @param array<Homework> $homeworks
*
* @return array<StudentHomeworkDto>
*/
private function enrichHomeworks(array $homeworks, string $tenantId): array
{
if ($homeworks === []) {
return [];
}
$subjectIds = array_values(array_unique(
array_map(static fn (Homework $h): string => (string) $h->subjectId, $homeworks),
));
$teacherIds = array_values(array_unique(
array_map(static fn (Homework $h): string => (string) $h->teacherId, $homeworks),
));
$subjects = $this->displayReader->subjectDisplay($tenantId, ...$subjectIds);
$teacherNames = $this->displayReader->teacherNames($tenantId, ...$teacherIds);
$homeworkIds = array_map(static fn (Homework $h): HomeworkId => $h->id, $homeworks);
$attachmentMap = $this->attachmentRepository->hasAttachments(...$homeworkIds);
return array_map(
static fn (Homework $h): StudentHomeworkDto => StudentHomeworkDto::fromDomain(
$h,
$subjects[(string) $h->subjectId]['name'] ?? '',
$subjects[(string) $h->subjectId]['color'] ?? null,
$teacherNames[(string) $h->teacherId] ?? '',
$attachmentMap[(string) $h->id] ?? false,
),
$homeworks,
);
}
}

15
backend/src/Scolarite/Application/Query/GetStudentHomework/GetStudentHomeworkQuery.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
declare(strict_types=1);
namespace App\Scolarite\Application\Query\GetStudentHomework;
final readonly class GetStudentHomeworkQuery
{
public function __construct(
public string $studentId,
public string $tenantId,
public ?string $subjectId = null,
) {
}
}

64
backend/src/Scolarite/Application/Query/GetStudentHomework/StudentHomeworkDetailDto.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
declare(strict_types=1);
namespace App\Scolarite\Application\Query\GetStudentHomework;
use App\Scolarite\Domain\Model\Homework\Homework;
use App\Scolarite\Domain\Model\Homework\HomeworkAttachment;
use function array_map;
final readonly class StudentHomeworkDetailDto
{
/**
* @param array<AttachmentDto> $attachments
*/
public function __construct(
public string $id,
public string $subjectId,
public string $subjectName,
public ?string $subjectColor,
public string $teacherId,
public string $teacherName,
public string $title,
public ?string $description,
public string $dueDate,
public string $createdAt,
public array $attachments,
) {
}
/**
* @param array<HomeworkAttachment> $attachments
*/
public static function fromDomain(
Homework $homework,
string $subjectName,
?string $subjectColor,
string $teacherName,
array $attachments,
): self {
return new self(
id: (string) $homework->id,
subjectId: (string) $homework->subjectId,
subjectName: $subjectName,
subjectColor: $subjectColor,
teacherId: (string) $homework->teacherId,
teacherName: $teacherName,
title: $homework->title,
description: $homework->description,
dueDate: $homework->dueDate->format('Y-m-d'),
createdAt: $homework->createdAt->format('Y-m-d\TH:i:sP'),
attachments: array_map(
static fn (HomeworkAttachment $a): AttachmentDto => new AttachmentDto(
id: (string) $a->id,
filename: $a->filename,
fileSize: $a->fileSize,
mimeType: $a->mimeType,
),
$attachments,
),
);
}
}

47
backend/src/Scolarite/Application/Query/GetStudentHomework/StudentHomeworkDto.php Normal file
View File

@@ -0,0 +1,47 @@
<?php
declare(strict_types=1);
namespace App\Scolarite\Application\Query\GetStudentHomework;
use App\Scolarite\Domain\Model\Homework\Homework;
final readonly class StudentHomeworkDto
{
public function __construct(
public string $id,
public string $subjectId,
public string $subjectName,
public ?string $subjectColor,
public string $teacherId,
public string $teacherName,
public string $title,
public ?string $description,
public string $dueDate,
public string $createdAt,
public bool $hasAttachments,
) {
}
public static function fromDomain(
Homework $homework,
string $subjectName,
?string $subjectColor,
string $teacherName,
bool $hasAttachments,
): self {
return new self(
id: (string) $homework->id,
subjectId: (string) $homework->subjectId,
subjectName: $subjectName,
subjectColor: $subjectColor,
teacherId: (string) $homework->teacherId,
teacherName: $teacherName,
title: $homework->title,
description: $homework->description,
dueDate: $homework->dueDate->format('Y-m-d'),
createdAt: $homework->createdAt->format('Y-m-d\TH:i:sP'),
hasAttachments: $hasAttachments,
);
}
}

5
backend/src/Scolarite/Domain/Repository/HomeworkAttachmentRepository.php
View File

@@ -12,5 +12,10 @@ interface HomeworkAttachmentRepository
/** @return array<HomeworkAttachment> */
public function findByHomeworkId(HomeworkId $homeworkId): array;
/**
* @return array<string, bool> Map homeworkId => hasAttachments
*/
public function hasAttachments(HomeworkId ...$homeworkIds): array;
public function save(HomeworkId $homeworkId, HomeworkAttachment $attachment): void;
}

208
backend/src/Scolarite/Infrastructure/Api/Controller/StudentHomeworkController.php Normal file
View File

@@ -0,0 +1,208 @@
<?php
declare(strict_types=1);
namespace App\Scolarite\Infrastructure\Api\Controller;
use App\Administration\Infrastructure\Security\SecurityUser;
use App\Scolarite\Application\Port\ScheduleDisplayReader;
use App\Scolarite\Application\Port\StudentClassReader;
use App\Scolarite\Application\Query\GetStudentHomework\GetStudentHomeworkHandler;
use App\Scolarite\Application\Query\GetStudentHomework\GetStudentHomeworkQuery;
use App\Scolarite\Application\Query\GetStudentHomework\StudentHomeworkDetailDto;
use App\Scolarite\Application\Query\GetStudentHomework\StudentHomeworkDto;
use App\Scolarite\Domain\Model\Homework\Homework;
use App\Scolarite\Domain\Model\Homework\HomeworkId;
use App\Scolarite\Domain\Repository\HomeworkAttachmentRepository;
use App\Scolarite\Domain\Repository\HomeworkRepository;
use App\Scolarite\Infrastructure\Security\HomeworkStudentVoter;
use App\Shared\Domain\Tenant\TenantId;
use function array_map;
use function is_string;
use function realpath;
use function str_starts_with;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;
#[IsGranted(HomeworkStudentVoter::VIEW)]
final readonly class StudentHomeworkController
{
public function __construct(
private Security $security,
private GetStudentHomeworkHandler $handler,
private HomeworkRepository $homeworkRepository,
private HomeworkAttachmentRepository $attachmentRepository,
private ScheduleDisplayReader $displayReader,
private StudentClassReader $studentClassReader,
#[Autowire('%kernel.project_dir%/var/uploads')]
private string $uploadsDir,
) {
}
#[Route('/api/me/homework', name: 'api_student_homework_list', methods: ['GET'])]
public function list(Request $request): JsonResponse
{
$user = $this->getSecurityUser();
$subjectId = $request->query->get('subjectId');
$result = ($this->handler)(new GetStudentHomeworkQuery(
studentId: $user->userId(),
tenantId: $user->tenantId(),
subjectId: is_string($subjectId) && $subjectId !== '' ? $subjectId : null,
));
return new JsonResponse([
'data' => array_map($this->serializeListItem(...), $result),
]);
}
#[Route('/api/me/homework/{id}', name: 'api_student_homework_detail', methods: ['GET'])]
public function detail(string $id): JsonResponse
{
$user = $this->getSecurityUser();
$tenantId = TenantId::fromString($user->tenantId());
$homework = $this->homeworkRepository->findById(HomeworkId::fromString($id), $tenantId);
if ($homework === null) {
throw new NotFoundHttpException('Devoir non trouvé.');
}
$this->assertHomeworkBelongsToStudentClass($user, $homework);
$attachments = $this->attachmentRepository->findByHomeworkId($homework->id);
$subjects = $this->displayReader->subjectDisplay($user->tenantId(), (string) $homework->subjectId);
$teacherNames = $this->displayReader->teacherNames($user->tenantId(), (string) $homework->teacherId);
$detail = StudentHomeworkDetailDto::fromDomain(
$homework,
$subjects[(string) $homework->subjectId]['name'] ?? '',
$subjects[(string) $homework->subjectId]['color'] ?? null,
$teacherNames[(string) $homework->teacherId] ?? '',
$attachments,
);
return new JsonResponse(['data' => $this->serializeDetail($detail)]);
}
#[Route('/api/me/homework/{homeworkId}/attachments/{attachmentId}', name: 'api_student_homework_attachment', methods: ['GET'])]
public function downloadAttachment(string $homeworkId, string $attachmentId): BinaryFileResponse
{
$user = $this->getSecurityUser();
$tenantId = TenantId::fromString($user->tenantId());
$homework = $this->homeworkRepository->findById(HomeworkId::fromString($homeworkId), $tenantId);
if ($homework === null) {
throw new NotFoundHttpException('Devoir non trouvé.');
}
$this->assertHomeworkBelongsToStudentClass($user, $homework);
$attachments = $this->attachmentRepository->findByHomeworkId($homework->id);
foreach ($attachments as $attachment) {
if ((string) $attachment->id === $attachmentId) {
$realPath = realpath($attachment->filePath);
$realUploadsDir = realpath($this->uploadsDir);
if ($realPath === false || $realUploadsDir === false || !str_starts_with($realPath, $realUploadsDir)) {
throw new NotFoundHttpException('Pièce jointe non trouvée.');
}
$response = new BinaryFileResponse($realPath);
$response->setContentDisposition(
ResponseHeaderBag::DISPOSITION_INLINE,
$attachment->filename,
);
return $response;
}
}
throw new NotFoundHttpException('Pièce jointe non trouvée.');
}
private function assertHomeworkBelongsToStudentClass(SecurityUser $user, Homework $homework): void
{
$classId = $this->studentClassReader->currentClassId(
$user->userId(),
TenantId::fromString($user->tenantId()),
);
if ($classId === null || (string) $homework->classId !== $classId) {
throw new NotFoundHttpException('Devoir non trouvé.');
}
}
private function getSecurityUser(): SecurityUser
{
$user = $this->security->getUser();
if (!$user instanceof SecurityUser) {
throw new AccessDeniedHttpException('Authentification requise.');
}
return $user;
}
/**
* @return array<string, mixed>
*/
private function serializeListItem(StudentHomeworkDto $dto): array
{
return [
'id' => $dto->id,
'subjectId' => $dto->subjectId,
'subjectName' => $dto->subjectName,
'subjectColor' => $dto->subjectColor,
'teacherId' => $dto->teacherId,
'teacherName' => $dto->teacherName,
'title' => $dto->title,
'description' => $dto->description,
'dueDate' => $dto->dueDate,
'createdAt' => $dto->createdAt,
'hasAttachments' => $dto->hasAttachments,
];
}
/**
* @return array<string, mixed>
*/
private function serializeDetail(StudentHomeworkDetailDto $dto): array
{
return [
'id' => $dto->id,
'subjectId' => $dto->subjectId,
'subjectName' => $dto->subjectName,
'subjectColor' => $dto->subjectColor,
'teacherId' => $dto->teacherId,
'teacherName' => $dto->teacherName,
'title' => $dto->title,
'description' => $dto->description,
'dueDate' => $dto->dueDate,
'createdAt' => $dto->createdAt,
'attachments' => array_map(
static fn ($a): array => [
'id' => $a->id,
'filename' => $a->filename,
'fileSize' => $a->fileSize,
'mimeType' => $a->mimeType,
],
$dto->attachments,
),
];
}
}

29
backend/src/Scolarite/Infrastructure/Persistence/Doctrine/DoctrineHomeworkAttachmentRepository.php
View File

@@ -9,9 +9,11 @@ use App\Scolarite\Domain\Model\Homework\HomeworkAttachmentId;
use App\Scolarite\Domain\Model\Homework\HomeworkId;
use App\Scolarite\Domain\Repository\HomeworkAttachmentRepository;
use function array_fill_keys;
use function array_map;
use DateTimeImmutable;
use Doctrine\DBAL\ArrayParameterType;
use Doctrine\DBAL\Connection;
use Override;
@@ -33,6 +35,33 @@ final readonly class DoctrineHomeworkAttachmentRepository implements HomeworkAtt
return array_map($this->hydrate(...), $rows);
}
#[Override]
public function hasAttachments(HomeworkId ...$homeworkIds): array
{
if ($homeworkIds === []) {
return [];
}
$ids = array_map(static fn (HomeworkId $id): string => (string) $id, $homeworkIds);
/** @var array<array{homework_id: string}> $rows */
$rows = $this->connection->fetchAllAssociative(
'SELECT DISTINCT homework_id FROM homework_attachments WHERE homework_id IN (:ids)',
['ids' => $ids],
['ids' => ArrayParameterType::STRING],
);
$result = array_fill_keys($ids, false);
foreach ($rows as $row) {
/** @var string $hwId */
$hwId = $row['homework_id'];
$result[$hwId] = true;
}
return $result;
}
#[Override]
public function save(HomeworkId $homeworkId, HomeworkAttachment $attachment): void
{

17
backend/src/Scolarite/Infrastructure/Persistence/InMemory/InMemoryHomeworkAttachmentRepository.php
View File

@@ -7,6 +7,10 @@ namespace App\Scolarite\Infrastructure\Persistence\InMemory;
use App\Scolarite\Domain\Model\Homework\HomeworkAttachment;
use App\Scolarite\Domain\Model\Homework\HomeworkId;
use App\Scolarite\Domain\Repository\HomeworkAttachmentRepository;
use function array_fill_keys;
use function array_map;
use Override;
final class InMemoryHomeworkAttachmentRepository implements HomeworkAttachmentRepository
@@ -20,6 +24,19 @@ final class InMemoryHomeworkAttachmentRepository implements HomeworkAttachmentRe
return $this->byHomeworkId[(string) $homeworkId] ?? [];
}
#[Override]
public function hasAttachments(HomeworkId ...$homeworkIds): array
{
$ids = array_map(static fn (HomeworkId $id): string => (string) $id, $homeworkIds);
$result = array_fill_keys($ids, false);
foreach ($ids as $id) {
$result[$id] = isset($this->byHomeworkId[$id]) && $this->byHomeworkId[$id] !== [];
}
return $result;
}
#[Override]
public function save(HomeworkId $homeworkId, HomeworkAttachment $attachment): void
{

43
backend/src/Scolarite/Infrastructure/Security/HomeworkStudentVoter.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
declare(strict_types=1);
namespace App\Scolarite\Infrastructure\Security;
use App\Administration\Domain\Model\User\Role;
use App\Administration\Infrastructure\Security\SecurityUser;
use function in_array;
use Override;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Vote;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
* Voter pour la consultation des devoirs par l'élève.
*
* @extends Voter<string, null>
*/
final class HomeworkStudentVoter extends Voter
{
public const string VIEW = 'HOMEWORK_STUDENT_VIEW';
#[Override]
protected function supports(string $attribute, mixed $subject): bool
{
return $attribute === self::VIEW;
}
#[Override]
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool
{
$user = $token->getUser();
if (!$user instanceof SecurityUser) {
return false;
}
return in_array(Role::ELEVE->value, $user->getRoles(), true);
}
}