lionsdev/unionflow-server-impl-quarkus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): audit RBAC complet v3.0 — rôles normalisés, lifecycle, changement mdp mobile

Browse Source 
RBAC:
- HealthResource: @PermitAll
- RoleResource: @RolesAllowed ADMIN/SUPER_ADMIN/ADMIN_ORGANISATION class-level
- PropositionAideResource: @RolesAllowed MEMBRE/USER class-level
- AuthCallbackResource: @PermitAll
- EvenementResource: @PermitAll /publics et /test, count restreint
- BackupResource/LogsMonitoringResource/SystemResource: MODERATOR → MODERATEUR
- AnalyticsResource: MANAGER/MEMBER → ADMIN_ORGANISATION/MEMBRE
- RoleConstant.java: constantes de rôles centralisées

Cycle de vie membres:
- MemberLifecycleService: ajouterMembre()/retirerMembre() sur activation/radiation/archivage
- MembreResource: endpoint GET /numero/{numeroMembre}
- MembreService: méthode trouverParNumeroMembre()

Changement mot de passe:
- CompteAdherentResource: endpoint POST /auth/change-password (mobile)
- MembreKeycloakSyncService: changerMotDePasseDirectKeycloak() via API Admin Keycloak directe
- Fallback automatique si lions-user-manager indisponible

Workflow:
- Flyway V17-V23: rôles, types org, formules Option C, lifecycle columns, bareme cotisation
- Nouvelles classes: MemberLifecycleService, OrganisationModuleService, scheduler
- Security: OrganisationContextFilter, OrganisationContextHolder, ModuleAccessFilter
This commit is contained in:
dahoud
2026-04-07 20:52:26 +00:00
parent c74ae25ad6
commit a2dfae9a0b
78 changed files with 5637 additions and 271 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/dev/lions/unionflow/server/resource/SystemResource.java
View File

@@ -38,7 +38,7 @@ public class SystemResource {
*/
@GET
@Path("/config")
@RolesAllowed({"SUPER_ADMIN", "ADMIN", "MODERATOR"})
@RolesAllowed({"SUPER_ADMIN", "ADMIN", "MODERATEUR"})
@Operation(summary = "Récupérer la configuration système", description = "Retourne la configuration système complète")
public SystemConfigResponse getSystemConfig() {
log.info("GET /api/system/config");
@@ -62,7 +62,7 @@ public class SystemResource {
*/
@GET
@Path("/cache/stats")
@RolesAllowed({"SUPER_ADMIN", "ADMIN", "MODERATOR"})
@RolesAllowed({"SUPER_ADMIN", "ADMIN", "MODERATEUR"})
@Operation(summary = "Récupérer les statistiques du cache système")
public CacheStatsResponse getCacheStats() {
log.info("GET /api/system/cache/stats");
@@ -111,7 +111,7 @@ public class SystemResource {
*/
@GET
@Path("/metrics")
@RolesAllowed({"SUPER_ADMIN", "ADMIN", "MODERATOR"})
@RolesAllowed({"SUPER_ADMIN", "ADMIN", "MODERATEUR"})
@Operation(
summary = "Récupérer les métriques système en temps réel",
description = "Retourne toutes les métriques système (CPU, RAM, disque, utilisateurs actifs, etc.)"