fix(security): audit RBAC complet v3.0 — rôles normalisés, lifecycle, changement mdp mobile

RBAC: - HealthResource: @PermitAll - RoleResource: @RolesAllowed ADMIN/SUPER_ADMIN/ADMIN_ORGANISATION class-level - PropositionAideResource: @RolesAllowed MEMBRE/USER class-level - AuthCallbackResource: @PermitAll - EvenementResource: @PermitAll /publics et /test, count restreint - BackupResource/LogsMonitoringResource/SystemResource: MODERATOR → MODERATEUR - AnalyticsResource: MANAGER/MEMBER → ADMIN_ORGANISATION/MEMBRE - RoleConstant.java: constantes de rôles centralisées Cycle de vie membres: - MemberLifecycleService: ajouterMembre()/retirerMembre() sur activation/radiation/archivage - MembreResource: endpoint GET /numero/{numeroMembre} - MembreService: méthode trouverParNumeroMembre() Changement mot de passe: - CompteAdherentResource: endpoint POST /auth/change-password (mobile) - MembreKeycloakSyncService: changerMotDePasseDirectKeycloak() via API Admin Keycloak directe - Fallback automatique si lions-user-manager indisponible Workflow: - Flyway V17-V23: rôles, types org, formules Option C, lifecycle columns, bareme cotisation - Nouvelles classes: MemberLifecycleService, OrganisationModuleService, scheduler - Security: OrganisationContextFilter, OrganisationContextHolder, ModuleAccessFilter
2026-04-07 20:52:26 +00:00
parent c74ae25ad6
commit a2dfae9a0b
78 changed files with 5637 additions and 271 deletions
--- a/src/main/java/dev/lions/unionflow/server/resource/ApprovalResource.java
+++ b/src/main/java/dev/lions/unionflow/server/resource/ApprovalResource.java
@@ -1,6 +1,7 @@
 package dev.lions.unionflow.server.resource;

 import dev.lions.unionflow.server.service.ApprovalService;
+import dev.lions.unionflow.server.api.dto.common.ErrorResponse;
 import dev.lions.unionflow.server.api.dto.finance_workflow.request.ApproveTransactionRequest;
 import dev.lions.unionflow.server.api.dto.finance_workflow.request.RejectTransactionRequest;
 import dev.lions.unionflow.server.api.dto.finance_workflow.response.TransactionApprovalResponse;
@@ -53,7 +54,7 @@ public class ApprovalResource {

            if (transactionId == null || transactionType == null || amount == null) {
                return Response.status(Response.Status.BAD_REQUEST)
-                    .entity(new ErrorResponse("transactionId, transactionType et amount sont requis"))
+                    .entity(ErrorResponse.of("transactionId, transactionType et amount sont requis"))
                    .build();
            }

@@ -64,12 +65,12 @@ public class ApprovalResource {
            return Response.status(Response.Status.CREATED).entity(approval).build();
        } catch (IllegalArgumentException e) {
            return Response.status(Response.Status.BAD_REQUEST)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        } catch (Exception e) {
            LOG.error("Erreur lors de la création de la demande d'approbation", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        }
    }
@@ -88,7 +89,7 @@ public class ApprovalResource {
        } catch (Exception e) {
            LOG.error("Erreur lors de la récupération des approbations en attente", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        }
    }
@@ -106,12 +107,12 @@ public class ApprovalResource {
            return Response.ok(approval).build();
        } catch (NotFoundException e) {
            return Response.status(Response.Status.NOT_FOUND)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        } catch (Exception e) {
            LOG.error("Erreur lors de la récupération de l'approbation", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        }
    }
@@ -131,16 +132,16 @@ public class ApprovalResource {
            return Response.ok(approval).build();
        } catch (NotFoundException e) {
            return Response.status(Response.Status.NOT_FOUND)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        } catch (ForbiddenException e) {
            return Response.status(Response.Status.FORBIDDEN)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        } catch (Exception e) {
            LOG.error("Erreur lors de l'approbation de la transaction", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        }
    }
@@ -160,16 +161,16 @@ public class ApprovalResource {
            return Response.ok(approval).build();
        } catch (NotFoundException e) {
            return Response.status(Response.Status.NOT_FOUND)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        } catch (ForbiddenException e) {
            return Response.status(Response.Status.FORBIDDEN)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        } catch (Exception e) {
            LOG.error("Erreur lors du rejet de la transaction", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        }
    }
@@ -197,12 +198,12 @@ public class ApprovalResource {
            return Response.ok(approvals).build();
        } catch (IllegalArgumentException e) {
            return Response.status(Response.Status.BAD_REQUEST)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        } catch (Exception e) {
            LOG.error("Erreur lors de la récupération de l'historique", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        }
    }
@@ -221,12 +222,11 @@ public class ApprovalResource {
        } catch (Exception e) {
            LOG.error("Erreur lors du comptage des approbations", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
-                .entity(new ErrorResponse(e.getMessage()))
+                .entity(ErrorResponse.of(e.getMessage()))
                .build();
        }
    }

-    // Classes internes pour les réponses
-    record ErrorResponse(String message) {}
+    // Classe interne pour le comptage
    record CountResponse(long count) {}
 }