Roukmoute/Classeo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Attribution de rôles multiples par utilisateur

Browse Source 
Les utilisateurs Classeo étaient limités à un seul rôle, alors que
dans la réalité scolaire un directeur peut aussi être enseignant,
ou un parent peut avoir un rôle vie scolaire. Cette limitation
obligeait à créer des comptes distincts par fonction.

Le modèle User supporte désormais plusieurs rôles simultanés avec
basculement via le header. L'admin peut attribuer/retirer des rôles
depuis l'interface de gestion, avec des garde-fous : pas d'auto-
destitution, pas d'escalade de privilèges (seul SUPER_ADMIN peut
attribuer SUPER_ADMIN), vérification du statut actif pour le
switch de rôle, et TTL explicite sur le cache de rôle actif.
This commit is contained in:
Mathias STRASSER
2026-02-10 07:57:43 +01:00
parent 9ccad77bf0
commit e930c505df
93 changed files with 2527 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/tests/Unit/Administration/Domain/Model/User/UserInvitationTest.php
View File

@@ -176,7 +176,7 @@ final class UserInvitationTest extends TestCase
$user = User::reconstitute(
id: UserId::generate(),
email: new Email('minor@example.com'),
role: Role::ELEVE,
roles: [Role::ELEVE],
tenantId: TenantId::fromString(self::TENANT_ID),
schoolName: self::SCHOOL_NAME,
statut: StatutCompte::CONSENTEMENT_REQUIS,

156
backend/tests/Unit/Administration/Domain/Model/User/UserRoleTest.php Normal file
View File

@@ -0,0 +1,156 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\Administration\Domain\Model\User;
use App\Administration\Domain\Event\RoleAttribue;
use App\Administration\Domain\Event\RoleRetire;
use App\Administration\Domain\Exception\DernierRoleNonRetirableException;
use App\Administration\Domain\Exception\RoleDejaAttribueException;
use App\Administration\Domain\Exception\RoleNonAttribueException;
use App\Administration\Domain\Model\User\Email;
use App\Administration\Domain\Model\User\Role;
use App\Administration\Domain\Model\User\User;
use App\Shared\Domain\Tenant\TenantId;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
final class UserRoleTest extends TestCase
{
private const string TENANT_ID = '550e8400-e29b-41d4-a716-446655440002';
private const string SCHOOL_NAME = 'École Alpha';
#[Test]
public function userIsCreatedWithSingleRole(): void
{
$user = $this->createUser(Role::PROF);
self::assertSame([Role::PROF], $user->roles);
}
#[Test]
public function attribuerRoleAddsRoleToUser(): void
{
$user = $this->createUser(Role::PROF);
$user->pullDomainEvents();
$user->attribuerRole(Role::PARENT, new DateTimeImmutable('2026-02-08 10:00:00'));
self::assertContains(Role::PROF, $user->roles);
self::assertContains(Role::PARENT, $user->roles);
self::assertCount(2, $user->roles);
}
#[Test]
public function attribuerRoleRecordsRoleAttribueEvent(): void
{
$user = $this->createUser(Role::PROF);
$user->pullDomainEvents();
$user->attribuerRole(Role::PARENT, new DateTimeImmutable('2026-02-08 10:00:00'));
$events = $user->pullDomainEvents();
self::assertCount(1, $events);
self::assertInstanceOf(RoleAttribue::class, $events[0]);
}
#[Test]
public function attribuerRoleThrowsWhenRoleAlreadyAssigned(): void
{
$user = $this->createUser(Role::PROF);
$this->expectException(RoleDejaAttribueException::class);
$user->attribuerRole(Role::PROF, new DateTimeImmutable());
}
#[Test]
public function retirerRoleRemovesRoleFromUser(): void
{
$user = $this->createUser(Role::PROF);
$user->attribuerRole(Role::PARENT, new DateTimeImmutable());
$user->pullDomainEvents();
$user->retirerRole(Role::PARENT, new DateTimeImmutable('2026-02-08 10:00:00'));
self::assertSame([Role::PROF], $user->roles);
}
#[Test]
public function retirerRoleRecordsRoleRetireEvent(): void
{
$user = $this->createUser(Role::PROF);
$user->attribuerRole(Role::PARENT, new DateTimeImmutable());
$user->pullDomainEvents();
$user->retirerRole(Role::PARENT, new DateTimeImmutable('2026-02-08 10:00:00'));
$events = $user->pullDomainEvents();
self::assertCount(1, $events);
self::assertInstanceOf(RoleRetire::class, $events[0]);
}
#[Test]
public function retirerRoleThrowsWhenRoleNotAssigned(): void
{
$user = $this->createUser(Role::PROF);
$this->expectException(RoleNonAttribueException::class);
$user->retirerRole(Role::PARENT, new DateTimeImmutable());
}
#[Test]
public function retirerRoleThrowsWhenLastRole(): void
{
$user = $this->createUser(Role::PROF);
$this->expectException(DernierRoleNonRetirableException::class);
$user->retirerRole(Role::PROF, new DateTimeImmutable());
}
#[Test]
public function userCanHaveMultipleRoles(): void
{
$user = $this->createUser(Role::PROF);
$user->attribuerRole(Role::PARENT, new DateTimeImmutable());
$user->attribuerRole(Role::VIE_SCOLAIRE, new DateTimeImmutable());
self::assertCount(3, $user->roles);
self::assertContains(Role::PROF, $user->roles);
self::assertContains(Role::PARENT, $user->roles);
self::assertContains(Role::VIE_SCOLAIRE, $user->roles);
}
#[Test]
public function aLeRoleReturnsTrueForAssignedRole(): void
{
$user = $this->createUser(Role::PROF);
self::assertTrue($user->aLeRole(Role::PROF));
self::assertFalse($user->aLeRole(Role::PARENT));
}
#[Test]
public function rolePrincipalReturnsFirstRole(): void
{
$user = $this->createUser(Role::PROF);
self::assertSame(Role::PROF, $user->rolePrincipal());
}
private function createUser(Role $role = Role::PARENT): User
{
return User::creer(
email: new Email('user@example.com'),
role: $role,
tenantId: TenantId::fromString(self::TENANT_ID),
schoolName: self::SCHOOL_NAME,
dateNaissance: null,
createdAt: new DateTimeImmutable('2026-01-15 10:00:00'),
);
}
}