From 13d3097b3eead012f477d5baa2219f13ab78f3c7 Mon Sep 17 00:00:00 2001 From: dahoud Date: Sat, 7 Feb 2026 17:04:49 +0000 Subject: [PATCH] Refactoring --- .../dev/security/RolePermissionConfig.java | 8 +-- .../dev/websocket/ChatWebSocketNext.java | 2 +- .../websocket/NotificationWebSocketNext.java | 2 +- .../META-INF/resources/jwt-secret.jwk | 6 ++ src/main/resources/application-dev.properties | 4 +- src/main/resources/application.properties | 2 +- .../dev/service/SecurityServiceTest.java | 62 ++++++++++++------- 7 files changed, 55 insertions(+), 31 deletions(-) create mode 100644 src/main/resources/META-INF/resources/jwt-secret.jwk diff --git a/src/main/java/com/lions/dev/security/RolePermissionConfig.java b/src/main/java/com/lions/dev/security/RolePermissionConfig.java index 80a4f61..5d9d67c 100644 --- a/src/main/java/com/lions/dev/security/RolePermissionConfig.java +++ b/src/main/java/com/lions/dev/security/RolePermissionConfig.java @@ -88,8 +88,8 @@ public class RolePermissionConfig { PROFILE_READ, PROFILE_UPDATE, PROFILE_DELETE, // Social / Recherche SOCIAL_SEARCH, SOCIAL_FOLLOW, SOCIAL_BLOCK, - // Événements - EVENTS_READ, EVENTS_PARTICIPATE, + // Événements - lecture, participation et création + EVENTS_READ, EVENTS_PARTICIPATE, EVENTS_CREATE, EVENTS_UPDATE_OWN, EVENTS_DELETE_OWN, // Établissements ESTABLISHMENTS_READ, // Réservations @@ -137,8 +137,8 @@ public class RolePermissionConfig { // ===== ESTABLISHMENT_MANAGER (Gérant / Manager) ===== rolePermissions.put(ESTABLISHMENT_MANAGER, EnumSet.of( - // Établissement - gestion partielle - ESTABLISHMENTS_UPDATE_OWN, + // Établissement - gestion partielle + création + ESTABLISHMENTS_CREATE, ESTABLISHMENTS_UPDATE_OWN, // Événements - gestion pour l'établissement EVENTS_CREATE, EVENTS_UPDATE_OWN, EVENTS_DELETE_OWN, // Réservations - gestion diff --git a/src/main/java/com/lions/dev/websocket/ChatWebSocketNext.java b/src/main/java/com/lions/dev/websocket/ChatWebSocketNext.java index 23f7d4c..c5ba133 100644 --- a/src/main/java/com/lions/dev/websocket/ChatWebSocketNext.java +++ b/src/main/java/com/lions/dev/websocket/ChatWebSocketNext.java @@ -31,7 +31,7 @@ import java.util.concurrent.ConcurrentHashMap; * * URL: ws://localhost:8080/chat/{userId} */ -@WebSocket(path = "/chat/{userId}") +@WebSocket(path = "/afterwork/chat/{userId}") @ApplicationScoped public class ChatWebSocketNext { diff --git a/src/main/java/com/lions/dev/websocket/NotificationWebSocketNext.java b/src/main/java/com/lions/dev/websocket/NotificationWebSocketNext.java index 052acc4..8449338 100644 --- a/src/main/java/com/lions/dev/websocket/NotificationWebSocketNext.java +++ b/src/main/java/com/lions/dev/websocket/NotificationWebSocketNext.java @@ -30,7 +30,7 @@ import java.util.concurrent.ConcurrentHashMap; * * URL: ws://localhost:8080/notifications/{userId} */ -@WebSocket(path = "/notifications/{userId}") +@WebSocket(path = "/afterwork/notifications/{userId}") @ApplicationScoped public class NotificationWebSocketNext { diff --git a/src/main/resources/META-INF/resources/jwt-secret.jwk b/src/main/resources/META-INF/resources/jwt-secret.jwk new file mode 100644 index 0000000..4519038 --- /dev/null +++ b/src/main/resources/META-INF/resources/jwt-secret.jwk @@ -0,0 +1,6 @@ +{ + "kty": "oct", + "k": "YWZ0ZXJ3b3JrLWp3dC1zZWNyZXQtbWluLTMyLWJ5dGVzLWZvci1oczI1NiE", + "alg": "HS256", + "use": "sig" +} \ No newline at end of file diff --git a/src/main/resources/application-dev.properties b/src/main/resources/application-dev.properties index 32523df..6524ef0 100644 --- a/src/main/resources/application-dev.properties +++ b/src/main/resources/application-dev.properties @@ -40,7 +40,9 @@ quarkus.flyway.clean-at-start=false # ==================================================================== # drop-and-create: recrée le schéma à chaque démarrage (pratique en dev). # ATTENTION: Ne JAMAIS utiliser ce mode en production ! -quarkus.hibernate-orm.database.generation=drop-and-create +# Utiliser 'update' pour conserver les données entre les redémarrages +# Changer en 'drop-and-create' uniquement si vous voulez réinitialiser la base +quarkus.hibernate-orm.database.generation=update quarkus.hibernate-orm.log.sql=true quarkus.hibernate-orm.log.format-sql=true quarkus.hibernate-orm.packages=com.lions.dev.entity diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index d89fdff..b3c2983 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -52,7 +52,7 @@ quarkus.http.auth.proactive=false # Sécurité HTTP - Permissions par chemin # ==================================================================== # Endpoints publics (sans authentification requise) -quarkus.http.auth.permission.public.paths=/afterwork/users/register,/afterwork/users/authenticate,/afterwork/users/forgot-password,/afterwork/users/reset-password,/afterwork/q/*,/afterwork/openapi,/afterwork/webhooks/*,/q/* +quarkus.http.auth.permission.public.paths=/afterwork/users/register,/afterwork/users/authenticate,/afterwork/users/forgot-password,/afterwork/users/reset-password,/afterwork/q/*,/afterwork/openapi,/afterwork/webhooks/*,/afterwork/media/files/*,/q/* quarkus.http.auth.permission.public.policy=permit # Endpoints admin (SUPER_ADMIN ou ADMIN requis) diff --git a/src/test/java/com/lions/dev/service/SecurityServiceTest.java b/src/test/java/com/lions/dev/service/SecurityServiceTest.java index f5ca553..3e8c83d 100644 --- a/src/test/java/com/lions/dev/service/SecurityServiceTest.java +++ b/src/test/java/com/lions/dev/service/SecurityServiceTest.java @@ -26,6 +26,9 @@ class SecurityServiceTest { @Inject SecurityService securityService; + @Inject + RolePermissionConfig rolePermissionConfig; + // ========================================================================= // Tests des permissions par rôle // ========================================================================= @@ -33,7 +36,7 @@ class SecurityServiceTest { @Test @DisplayName("Role USER devrait avoir les permissions de base") void testUserRoleHasBasicPermissions() { - Set userPermissions = RolePermissionConfig.getPermissions(Role.USER); + Set userPermissions = rolePermissionConfig.getPermissions(Role.USER); // Vérifier les permissions de profil assertTrue(userPermissions.contains(Permission.PROFILE_READ), "USER devrait pouvoir lire son profil"); @@ -53,27 +56,27 @@ class SecurityServiceTest { } @Test - @DisplayName("Role OWNER devrait avoir les permissions d'établissement") + @DisplayName("Role ESTABLISHMENT_OWNER devrait avoir les permissions d'établissement") void testOwnerRoleHasEstablishmentPermissions() { - Set ownerPermissions = RolePermissionConfig.getPermissions(Role.OWNER); + Set ownerPermissions = rolePermissionConfig.getPermissions(Role.ESTABLISHMENT_OWNER); // Permissions de gestion d'établissement - assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_CREATE), "OWNER devrait pouvoir créer un établissement"); - assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_UPDATE_OWN), "OWNER devrait pouvoir modifier son établissement"); - assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_DELETE_OWN), "OWNER devrait pouvoir supprimer son établissement"); - assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_MANAGE_STAFF), "OWNER devrait pouvoir gérer le personnel"); - assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_VIEW_ANALYTICS), "OWNER devrait voir les analytics"); + assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_CREATE), "ESTABLISHMENT_OWNER devrait pouvoir créer un établissement"); + assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_UPDATE_OWN), "ESTABLISHMENT_OWNER devrait pouvoir modifier son établissement"); + assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_DELETE_OWN), "ESTABLISHMENT_OWNER devrait pouvoir supprimer son établissement"); + assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_MANAGE_STAFF), "ESTABLISHMENT_OWNER devrait pouvoir gérer le personnel"); + assertTrue(ownerPermissions.contains(Permission.ESTABLISHMENTS_VIEW_ANALYTICS), "ESTABLISHMENT_OWNER devrait voir les analytics"); // Permissions de promotions - assertTrue(ownerPermissions.contains(Permission.PROMOTIONS_CREATE), "OWNER devrait pouvoir créer des promotions"); - assertTrue(ownerPermissions.contains(Permission.PROMOTIONS_UPDATE_OWN), "OWNER devrait pouvoir modifier ses promotions"); - assertTrue(ownerPermissions.contains(Permission.PROMOTIONS_DELETE_OWN), "OWNER devrait pouvoir supprimer ses promotions"); + assertTrue(ownerPermissions.contains(Permission.PROMOTIONS_CREATE), "ESTABLISHMENT_OWNER devrait pouvoir créer des promotions"); + assertTrue(ownerPermissions.contains(Permission.PROMOTIONS_UPDATE_OWN), "ESTABLISHMENT_OWNER devrait pouvoir modifier ses promotions"); + assertTrue(ownerPermissions.contains(Permission.PROMOTIONS_DELETE_OWN), "ESTABLISHMENT_OWNER devrait pouvoir supprimer ses promotions"); } @Test @DisplayName("Role SUPER_ADMIN devrait avoir toutes les permissions") void testSuperAdminHasAllPermissions() { - Set superAdminPermissions = RolePermissionConfig.getPermissions(Role.SUPER_ADMIN); + Set superAdminPermissions = rolePermissionConfig.getPermissions(Role.SUPER_ADMIN); // SUPER_ADMIN devrait avoir accès à tout assertTrue(superAdminPermissions.contains(Permission.SUPER_ADMIN_ACCESS), "SUPER_ADMIN devrait avoir accès super admin"); @@ -86,7 +89,7 @@ class SecurityServiceTest { @Test @DisplayName("Role MODERATOR devrait avoir les permissions de modération") void testModeratorRoleHasModerationPermissions() { - Set modPermissions = RolePermissionConfig.getPermissions(Role.MODERATOR); + Set modPermissions = rolePermissionConfig.getPermissions(Role.MODERATOR); assertTrue(modPermissions.contains(Permission.MODERATION_VIEW_REPORTS), "MODERATOR devrait voir les signalements"); assertTrue(modPermissions.contains(Permission.MODERATION_HANDLE_REPORTS), "MODERATOR devrait traiter les signalements"); @@ -128,23 +131,28 @@ class SecurityServiceTest { // ========================================================================= @Test - @DisplayName("Test conversion String vers Role") + @DisplayName("Test conversion String vers Role avec fromString") void testRoleFromString() { - assertEquals(Role.USER, Role.valueOf("USER")); - assertEquals(Role.OWNER, Role.valueOf("OWNER")); - assertEquals(Role.MANAGER, Role.valueOf("MANAGER")); - assertEquals(Role.ADMIN, Role.valueOf("ADMIN")); - assertEquals(Role.SUPER_ADMIN, Role.valueOf("SUPER_ADMIN")); - assertEquals(Role.MODERATOR, Role.valueOf("MODERATOR")); - assertEquals(Role.SUPPORT, Role.valueOf("SUPPORT")); - assertEquals(Role.FINANCE, Role.valueOf("FINANCE")); + // Nouveaux noms de rôles + assertEquals(Role.USER, Role.fromString("USER")); + assertEquals(Role.ESTABLISHMENT_OWNER, Role.fromString("ESTABLISHMENT_OWNER")); + assertEquals(Role.ESTABLISHMENT_MANAGER, Role.fromString("ESTABLISHMENT_MANAGER")); + assertEquals(Role.ADMIN, Role.fromString("ADMIN")); + assertEquals(Role.SUPER_ADMIN, Role.fromString("SUPER_ADMIN")); + assertEquals(Role.MODERATOR, Role.fromString("MODERATOR")); + assertEquals(Role.SUPPORT, Role.fromString("SUPPORT")); + assertEquals(Role.FINANCE_MANAGER, Role.fromString("FINANCE_MANAGER")); + + // Rétrocompatibilité avec anciens noms + assertEquals(Role.ESTABLISHMENT_OWNER, Role.fromString("OWNER")); + assertEquals(Role.ESTABLISHMENT_MANAGER, Role.fromString("MANAGER")); } @Test @DisplayName("Test que chaque rôle a au moins une permission") void testAllRolesHavePermissions() { for (Role role : Role.values()) { - Set permissions = RolePermissionConfig.getPermissions(role); + Set permissions = rolePermissionConfig.getPermissions(role); assertFalse(permissions.isEmpty(), "Le rôle " + role + " devrait avoir au moins une permission"); } } @@ -161,4 +169,12 @@ class SecurityServiceTest { assertFalse(permission.getDescription().isBlank(), "La description de " + permission + " ne devrait pas être vide"); } } + + @Test + @DisplayName("Role ESTABLISHMENT_MANAGER devrait pouvoir créer des établissements") + void testManagerCanCreateEstablishments() { + Set managerPermissions = rolePermissionConfig.getPermissions(Role.ESTABLISHMENT_MANAGER); + assertTrue(managerPermissions.contains(Permission.ESTABLISHMENTS_CREATE), + "ESTABLISHMENT_MANAGER devrait pouvoir créer un établissement"); + } }