Merge branch 'hotfix/security_patch'

.env

@@ -14,6 +14,7 @@
 # https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
 
 ###> symfony/framework-bundle ###
+APP_DEBUG=0
 APP_SECRET=6a76497c8658bb23e2236f97a2627df3
 ###< symfony/framework-bundle ###
 

.env.ci

@@ -1,5 +1,4 @@
 ###> symfony/framework-bundle ###
-APP_ENV=dev
 APP_DEBUG=1
 APP_SECRET=6a76497c8658bb23e2236f97a2627df3
 #TRUSTED_PROXIES=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

.env.prod

@@ -1,7 +1,3 @@
-###> symfony/framework-bundle ###
-APP_DEBUG=0
-###< symfony/framework-bundle ###
-
 ###> doctrine/doctrine-bundle ###
 # Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
 # IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml

src/Entity/Access/Access.php

@@ -65,15 +65,6 @@ use Symfony\Component\Serializer\Annotation\Groups;
  */
 #[Auditable]
 #[ORM\Entity(repositoryClass: AccessRepository::class)]
-// TODO: revoir la sécurité
-#[ApiResource(
-    collectionOperations:[
-        "get"
-    ],
-    itemOperations: [
-        "get"
-    ]
-)]
 #[ApiFilter(BooleanFilter::class, properties: ['person.isPhysical'])]
 #[ApiFilter(FullNameFilter::class)]
 #[ApiFilter(InFilter::class, properties: ['id'])]

src/Entity/Billing/BillingIntangibleExcludeDate.php

@@ -13,13 +13,10 @@ use Doctrine\ORM\Mapping as ORM;
  */
 #[Auditable]
 #[ORM\Entity]
-// TODO: revoir la sécurité
 #[ApiResource(
-    collectionOperations:[
-        "get"
-    ],
+    collectionOperations:[],
     itemOperations: [
-        "get"
+        "get" => ["security" => "is_granted('ROLE_ADMIN')"]
     ]
 )]
 class BillingIntangibleExcludeDate

src/Entity/Booking/AttendanceBooking.php

@@ -13,13 +13,10 @@ use Doctrine\ORM\Mapping as ORM;
  */
 #[Auditable]
 #[ORM\Entity]
-// TODO: revoir la sécurité
 #[ApiResource(
-    collectionOperations:[
-        "get"
-    ],
+    collectionOperations:[],
     itemOperations: [
-        "get"
+        "get" => ["security" => "is_granted('ROLE_ADMIN')"]
     ]
 )]
 class AttendanceBooking

src/Entity/Person/CommissionMember.php

@@ -13,13 +13,10 @@ use Doctrine\ORM\Mapping as ORM;
  */
 #[Auditable]
 #[ORM\Entity]
-// TODO: revoir la sécurité
 #[ApiResource(
-    collectionOperations:[
-        "get"
-    ],
+    collectionOperations:[],
     itemOperations: [
-        "get"
+        "get" => ["security" => "is_granted('ROLE_ADMIN')"]
     ]
 )]
 class CommissionMember

src/Entity/Product/EquipmentLoan.php

@@ -18,13 +18,10 @@ use Doctrine\ORM\Mapping as ORM;
  */
 #[Auditable]
 #[ORM\Entity]
-// TODO: revoir la sécurité
 #[ApiResource(
-    collectionOperations:[
-        "get"
-    ],
+    collectionOperations:[],
     itemOperations: [
-        "get"
+        "get" => ["security" => "is_granted('ROLE_ADMIN')"]
     ]
 )]
 class EquipmentLoan