Roukmoute/Classeo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Gestion des utilisateurs (invitation, blocage, déblocage)

Browse Source 
Permet aux administrateurs d'un établissement de gérer le cycle de vie
des comptes utilisateurs : inviter de nouveaux membres, bloquer/débloquer
des comptes actifs, et renvoyer des invitations en attente.

Chaque mutation vérifie l'appartenance au tenant courant pour empêcher
les accès cross-tenant. Le blocage est restreint aux comptes actifs
uniquement et un administrateur ne peut pas bloquer son propre compte.

Les comptes suspendus reçoivent une erreur 403 spécifique au login
(sans déclencher l'escalade du rate limiting) et les tentatives sont
tracées dans les métriques Prometheus.
This commit is contained in:
Mathias STRASSER
2026-02-07 16:44:30 +01:00
parent ff18850a43
commit 4005c70082
58 changed files with 4443 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
backend/src/Administration/Infrastructure/Persistence/Cache/CacheUserRepository.php
View File

@@ -14,6 +14,9 @@ use App\Administration\Domain\Model\User\UserId;
use App\Administration\Domain\Repository\UserRepository;
use App\Shared\Domain\Tenant\TenantId;
use DateTimeImmutable;
use function in_array;
use Psr\Cache\CacheItemPoolInterface;
/**
@@ -27,6 +30,7 @@ final readonly class CacheUserRepository implements UserRepository
{
private const string KEY_PREFIX = 'user:';
private const string EMAIL_INDEX_PREFIX = 'user_email:';
private const string TENANT_INDEX_PREFIX = 'user_tenant:';
public function __construct(
private CacheItemPoolInterface $usersCache,
@@ -45,6 +49,18 @@ final readonly class CacheUserRepository implements UserRepository
$emailItem = $this->usersCache->getItem($emailKey);
$emailItem->set((string) $user->id);
$this->usersCache->save($emailItem);
// Save tenant index for listing users
$tenantKey = self::TENANT_INDEX_PREFIX . $user->tenantId;
$tenantItem = $this->usersCache->getItem($tenantKey);
/** @var string[] $userIds */
$userIds = $tenantItem->isHit() ? $tenantItem->get() : [];
$userId = (string) $user->id;
if (!in_array($userId, $userIds, true)) {
$userIds[] = $userId;
}
$tenantItem->set($userIds);
$this->usersCache->save($tenantItem);
}
public function findById(UserId $id): ?User
@@ -55,7 +71,7 @@ final readonly class CacheUserRepository implements UserRepository
return null;
}
/** @var array{id: string, email: string, role: string, tenant_id: string, school_name: string, statut: string, hashed_password: string|null, date_naissance: string|null, created_at: string, activated_at: string|null, consentement_parental: array{parent_id: string, eleve_id: string, date_consentement: string, ip_address: string}|null} $data */
/** @var array{id: string, email: string, role: string, tenant_id: string, school_name: string, statut: string, hashed_password: string|null, date_naissance: string|null, created_at: string, activated_at: string|null, first_name?: string, last_name?: string, invited_at?: string|null, blocked_at?: string|null, blocked_reason?: string|null, consentement_parental: array{parent_id: string, eleve_id: string, date_consentement: string, ip_address: string}|null} $data */
$data = $item->get();
return $this->deserialize($data);
@@ -87,6 +103,29 @@ final readonly class CacheUserRepository implements UserRepository
return $user;
}
public function findAllByTenant(TenantId $tenantId): array
{
$tenantKey = self::TENANT_INDEX_PREFIX . $tenantId;
$tenantItem = $this->usersCache->getItem($tenantKey);
if (!$tenantItem->isHit()) {
return [];
}
/** @var string[] $userIds */
$userIds = $tenantItem->get();
$users = [];
foreach ($userIds as $userId) {
$user = $this->findById(UserId::fromString($userId));
if ($user !== null) {
$users[] = $user;
}
}
return $users;
}
/**
* @return array<string, mixed>
*/
@@ -105,6 +144,11 @@ final readonly class CacheUserRepository implements UserRepository
'date_naissance' => $user->dateNaissance?->format('Y-m-d'),
'created_at' => $user->createdAt->format('c'),
'activated_at' => $user->activatedAt?->format('c'),
'first_name' => $user->firstName,
'last_name' => $user->lastName,
'invited_at' => $user->invitedAt?->format('c'),
'blocked_at' => $user->blockedAt?->format('c'),
'blocked_reason' => $user->blockedReason,
'consentement_parental' => $consentement !== null ? [
'parent_id' => $consentement->parentId,
'eleve_id' => $consentement->eleveId,
@@ -126,6 +170,11 @@ final readonly class CacheUserRepository implements UserRepository
* date_naissance: string|null,
* created_at: string,
* activated_at: string|null,
* first_name?: string,
* last_name?: string,
* invited_at?: string|null,
* blocked_at?: string|null,
* blocked_reason?: string|null,
* consentement_parental: array{parent_id: string, eleve_id: string, date_consentement: string, ip_address: string}|null
* } $data
*/
@@ -142,6 +191,9 @@ final readonly class CacheUserRepository implements UserRepository
);
}
$invitedAt = ($data['invited_at'] ?? null) !== null ? new DateTimeImmutable($data['invited_at']) : null;
$blockedAt = ($data['blocked_at'] ?? null) !== null ? new DateTimeImmutable($data['blocked_at']) : null;
return User::reconstitute(
id: UserId::fromString($data['id']),
email: new Email($data['email']),
@@ -154,6 +206,11 @@ final readonly class CacheUserRepository implements UserRepository
hashedPassword: $data['hashed_password'],
activatedAt: $data['activated_at'] !== null ? new DateTimeImmutable($data['activated_at']) : null,
consentementParental: $consentement,
firstName: $data['first_name'] ?? '',
lastName: $data['last_name'] ?? '',
invitedAt: $invitedAt,
blockedAt: $blockedAt,
blockedReason: $data['blocked_reason'] ?? null,
);
}