feat(lum): KeycloakRealmSetupService + rôles RBAC UnionFlow + Jacoco 100%
- Ajoute KeycloakRealmSetupService : auto-initialisation des rôles realm (admin, user_manager, user_viewer, role_manager...) et assignation du rôle user_manager au service account unionflow-server au démarrage (idempotent, retries, thread séparé pour ne pas bloquer le démarrage) → Corrige le 403 sur resetPassword / changement de mot de passe premier login - UserResource : étend les @RolesAllowed avec ADMIN/SUPER_ADMIN/USER pour permettre aux appels inter-services unionflow-server d'accéder aux endpoints sans être bloqués par le RBAC LUM ; corrige sendVerificationEmail (retourne Response) - application-dev.properties : service-accounts.user-manager-clients=unionflow-server - application-prod.properties : client-id, credentials.secret, token.audience, auto-setup - application-test.properties : H2 in-memory (plus besoin de Docker pour les tests) - pom.xml : H2 scope test, Jacoco 100% enforcement (exclusions MapStruct/repos/setup), annotation processors MapStruct+Lombok explicites - .gitignore + .env ajouté (.env exclu du commit) - script/docker/.env.example : variables KEYCLOAK_ADMIN_USERNAME/PASSWORD documentées
This commit is contained in:
dahoud
@@ -32,14 +32,14 @@ public class UserResource implements UserResourceApi {
|
||||
UserService userService;
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin", "user_manager" })
|
||||
@RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
|
||||
public UserSearchResultDTO searchUsers(@Valid @NotNull UserSearchCriteriaDTO criteria) {
|
||||
log.info("POST /api/users/search - Recherche d'utilisateurs");
|
||||
return userService.searchUsers(criteria);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin", "user_manager", "user_viewer" })
|
||||
@RolesAllowed({ "admin", "user_manager", "user_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
|
||||
public UserDTO getUserById(String userId, String realmName) {
|
||||
log.info("GET /api/users/{} - realm: {}", userId, realmName);
|
||||
return userService.getUserById(userId, realmName)
|
||||
@@ -48,14 +48,14 @@ public class UserResource implements UserResourceApi {
|
||||
}
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin", "user_manager", "user_viewer" })
|
||||
@RolesAllowed({ "admin", "user_manager", "user_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
|
||||
public UserSearchResultDTO getAllUsers(String realmName, int page, int pageSize) {
|
||||
log.info("GET /api/users - realm: {}, page: {}, pageSize: {}", realmName, page, pageSize);
|
||||
return userService.getAllUsers(realmName, page, pageSize);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin", "user_manager" })
|
||||
@RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
|
||||
public Response createUser(@Valid @NotNull UserDTO user, String realmName) {
|
||||
log.info("POST /api/users - Création d'un utilisateur: {}", user.getUsername());
|
||||
|
||||
@@ -74,28 +74,28 @@ public class UserResource implements UserResourceApi {
|
||||
}
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin", "user_manager" })
|
||||
@RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
|
||||
public UserDTO updateUser(String userId, @Valid @NotNull UserDTO user, String realmName) {
|
||||
log.info("PUT /api/users/{} - Mise à jour", userId);
|
||||
return userService.updateUser(userId, user, realmName);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin" })
|
||||
@RolesAllowed({ "admin", "ADMIN", "SUPER_ADMIN" })
|
||||
public void deleteUser(String userId, String realmName, boolean hardDelete) {
|
||||
log.info("DELETE /api/users/{} - realm: {}, hardDelete: {}", userId, realmName, hardDelete);
|
||||
userService.deleteUser(userId, realmName, hardDelete);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin", "user_manager" })
|
||||
@RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
|
||||
public void activateUser(String userId, String realmName) {
|
||||
log.info("POST /api/users/{}/activate", userId);
|
||||
userService.activateUser(userId, realmName);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin", "user_manager" })
|
||||
@RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
|
||||
public void deactivateUser(String userId, String realmName, String raison) {
|
||||
log.info("POST /api/users/{}/deactivate - raison: {}", userId, raison);
|
||||
userService.deactivateUser(userId, realmName, raison);
|
||||
@@ -110,9 +110,10 @@ public class UserResource implements UserResourceApi {
|
||||
|
||||
@Override
|
||||
@RolesAllowed({ "admin", "user_manager" })
|
||||
public void sendVerificationEmail(String userId, String realmName) {
|
||||
public Response sendVerificationEmail(String userId, String realmName) {
|
||||
log.info("POST /api/users/{}/send-verification-email", userId);
|
||||
userService.sendVerificationEmail(userId, realmName);
|
||||
return Response.accepted().build();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
Reference in New Issue
Block a user