feat: Gestion des utilisateurs (invitation, blocage, déblocage)
Permet aux administrateurs d'un établissement de gérer le cycle de vie des comptes utilisateurs : inviter de nouveaux membres, bloquer/débloquer des comptes actifs, et renvoyer des invitations en attente. Chaque mutation vérifie l'appartenance au tenant courant pour empêcher les accès cross-tenant. Le blocage est restreint aux comptes actifs uniquement et un administrateur ne peut pas bloquer son propre compte. Les comptes suspendus reçoivent une erreur 403 spécifique au login (sans déclencher l'escalade du rate limiting) et les tentatives sont tracées dans les métriques Prometheus.
This commit is contained in:
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\BlockUser;
|
||||
|
||||
final readonly class BlockUserCommand
|
||||
{
|
||||
public function __construct(
|
||||
public string $userId,
|
||||
public string $reason,
|
||||
public string $tenantId = '',
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\BlockUser;
|
||||
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
use App\Administration\Domain\Model\User\UserId;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Shared\Domain\Clock;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
|
||||
|
||||
#[AsMessageHandler(bus: 'command.bus')]
|
||||
final readonly class BlockUserHandler
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
private Clock $clock,
|
||||
) {
|
||||
}
|
||||
|
||||
public function __invoke(BlockUserCommand $command): User
|
||||
{
|
||||
$userId = UserId::fromString($command->userId);
|
||||
$user = $this->userRepository->get($userId);
|
||||
|
||||
if ($command->tenantId !== '' && !$user->tenantId->equals(TenantId::fromString($command->tenantId))) {
|
||||
throw UserNotFoundException::withId($userId);
|
||||
}
|
||||
|
||||
$user->bloquer($command->reason, $this->clock->now());
|
||||
|
||||
$this->userRepository->save($user);
|
||||
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\InviteUser;
|
||||
|
||||
final readonly class InviteUserCommand
|
||||
{
|
||||
public function __construct(
|
||||
public string $tenantId,
|
||||
public string $schoolName,
|
||||
public string $email,
|
||||
public string $role,
|
||||
public string $firstName,
|
||||
public string $lastName,
|
||||
public ?string $dateNaissance = null,
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,63 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\InviteUser;
|
||||
|
||||
use App\Administration\Domain\Exception\EmailDejaUtiliseeException;
|
||||
use App\Administration\Domain\Model\User\Email;
|
||||
use App\Administration\Domain\Model\User\Role;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Shared\Domain\Clock;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use DateTimeImmutable;
|
||||
use InvalidArgumentException;
|
||||
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
|
||||
|
||||
#[AsMessageHandler(bus: 'command.bus')]
|
||||
final readonly class InviteUserHandler
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
private Clock $clock,
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws EmailDejaUtiliseeException if email is already used in this tenant
|
||||
* @throws InvalidArgumentException if the role is invalid
|
||||
*/
|
||||
public function __invoke(InviteUserCommand $command): User
|
||||
{
|
||||
$tenantId = TenantId::fromString($command->tenantId);
|
||||
$email = new Email($command->email);
|
||||
|
||||
$role = Role::tryFrom($command->role);
|
||||
if ($role === null) {
|
||||
throw new InvalidArgumentException("Rôle invalide : \"{$command->role}\".");
|
||||
}
|
||||
|
||||
$existingUser = $this->userRepository->findByEmail($email, $tenantId);
|
||||
if ($existingUser !== null) {
|
||||
throw EmailDejaUtiliseeException::dansTenant($email, $tenantId);
|
||||
}
|
||||
|
||||
$user = User::inviter(
|
||||
email: $email,
|
||||
role: $role,
|
||||
tenantId: $tenantId,
|
||||
schoolName: $command->schoolName,
|
||||
firstName: $command->firstName,
|
||||
lastName: $command->lastName,
|
||||
invitedAt: $this->clock->now(),
|
||||
dateNaissance: $command->dateNaissance !== null
|
||||
? new DateTimeImmutable($command->dateNaissance)
|
||||
: null,
|
||||
);
|
||||
|
||||
$this->userRepository->save($user);
|
||||
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\ResendInvitation;
|
||||
|
||||
final readonly class ResendInvitationCommand
|
||||
{
|
||||
public function __construct(
|
||||
public string $userId,
|
||||
public string $tenantId = '',
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\ResendInvitation;
|
||||
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
use App\Administration\Domain\Model\User\UserId;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Shared\Domain\Clock;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
|
||||
|
||||
#[AsMessageHandler(bus: 'command.bus')]
|
||||
final readonly class ResendInvitationHandler
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
private Clock $clock,
|
||||
) {
|
||||
}
|
||||
|
||||
public function __invoke(ResendInvitationCommand $command): User
|
||||
{
|
||||
$userId = UserId::fromString($command->userId);
|
||||
$user = $this->userRepository->get($userId);
|
||||
|
||||
if ($command->tenantId !== '' && !$user->tenantId->equals(TenantId::fromString($command->tenantId))) {
|
||||
throw UserNotFoundException::withId($userId);
|
||||
}
|
||||
|
||||
$user->renvoyerInvitation($this->clock->now());
|
||||
|
||||
$this->userRepository->save($user);
|
||||
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\UnblockUser;
|
||||
|
||||
final readonly class UnblockUserCommand
|
||||
{
|
||||
public function __construct(
|
||||
public string $userId,
|
||||
public string $tenantId = '',
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Command\UnblockUser;
|
||||
|
||||
use App\Administration\Domain\Exception\UserNotFoundException;
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
use App\Administration\Domain\Model\User\UserId;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Shared\Domain\Clock;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
|
||||
|
||||
#[AsMessageHandler(bus: 'command.bus')]
|
||||
final readonly class UnblockUserHandler
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
private Clock $clock,
|
||||
) {
|
||||
}
|
||||
|
||||
public function __invoke(UnblockUserCommand $command): User
|
||||
{
|
||||
$userId = UserId::fromString($command->userId);
|
||||
$user = $this->userRepository->get($userId);
|
||||
|
||||
if ($command->tenantId !== '' && !$user->tenantId->equals(TenantId::fromString($command->tenantId))) {
|
||||
throw UserNotFoundException::withId($userId);
|
||||
}
|
||||
|
||||
$user->debloquer($this->clock->now());
|
||||
|
||||
$this->userRepository->save($user);
|
||||
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,58 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\GetUsers;
|
||||
|
||||
use App\Administration\Domain\Model\User\Role;
|
||||
use App\Administration\Domain\Model\User\StatutCompte;
|
||||
use App\Administration\Domain\Repository\UserRepository;
|
||||
use App\Shared\Domain\Clock;
|
||||
use App\Shared\Domain\Tenant\TenantId;
|
||||
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
|
||||
|
||||
#[AsMessageHandler(bus: 'query.bus')]
|
||||
final readonly class GetUsersHandler
|
||||
{
|
||||
public function __construct(
|
||||
private UserRepository $userRepository,
|
||||
private Clock $clock,
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @return UserDto[]
|
||||
*/
|
||||
public function __invoke(GetUsersQuery $query): array
|
||||
{
|
||||
$users = $this->userRepository->findAllByTenant(
|
||||
TenantId::fromString($query->tenantId),
|
||||
);
|
||||
|
||||
// Apply filters
|
||||
if ($query->role !== null) {
|
||||
$filterRole = Role::tryFrom($query->role);
|
||||
if ($filterRole !== null) {
|
||||
$users = array_filter(
|
||||
$users,
|
||||
static fn ($user) => $user->role === $filterRole,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if ($query->statut !== null) {
|
||||
$filterStatut = StatutCompte::tryFrom($query->statut);
|
||||
if ($filterStatut !== null) {
|
||||
$users = array_filter(
|
||||
$users,
|
||||
static fn ($user) => $user->statut === $filterStatut,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return array_values(array_map(
|
||||
fn ($user) => UserDto::fromDomain($user, $this->clock),
|
||||
$users,
|
||||
));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\GetUsers;
|
||||
|
||||
final readonly class GetUsersQuery
|
||||
{
|
||||
public function __construct(
|
||||
public string $tenantId,
|
||||
public ?string $role = null,
|
||||
public ?string $statut = null,
|
||||
) {
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,48 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Administration\Application\Query\GetUsers;
|
||||
|
||||
use App\Administration\Domain\Model\User\User;
|
||||
use App\Shared\Domain\Clock;
|
||||
use DateTimeImmutable;
|
||||
|
||||
final readonly class UserDto
|
||||
{
|
||||
public function __construct(
|
||||
public string $id,
|
||||
public string $email,
|
||||
public string $role,
|
||||
public string $roleLabel,
|
||||
public string $firstName,
|
||||
public string $lastName,
|
||||
public string $statut,
|
||||
public DateTimeImmutable $createdAt,
|
||||
public ?DateTimeImmutable $invitedAt,
|
||||
public ?DateTimeImmutable $activatedAt,
|
||||
public ?DateTimeImmutable $blockedAt,
|
||||
public ?string $blockedReason,
|
||||
public bool $invitationExpiree,
|
||||
) {
|
||||
}
|
||||
|
||||
public static function fromDomain(User $user, Clock $clock): self
|
||||
{
|
||||
return new self(
|
||||
id: (string) $user->id,
|
||||
email: (string) $user->email,
|
||||
role: $user->role->value,
|
||||
roleLabel: $user->role->label(),
|
||||
firstName: $user->firstName,
|
||||
lastName: $user->lastName,
|
||||
statut: $user->statut->value,
|
||||
createdAt: $user->createdAt,
|
||||
invitedAt: $user->invitedAt,
|
||||
activatedAt: $user->activatedAt,
|
||||
blockedAt: $user->blockedAt,
|
||||
blockedReason: $user->blockedReason,
|
||||
invitationExpiree: $user->estInvitationExpiree($clock->now()),
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user