add chat user roles and login

2026-05-11 11:33:03 +02:00
parent 3c5de0d8e6
commit 83ac6d600e
9 changed files with 312 additions and 71 deletions
--- a/src/Command/CreateUserCommand.php
+++ b/src/Command/CreateUserCommand.php
@@ -16,7 +16,7 @@ use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;

 #[AsCommand(
    name: 'mto:agent:user:create',
-    description: 'Creates a new admin user'
+    description: 'Creates a new application user'
 )]
 class CreateUserCommand extends Command
 {
@@ -79,7 +79,8 @@ class CreateUserCommand extends Command
                'ROLE_SUPER_ADMIN',
                'ROLE_KNOWLEDGE_ADMIN',
                'ROLE_EDITOR',
-                'ROLE_USER',
+                'ROLE_ADMIN_AREA',
+                'ROLE_CHAT_USER',
            ],
            0
        );
--- a/src/Controller/Admin/IngestJobController.php
+++ b/src/Controller/Admin/IngestJobController.php
@@ -50,7 +50,7 @@ final class IngestJobController extends AbstractController
    )]
    public function status(string $id, EntityManagerInterface $em): JsonResponse
    {
-        $this->denyAccessUnlessGranted('ROLE_USER');
+        $this->denyAccessUnlessGranted('ROLE_ADMIN_AREA');

        $job = $this->findJob($id, $em);

--- a/src/Controller/Admin/SecurityController.php
+++ b/src/Controller/Admin/SecurityController.php
@@ -14,7 +14,7 @@ final class SecurityController extends AbstractController
    public function login(AuthenticationUtils $authUtils): Response
    {
        // Wenn bereits eingeloggt → direkt ins Dashboard
-        if ($this->getUser()) {
+        if ($this->getUser() !== null && $this->isGranted('ROLE_ADMIN_AREA')) {
            return $this->redirectToRoute('admin_dashboard');
        }

--- a/src/Controller/Chat/SecurityController.php
+++ b/src/Controller/Chat/SecurityController.php
@@ -0,0 +1,39 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller\Chat;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
+
+/**
+ * Login/logout endpoints for the chat area.
+ *
+ * The chat uses the existing App\Entity\User provider and only adds a separate
+ * route space plus ROLE_CHAT_USER access control. It intentionally stays outside
+ * App\Controller\Admin so Chat and Admin can evolve independently.
+ */
+final class SecurityController extends AbstractController
+{
+    #[Route('/chat/login', name: 'chat_login', methods: ['GET', 'POST'])]
+    public function login(AuthenticationUtils $authUtils): Response
+    {
+        if ($this->getUser() !== null && $this->isGranted('ROLE_CHAT_USER')) {
+            return $this->redirectToRoute('chat_index');
+        }
+
+        return $this->render('chat/security/login.html.twig', [
+            'last_username' => $authUtils->getLastUsername(),
+            'error' => $authUtils->getLastAuthenticationError(),
+        ]);
+    }
+
+    #[Route('/chat/logout', name: 'chat_logout', methods: ['GET'])]
+    public function logout(): void
+    {
+        throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
+    }
+}