root/myCRM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
olli 2025-11-08 10:26:44 +01:00
commit c07c90cdaa
87 changed files with 21377 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
.env Normal file
View File

@ -0,0 +1,51 @@
# In all environments, the following files are loaded if they exist,
# the latter taking precedence over the former:
#
# * .env contains default values for the environment variables needed by the app
# * .env.local uncommitted file with local overrides
# * .env.$APP_ENV committed environment-specific defaults
# * .env.$APP_ENV.local uncommitted environment-specific overrides
#
# Real environment variables win over .env files.
#
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
# https://symfony.com/doc/current/configuration/secrets.html
#
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
###> symfony/framework-bundle ###
APP_ENV=dev
APP_SECRET=83df005f029c92c8e01026218f588371
###< symfony/framework-bundle ###
###> symfony/routing ###
# Configure how to generate URLs in non-HTTP contexts, such as CLI commands.
# See https://symfony.com/doc/current/routing.html#generating-urls-in-commands
DEFAULT_URI=http://localhost
###< symfony/routing ###
###> doctrine/doctrine-bundle ###
# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
# IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
#
# DATABASE_URL="sqlite:///%kernel.project_dir%/var/data_%kernel.environment%.db"
# DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=8.0.32&charset=utf8mb4"
DATABASE_URL="mysql://root:root@127.0.0.1:3306/mycrm?serverVersion=10.11.2-MariaDB&charset=utf8mb4"
# DATABASE_URL="postgresql://app:!ChangeMe!@127.0.0.1:5432/app?serverVersion=16&charset=utf8"
###< doctrine/doctrine-bundle ###
###> symfony/messenger ###
# Choose one of the transports below
# MESSENGER_TRANSPORT_DSN=amqp://guest:guest@localhost:5672/%2f/messages
# MESSENGER_TRANSPORT_DSN=redis://localhost:6379/messages
MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
###< symfony/messenger ###
###> symfony/mailer ###
MAILER_DSN=null://null
###< symfony/mailer ###
###> nelmio/cors-bundle ###
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
###< nelmio/cors-bundle ###

0
.env.dev Normal file
View File

3
.env.test Normal file
View File

@ -0,0 +1,3 @@
# define your env variables for the test env here
KERNEL_CLASS='App\Kernel'
APP_SECRET='$ecretf0rt3st'

200
.github/copilot-instructions.md vendored Normal file
View File

@ -0,0 +1,200 @@
# myCRM - AI Agent Instructions
## Project Overview
Modern, modular CRM system built with Symfony LTS. Focus on security, UX, and extensibility with a native-app-like feel through heavy AJAX usage.
## Tech Stack
- **Backend**: Symfony (current LTS version) - PHP framework following best practices
- **Database**: MariaDB (unless specific reasons dictate otherwise)
- **Frontend**: Vue.js 3 with Composition API, bundled via Symfony Webpack Encore
- **UI Components**: PrimeVue (DataTable, Charts, Forms, Dialogs for professional CRM UI)
- **Authentication**: Symfony Security component with modern permission system (RBAC/Voter pattern)
- **API**: API Platform for RESTful APIs with auto-generated OpenAPI docs
- **Admin UI**: Custom Vue.js components (no EasyAdmin) for maximum flexibility
## Development Workflow
```bash
# Initial setup
composer install
php bin/console doctrine:database:create
php bin/console doctrine:migrations:migrate
npm install && npm run dev
# Run development (parallel terminals recommended)
symfony serve -d # Backend server on :8000
npm run watch # Encore: Hot reload for Vue.js changes
# Production build
npm run build # Minified assets for deployment
# Run tests
php bin/phpunit # Backend tests
npm run test:unit # Vue component tests (Vitest/Jest)
php bin/console doctrine:schema:validate
# Cache management
php bin/console cache:clear
APP_ENV=prod php bin/console cache:warmup
```
## Symfony-Specific Conventions
### Directory Structure (Symfony Standard)
```
/config - YAML/PHP configuration files, routes
/src
/Controller - HTTP controllers (keep thin, delegate to services)
/Entity - Doctrine entities (CRM: Contact, Company, Deal, Activity, User)
/Repository - Database queries
/Service - Business logic (pipeline calculations, lifecycle management)
/Security/Voter - Permission logic per entity
/Form - Form types for entities
/EventListener - Doctrine events, kernel events
/templates - Twig templates (base layout, embed Vue app)
/assets
/js - Vue.js components, composables, stores (Pinia)
/components - Reusable Vue components (ContactCard, DealPipeline)
/views - Page-level Vue components
/api - API client wrappers for API Platform endpoints
/styles - SCSS/CSS (scoped styles in Vue SFCs)
/migrations - Doctrine migrations (version controlled)
/tests - PHPUnit tests (backend), Vitest/Jest (frontend)
```
### Key Architectural Patterns
**Controllers**: Keep lean - validate input, call services, return JSON/HTML
```php
// Good: Delegate to service
return $this->json($contactService->createContact($request->toArray()));
```
**Services**: Inject dependencies via constructor, use interfaces for flexibility
```php
class ContactLifecycleService {
public function __construct(
private EntityManagerInterface $em,
private EventDispatcherInterface $dispatcher
) {}
}
```
**Entities**: Use Doctrine annotations/attributes, define relationships carefully
- Contact ↔ Company (ManyToOne/OneToMany)
- Contact ↔ Activities (OneToMany)
- Deal ↔ Contact (ManyToOne with Deal ownership)
**Security Voters**: Implement granular permissions per entity action
```php
// Example: ContactVoter checks if user can VIEW/EDIT/DELETE specific contact
protected function supports(string $attribute, mixed $subject): bool
```
**Vue.js Integration**: Symfony renders base Twig template, Vue takes over
- Twig template loads Vue app entry point via Encore
- API Platform provides REST endpoints, Vue consumes them
- State management: Pinia stores for global state (current user, permissions)
- Routing: Vue Router for SPA navigation within CRM modules
**API Pattern**: API Platform handles CRUD, custom endpoints for business logic
```php
// Custom API endpoint example
#[Route('/api/deals/{id}/advance-stage', methods: ['POST'])]
public function advanceStage(Deal $deal): JsonResponse
{
$this->denyAccessUnlessGranted('EDIT', $deal);
return $this->json($this->dealService->advanceToNextStage($deal));
}
```
**Vue Component Pattern**: Composables for API calls, components for UI
```javascript
// composables/useContacts.js
export function useContacts() {
const contacts = ref([])
const loading = ref(false)
async function fetchContacts() {
loading.value = true
const response = await fetch('/api/contacts')
contacts.value = await response.json()
loading.value = false
}
return { contacts, loading, fetchContacts }
}
```
### CRM Domain Logic
**Core Entities**:
- `Contact`: Person with lifecycle state (Lead → Qualified → Customer)
- `Company`: Organization linked to contacts
- `Deal`: Sales opportunity with pipeline stage, value, probability
- `Activity`: Interaction record (call, email, meeting, note)
- `User`: System user with role-based permissions
**Permission System**: Use Symfony Voters for fine-grained access
- Entity-level: Can user view/edit this specific contact?
- Module-level: Can user access Reports module?
- Action-level: Can user export data?
**API Modules**: Expose selected functionality via RESTful endpoints
- Authentication: JWT tokens or API keys
- Rate limiting: Consider API Platform's built-in support
- Documentation: OpenAPI/Swagger auto-generated
## Code Quality Standards
- Follow Symfony best practices and PSR-12
- Type hints everywhere (PHP 8.x features)
- Doctrine migrations for all schema changes (never alter DB manually)
- Services autowired and autoconfigured in `services.yaml`
- Environment variables for configuration (`.env`, `.env.local`)
## Testing Strategy
- Unit tests for services (PHPUnit)
- Functional tests for controllers (WebTestCase)
- Doctrine schema validation in CI
- Security: Test voter logic explicitly
## Frontend Architecture Details
**Encore Configuration**: `webpack.config.js` compiles Vue SFCs
```javascript
Encore
.addEntry('app', './assets/js/app.js') // Main Vue app
.enableVueLoader()
.enableSassLoader()
.enablePostCssLoader()
```
**PrimeVue Integration**:
- Install: `npm install primevue primeicons`
- Use DataTable for contact/deal lists with filtering, sorting, pagination
- Use Dialog/Sidebar for forms (better UX than full page forms)
- Use Chart components for pipeline analytics, revenue forecasts
- Theme: Customize PrimeVue theme to match brand (Sass variables)
**Vue Component Organization**:
- `ContactList.vue` - PrimeVue DataTable with filters, export (talks to `/api/contacts`)
- `ContactDetail.vue` - TabView with form, activity timeline, related deals
- `DealPipeline.vue` - Custom Kanban or PrimeVue OrderList (update via API Platform)
- `ActivityFeed.vue` - Timeline component with real-time updates
- `Dashboard.vue` - Chart.js via PrimeVue Chart for KPIs
**Authentication in Vue**: Pass Symfony user data to Vue via Twig
```twig
<div id="app"
data-user="{{ app.user|json_encode }}"
data-permissions="{{ user_permissions|json_encode }}">
</div>
```
## Next Steps for AI Agents
As code develops, update this file with:
1. PrimeVue theme customization (specific color palette, component overrides)
2. Custom Doctrine types or extensions in use
3. Mercure integration for real-time updates (if implemented)
4. Event-driven patterns (custom events for CRM workflows)
5. Background job processing with Symfony Messenger
6. Deployment strategy (Docker, traditional hosting)

27
.gitignore vendored Normal file
View File

@ -0,0 +1,27 @@
###> symfony/framework-bundle ###
/.env.local
/.env.local.php
/.env.*.local
/config/secrets/prod/prod.decrypt.private.php
/public/bundles/
/var/
/vendor/
###< symfony/framework-bundle ###
###> phpunit/phpunit ###
/phpunit.xml
/.phpunit.cache/
###< phpunit/phpunit ###
###> symfony/asset-mapper ###
/public/assets/
/assets/vendor/
###< symfony/asset-mapper ###
###> symfony/webpack-encore-bundle ###
/node_modules/
/public/build/
npm-debug.log
yarn-error.log
###< symfony/webpack-encore-bundle ###

187
README.md Normal file
View File

@ -0,0 +1,187 @@
# myCRM - Moderne CRM-Lösung
Eine moderne, modulare CRM-Anwendung basierend auf Symfony 7.1 LTS, Vue.js 3 und PrimeVue.
## 🚀 Features
- **Symfony 7.1 LTS** - Stabile PHP-Backend-Framework
- **Vue.js 3** - Modernes, reaktives Frontend mit Composition API
- **PrimeVue** - Professionelle UI-Komponenten (DataTable, Charts, Forms)
- **API Platform** - RESTful API mit OpenAPI-Dokumentation
- **MariaDB** - Zuverlässige relationale Datenbank
- **Webpack Encore** - Asset-Management und Hot Module Replacement
## 📋 Voraussetzungen
- PHP 8.2 oder höher
- Composer 2.x
- Node.js 18.x oder höher
- MariaDB/MySQL 10.x oder höher
- NPM oder Yarn
## 🛠️ Installation
```bash
# 1. Repository klonen
git clone <repository-url> mycrm
cd mycrm
# 2. PHP-Abhängigkeiten installieren
composer install
# 3. NPM-Abhängigkeiten installieren
npm install
# 4. Umgebungsvariablen konfigurieren
# Kopiere .env zu .env.local und passe DATABASE_URL an
cp .env .env.local
# 5. Datenbank erstellen
php bin/console doctrine:database:create
# 6. Datenbank-Schema erstellen (wenn Migrations vorhanden)
php bin/console doctrine:migrations:migrate
```
## 🎯 Entwicklung
### Backend-Server starten
```bash
# Mit PHP Built-in Server
php -S localhost:8000 -t public/
# ODER mit Symfony CLI (wenn installiert)
symfony serve -d
```
### Frontend-Assets kompilieren
```bash
# Einmalig kompilieren
npm run dev
# Mit Auto-Reload (empfohlen für Entwicklung)
npm run watch
# Für Production
npm run build
```
### Parallel Development (empfohlen)
Öffne zwei Terminal-Fenster:
**Terminal 1:**
```bash
php -S localhost:8000 -t public/
```
**Terminal 2:**
```bash
npm run watch
```
## 📂 Projektstruktur
```
/assets
/js
/components - Wiederverwendbare Vue-Komponenten
/views - Page-Level Vue-Komponenten
/composables - Vue Composition API Functions
/stores - Pinia State Management
/api - API Client Wrapper
/styles - SCSS/CSS Styles
/config - Symfony-Konfiguration
/src
/Controller - HTTP Controllers
/Entity - Doctrine Entities
/Repository - Database Queries
/Service - Business Logic
/Security/Voter - Permission Logic
/templates - Twig Templates
/public - Public Assets & Entry Point
/migrations - Doctrine Migrations
/tests - Tests (PHPUnit, Jest/Vitest)
```
## 🎨 Technologie-Stack
### Backend
- **Symfony 7.1 LTS** - PHP Framework
- **Doctrine ORM** - Database Abstraction
- **API Platform** - REST API Generation
- **Symfony Security** - Authentication & Authorization
### Frontend
- **Vue.js 3** - Progressive JavaScript Framework
- **Vue Router** - SPA Navigation
- **Pinia** - State Management
- **PrimeVue** - UI Component Library
- **Webpack Encore** - Asset Bundler
### Database
- **MariaDB** - Primary Database
## 📱 Module
- **Dashboard** - Übersicht und KPIs
- **Kontakte** - Kontaktverwaltung mit Status-Tracking
- **Unternehmen** - Firmendatenbank
- **Deals** - Sales-Pipeline Management
- **Aktivitäten** - Interaktions-Historie
## 🔐 Sicherheit
- Symfony Security Component mit Voter-Pattern
- CSRF-Schutz
- Password Hashing mit Symfony Password Hasher
- API-Authentifizierung (JWT/API Keys)
## 🧪 Testing
```bash
# Backend Tests (PHPUnit)
php bin/phpunit
# Frontend Tests (wenn konfiguriert)
npm run test:unit
# Doctrine Schema validieren
php bin/console doctrine:schema:validate
```
## 📚 Weitere Dokumentationen
- [Symfony Documentation](https://symfony.com/doc/current/index.html)
- [API Platform Documentation](https://api-platform.com/docs/)
- [Vue.js Guide](https://vuejs.org/guide/)
- [PrimeVue Documentation](https://primevue.org/)
- [AI Agent Instructions](.github/copilot-instructions.md)
## 🤝 Entwicklungs-Konventionen
Siehe `.github/copilot-instructions.md` für detaillierte Informationen zu:
- Architektur-Patterns
- Code-Standards
- Testing-Strategien
- CRM Domain Logic
## 📝 Lizenz
Proprietary - Alle Rechte vorbehalten
## 👥 Autoren
Dein Team
---
**Status:** ✅ Projekt initialisiert und bereit für die Entwicklung!
**Next Steps:**
1. Erste Entity erstellen: `php bin/console make:entity Contact`
2. Migration generieren: `php bin/console make:migration`
3. Migration ausführen: `php bin/console doctrine:migrations:migrate`
4. API Resource erstellen: `php bin/console make:entity --api-resource`

42
assets/app.js Normal file
View File

@ -0,0 +1,42 @@
import './bootstrap.js';
/*
* Welcome to your app's main JavaScript file!
*
* This file will be included onto the page via the importmap() Twig function,
* which should already be in your base.html.twig.
*/
import './styles/app.scss';
import { createApp } from 'vue';
import { createPinia } from 'pinia';
import PrimeVue from 'primevue/config';
import Aura from '@primevue/themes/aura';
import router from './js/router';
import App from './js/App.vue';
import { useAuthStore } from './js/stores/auth';
// PrimeVue Components (lazy import as needed in components)
import 'primeicons/primeicons.css';
console.log('This log comes from assets/app.js - welcome to myCRM!');
const app = createApp(App);
const pinia = createPinia();
app.use(pinia);
app.use(router);
app.use(PrimeVue, {
theme: {
preset: Aura,
options: {
darkModeSelector: false, // Can be customized later
}
}
});
app.mount('#app');
// Initialize auth store with user data from backend
const authStore = useAuthStore();
authStore.initializeFromElement();

3
assets/bootstrap.js vendored Normal file
View File

@ -0,0 +1,3 @@
// Bootstrap file for additional initialization
// Stimulus is not used in this Vue.js setup

15
assets/controllers.json Normal file
View File

@ -0,0 +1,15 @@
{
"controllers": {
"@symfony/ux-turbo": {
"turbo-core": {
"enabled": true,
"fetch": "eager"
},
"mercure-turbo-stream": {
"enabled": false,
"fetch": "eager"
}
}
},
"entrypoints": []
}

16
assets/controllers/hello_controller.js Normal file
View File

@ -0,0 +1,16 @@
import { Controller } from '@hotwired/stimulus';
/*
* This is an example Stimulus controller!
*
* Any element with a data-controller="hello" attribute will cause
* this controller to be executed. The name "hello" comes from the filename:
* hello_controller.js -> "hello"
*
* Delete this file or adapt it for your use!
*/
export default class extends Controller {
connect() {
this.element.textContent = 'Hello Stimulus! Edit me in assets/controllers/hello_controller.js';
}
}

129
assets/js/App.vue Normal file
View File

@ -0,0 +1,129 @@
<template>
<div id="crm-app">
<header class="app-header">
<div class="header-left">
<h1>📊 myCRM</h1>
</div>
<nav class="header-nav">
<router-link to="/">Dashboard</router-link>
<router-link to="/contacts">Kontakte</router-link>
<router-link to="/companies">Unternehmen</router-link>
<router-link to="/deals">Deals</router-link>
</nav>
<div class="header-right">
<div class="user-info" v-if="authStore.isAuthenticated">
<i class="pi pi-user"></i>
<span>{{ authStore.fullName }}</span>
<Button
icon="pi pi-sign-out"
severity="secondary"
text
size="small"
@click="handleLogout"
label="Logout"
/>
</div>
</div>
</header>
<main class="app-main">
<router-view />
</main>
<footer class="app-footer">
<p>&copy; {{ currentYear }} myCRM - Moderne CRM-Lösung</p>
</footer>
</div>
</template>
<script setup>
import { computed } from 'vue';
import { useAuthStore } from './stores/auth';
import Button from 'primevue/button';
const authStore = useAuthStore();
const currentYear = computed(() => new Date().getFullYear());
const handleLogout = () => {
if (confirm('Möchten Sie sich wirklich abmelden?')) {
authStore.logout();
}
};
</script>
<style scoped lang="scss">
.app-header {
background: #2563eb;
color: white;
padding: 1rem 2rem;
display: flex;
justify-content: space-between;
align-items: center;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
.header-left {
display: flex;
align-items: center;
h1 {
margin: 0;
font-size: 1.5rem;
}
}
.header-nav {
display: flex;
gap: 1.5rem;
flex: 1;
justify-content: center;
a {
color: white;
text-decoration: none;
padding: 0.5rem 1rem;
border-radius: 4px;
transition: background 0.2s;
&:hover, &.router-link-active {
background: rgba(255, 255, 255, 0.2);
}
}
}
.header-right {
.user-info {
display: flex;
align-items: center;
gap: 0.75rem;
background: rgba(255, 255, 255, 0.1);
padding: 0.5rem 1rem;
border-radius: 6px;
i {
font-size: 1.1rem;
}
span {
font-weight: 500;
}
}
}
}
.app-main {
min-height: calc(100vh - 150px);
padding: 2rem;
max-width: 1400px;
margin: 0 auto;
}
.app-footer {
background: #f3f4f6;
padding: 1rem 2rem;
text-align: center;
color: #6b7280;
border-top: 1px solid #e5e7eb;
}
</style>

33
assets/js/router.js Normal file
View File

@ -0,0 +1,33 @@
import { createRouter, createWebHistory } from 'vue-router';
import Dashboard from './views/Dashboard.vue';
import ContactList from './views/ContactList.vue';
const routes = [
{
path: '/',
name: 'Dashboard',
component: Dashboard
},
{
path: '/contacts',
name: 'ContactList',
component: ContactList
},
{
path: '/companies',
name: 'CompanyList',
component: () => import('./views/CompanyList.vue')
},
{
path: '/deals',
name: 'DealList',
component: () => import('./views/DealList.vue')
}
];
const router = createRouter({
history: createWebHistory(),
routes
});
export default router;

47
assets/js/stores/auth.js Normal file
View File

@ -0,0 +1,47 @@
import { defineStore } from 'pinia';
import { ref, computed } from 'vue';
export const useAuthStore = defineStore('auth', () => {
const user = ref(null);
const isAuthenticated = computed(() => user.value !== null);
const fullName = computed(() => {
if (!user.value) return '';
return user.value.fullName || `${user.value.firstName} ${user.value.lastName}`;
});
const hasRole = (role) => {
if (!user.value) return false;
return user.value.roles && user.value.roles.includes(role);
};
const isAdmin = computed(() => hasRole('ROLE_ADMIN'));
const initializeFromElement = () => {
const appElement = document.getElementById('app');
if (appElement && appElement.dataset.user) {
try {
const userData = JSON.parse(appElement.dataset.user);
if (userData) {
user.value = userData;
}
} catch (error) {
console.error('Error parsing user data:', error);
}
}
};
const logout = async () => {
window.location.href = '/logout';
};
return {
user,
isAuthenticated,
fullName,
hasRole,
isAdmin,
initializeFromElement,
logout
};
});

17
assets/js/views/CompanyList.vue Normal file
View File

@ -0,0 +1,17 @@
<template>
<div class="company-list">
<h2>Unternehmen</h2>
<p>Unternehmensliste wird hier angezeigt...</p>
</div>
</template>
<script setup>
</script>
<style scoped lang="scss">
.company-list {
h2 {
margin-bottom: 1.5rem;
}
}
</style>

44
assets/js/views/ContactList.vue Normal file
View File

@ -0,0 +1,44 @@
<template>
<div class="contact-list">
<h2>Kontakte</h2>
<DataTable
:value="contacts"
:loading="loading"
paginator
:rows="10"
tableStyle="min-width: 50rem"
>
<Column field="firstName" header="Vorname" sortable></Column>
<Column field="lastName" header="Nachname" sortable></Column>
<Column field="email" header="E-Mail" sortable></Column>
<Column field="company" header="Unternehmen" sortable></Column>
<Column field="status" header="Status" sortable></Column>
</DataTable>
</div>
</template>
<script setup>
import { ref, onMounted } from 'vue';
import DataTable from 'primevue/datatable';
import Column from 'primevue/column';
const contacts = ref([]);
const loading = ref(false);
onMounted(async () => {
loading.value = true;
// TODO: Fetch from API Platform endpoint /api/contacts
// Placeholder data for now
contacts.value = [];
loading.value = false;
});
</script>
<style scoped lang="scss">
.contact-list {
h2 {
margin-bottom: 1.5rem;
}
}
</style>

55
assets/js/views/Dashboard.vue Normal file
View File

@ -0,0 +1,55 @@
<template>
<div class="dashboard">
<h2>Dashboard</h2>
<p>Willkommen im myCRM Dashboard!</p>
<div class="dashboard-grid">
<Card>
<template #title>Kontakte</template>
<template #content>
<p>Gesamt: <strong>0</strong></p>
</template>
</Card>
<Card>
<template #title>Unternehmen</template>
<template #content>
<p>Gesamt: <strong>0</strong></p>
</template>
</Card>
<Card>
<template #title>Offene Deals</template>
<template #content>
<p>Gesamt: <strong>0</strong></p>
</template>
</Card>
<Card>
<template #title>Umsatz (MTD)</template>
<template #content>
<p><strong>0 </strong></p>
</template>
</Card>
</div>
</div>
</template>
<script setup>
import Card from 'primevue/card';
</script>
<style scoped lang="scss">
.dashboard {
h2 {
margin-bottom: 1rem;
}
}
.dashboard-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
gap: 1.5rem;
margin-top: 2rem;
}
</style>

17
assets/js/views/DealList.vue Normal file
View File

@ -0,0 +1,17 @@
<template>
<div class="deal-list">
<h2>Deals</h2>
<p>Deal-Pipeline wird hier angezeigt...</p>
</div>
</template>
<script setup>
</script>
<style scoped lang="scss">
.deal-list {
h2 {
margin-bottom: 1.5rem;
}
}
</style>

3
assets/styles/app.css Normal file
View File

@ -0,0 +1,3 @@
body {
background-color: skyblue;
}

24
assets/styles/app.scss Normal file
View File

@ -0,0 +1,24 @@
/* Global styles for myCRM */
* {
box-sizing: border-box;
}
body {
margin: 0;
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
background: #f9fafb;
}
#app {
width: 100%;
min-height: 100vh;
}
/* PrimeVue Theme Overrides */
:root {
--primary-color: #2563eb;
--primary-color-text: #ffffff;
}

21
bin/console Executable file
View File

@ -0,0 +1,21 @@
#!/usr/bin/env php
<?php
use App\Kernel;
use Symfony\Bundle\FrameworkBundle\Console\Application;
if (!is_dir(dirname(__DIR__).'/vendor')) {
throw new LogicException('Dependencies are missing. Try running "composer install".');
}
if (!is_file(dirname(__DIR__).'/vendor/autoload_runtime.php')) {
throw new LogicException('Symfony Runtime is missing. Try running "composer require symfony/runtime".');
}
require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
return function (array $context) {
$kernel = new Kernel($context['APP_ENV'], (bool) $context['APP_DEBUG']);
return new Application($kernel);
};

4
bin/phpunit Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env php
<?php
require dirname(__DIR__).'/vendor/phpunit/phpunit/phpunit';

18
compose.override.yaml Normal file
View File

@ -0,0 +1,18 @@
services:
###> doctrine/doctrine-bundle ###
database:
ports:
- "5432"
###< doctrine/doctrine-bundle ###
###> symfony/mailer ###
mailer:
image: axllent/mailpit
ports:
- "1025"
- "8025"
environment:
MP_SMTP_AUTH_ACCEPT_ANY: 1
MP_SMTP_AUTH_ALLOW_INSECURE: 1
###< symfony/mailer ###

25
compose.yaml Normal file
View File

@ -0,0 +1,25 @@
services:
###> doctrine/doctrine-bundle ###
database:
image: postgres:${POSTGRES_VERSION:-16}-alpine
environment:
POSTGRES_DB: ${POSTGRES_DB:-app}
# You should definitely change the password in production
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-!ChangeMe!}
POSTGRES_USER: ${POSTGRES_USER:-app}
healthcheck:
test: ["CMD", "pg_isready", "-d", "${POSTGRES_DB:-app}", "-U", "${POSTGRES_USER:-app}"]
timeout: 5s
retries: 5
start_period: 60s
volumes:
- database_data:/var/lib/postgresql/data:rw
# You may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data!
# - ./docker/db/data:/var/lib/postgresql/data:rw
###< doctrine/doctrine-bundle ###
volumes:
###> doctrine/doctrine-bundle ###
database_data:
###< doctrine/doctrine-bundle ###

113
composer.json Normal file
View File

@ -0,0 +1,113 @@
{
"type": "project",
"license": "proprietary",
"minimum-stability": "stable",
"prefer-stable": true,
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"api-platform/doctrine-orm": "*",
"api-platform/symfony": "*",
"doctrine/dbal": "^3",
"doctrine/doctrine-bundle": "^2.18",
"doctrine/doctrine-migrations-bundle": "^3.6",
"doctrine/orm": "^3.5",
"nelmio/cors-bundle": "^2.6",
"phpdocumentor/reflection-docblock": "^5.6",
"phpstan/phpdoc-parser": "^2.3",
"symfony/asset": "7.1.*",
"symfony/asset-mapper": "7.1.*",
"symfony/console": "7.1.*",
"symfony/doctrine-messenger": "7.1.*",
"symfony/dotenv": "7.1.*",
"symfony/expression-language": "7.1.*",
"symfony/flex": "^2",
"symfony/form": "7.1.*",
"symfony/framework-bundle": "7.1.*",
"symfony/http-client": "7.1.*",
"symfony/intl": "7.1.*",
"symfony/mailer": "7.1.*",
"symfony/mime": "7.1.*",
"symfony/monolog-bundle": "^3.0",
"symfony/notifier": "7.1.*",
"symfony/process": "7.1.*",
"symfony/property-access": "7.1.*",
"symfony/property-info": "7.1.*",
"symfony/runtime": "7.1.*",
"symfony/security-bundle": "7.1.*",
"symfony/serializer": "7.1.*",
"symfony/stimulus-bundle": "^2.31",
"symfony/string": "7.1.*",
"symfony/translation": "7.1.*",
"symfony/twig-bundle": "7.1.*",
"symfony/ux-turbo": "^2.31",
"symfony/validator": "7.1.*",
"symfony/web-link": "7.1.*",
"symfony/webpack-encore-bundle": "^2.3",
"symfony/yaml": "7.1.*",
"twig/extra-bundle": "^2.12|^3.0",
"twig/twig": "^2.12|^3.0"
},
"config": {
"allow-plugins": {
"php-http/discovery": true,
"symfony/flex": true,
"symfony/runtime": true
},
"sort-packages": true
},
"autoload": {
"psr-4": {
"App\\": "src/"
}
},
"autoload-dev": {
"psr-4": {
"App\\Tests\\": "tests/"
}
},
"replace": {
"symfony/polyfill-ctype": "*",
"symfony/polyfill-iconv": "*",
"symfony/polyfill-php72": "*",
"symfony/polyfill-php73": "*",
"symfony/polyfill-php74": "*",
"symfony/polyfill-php80": "*",
"symfony/polyfill-php81": "*",
"symfony/polyfill-php82": "*"
},
"scripts": {
"auto-scripts": {
"cache:clear": "symfony-cmd",
"assets:install %PUBLIC_DIR%": "symfony-cmd",
"importmap:install": "symfony-cmd"
},
"post-install-cmd": [
"@auto-scripts"
],
"post-update-cmd": [
"@auto-scripts"
]
},
"conflict": {
"symfony/symfony": "*"
},
"extra": {
"symfony": {
"allow-contrib": false,
"require": "7.1.*",
"docker": true
}
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^4.3",
"phpunit/phpunit": "^12.4",
"symfony/browser-kit": "7.1.*",
"symfony/css-selector": "7.1.*",
"symfony/debug-bundle": "7.1.*",
"symfony/maker-bundle": "^1.0",
"symfony/stopwatch": "7.1.*",
"symfony/web-profiler-bundle": "7.1.*"
}
}

10371
composer.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

20
config/bundles.php Normal file
View File

@ -0,0 +1,20 @@
<?php
return [
Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true],
Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
Symfony\Bundle\DebugBundle\DebugBundle::class => ['dev' => true],
Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true],
Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
Symfony\UX\StimulusBundle\StimulusBundle::class => ['all' => true],
Symfony\UX\Turbo\TurboBundle::class => ['all' => true],
Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
ApiPlatform\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true],
Symfony\WebpackEncoreBundle\WebpackEncoreBundle::class => ['all' => true],
Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true],
];

7
config/packages/api_platform.yaml Normal file
View File

@ -0,0 +1,7 @@
api_platform:
title: Hello API Platform
version: 1.0.0
defaults:
stateless: true
cache_headers:
vary: ['Content-Type', 'Authorization', 'Origin']

11
config/packages/asset_mapper.yaml Normal file
View File

@ -0,0 +1,11 @@
framework:
asset_mapper:
# The paths to make available to the asset mapper.
paths:
- assets/
missing_import_mode: strict
when@prod:
framework:
asset_mapper:
missing_import_mode: warn

19
config/packages/cache.yaml Normal file
View File

@ -0,0 +1,19 @@
framework:
cache:
# Unique name of your app: used to compute stable namespaces for cache keys.
#prefix_seed: your_vendor_name/app_name
# The "app" cache stores to the filesystem by default.
# The data in this cache should persist between deploys.
# Other options include:
# Redis
#app: cache.adapter.redis
#default_redis_provider: redis://localhost
# APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
#app: cache.adapter.apcu
# Namespaced pools use the above "app" backend by default
#pools:
#my.dedicated.cache: null

5
config/packages/debug.yaml Normal file
View File

@ -0,0 +1,5 @@
when@dev:
debug:
# Forwards VarDumper Data clones to a centralized server allowing to inspect dumps on CLI or in your browser.
# See the "server:dump" command to start a new server.
dump_destination: "tcp://%env(VAR_DUMPER_SERVER)%"

54
config/packages/doctrine.yaml Normal file
View File

@ -0,0 +1,54 @@
doctrine:
dbal:
url: '%env(resolve:DATABASE_URL)%'
# IMPORTANT: You MUST configure your server version,
# either here or in the DATABASE_URL env var (see .env file)
#server_version: '16'
profiling_collect_backtrace: '%kernel.debug%'
use_savepoints: true
orm:
auto_generate_proxy_classes: true
enable_lazy_ghost_objects: true
report_fields_where_declared: true
validate_xml_mapping: true
naming_strategy: doctrine.orm.naming_strategy.underscore_number_aware
identity_generation_preferences:
Doctrine\DBAL\Platforms\PostgreSQLPlatform: identity
auto_mapping: true
mappings:
App:
type: attribute
is_bundle: false
dir: '%kernel.project_dir%/src/Entity'
prefix: 'App\Entity'
alias: App
controller_resolver:
auto_mapping: false
when@test:
doctrine:
dbal:
# "TEST_TOKEN" is typically set by ParaTest
dbname_suffix: '_test%env(default::TEST_TOKEN)%'
when@prod:
doctrine:
orm:
auto_generate_proxy_classes: false
proxy_dir: '%kernel.build_dir%/doctrine/orm/Proxies'
query_cache_driver:
type: pool
pool: doctrine.system_cache_pool
result_cache_driver:
type: pool
pool: doctrine.result_cache_pool
framework:
cache:
pools:
doctrine.result_cache_pool:
adapter: cache.app
doctrine.system_cache_pool:
adapter: cache.system

6
config/packages/doctrine_migrations.yaml Normal file
View File

@ -0,0 +1,6 @@
doctrine_migrations:
migrations_paths:
# namespace is arbitrary but should be different from App\Migrations
# as migrations classes should NOT be autoloaded
'DoctrineMigrations': '%kernel.project_dir%/migrations'
enable_profiler: false

16
config/packages/framework.yaml Normal file
View File

@ -0,0 +1,16 @@
# see https://symfony.com/doc/current/reference/configuration/framework.html
framework:
secret: '%env(APP_SECRET)%'
#csrf_protection: true
# Note that the session will be started ONLY if you read or write from it.
session: true
#esi: true
#fragments: true
when@test:
framework:
test: true
session:
storage_factory_id: session.storage.factory.mock_file

3
config/packages/mailer.yaml Normal file
View File

@ -0,0 +1,3 @@
framework:
mailer:
dsn: '%env(MAILER_DSN)%'

29
config/packages/messenger.yaml Normal file
View File

@ -0,0 +1,29 @@
framework:
messenger:
failure_transport: failed
transports:
# https://symfony.com/doc/current/messenger.html#transport-configuration
async:
dsn: '%env(MESSENGER_TRANSPORT_DSN)%'
options:
use_notify: true
check_delayed_interval: 60000
retry_strategy:
max_retries: 3
multiplier: 2
failed: 'doctrine://default?queue_name=failed'
# sync: 'sync://'
default_bus: messenger.bus.default
buses:
messenger.bus.default: []
routing:
Symfony\Component\Mailer\Messenger\SendEmailMessage: async
Symfony\Component\Notifier\Message\ChatMessage: async
Symfony\Component\Notifier\Message\SmsMessage: async
# Route your messages to the transports
# 'App\Message\YourMessage': async

63
config/packages/monolog.yaml Normal file
View File

@ -0,0 +1,63 @@
monolog:
channels:
- deprecation # Deprecations are logged in the dedicated "deprecation" channel when it exists
when@dev:
monolog:
handlers:
main:
type: stream
path: "%kernel.logs_dir%/%kernel.environment%.log"
level: debug
channels: ["!event"]
# uncomment to get logging in your browser
# you may have to allow bigger header sizes in your Web server configuration
#firephp:
# type: firephp
# level: info
#chromephp:
# type: chromephp
# level: info
console:
type: console
process_psr_3_messages: false
channels: ["!event", "!doctrine", "!console"]
when@test:
monolog:
handlers:
main:
type: fingers_crossed
action_level: error
handler: nested
excluded_http_codes: [404, 405]
channels: ["!event"]
nested:
type: stream
path: "%kernel.logs_dir%/%kernel.environment%.log"
level: debug
when@prod:
monolog:
handlers:
main:
type: fingers_crossed
action_level: error
handler: nested
excluded_http_codes: [404, 405]
channels: ["!deprecation"]
buffer_size: 50 # How many messages should be saved? Prevent memory leaks
nested:
type: stream
path: php://stderr
level: debug
formatter: monolog.formatter.json
console:
type: console
process_psr_3_messages: false
channels: ["!event", "!doctrine"]
deprecation:
type: stream
channels: [deprecation]
path: php://stderr
formatter: monolog.formatter.json

10
config/packages/nelmio_cors.yaml Normal file
View File

@ -0,0 +1,10 @@
nelmio_cors:
defaults:
origin_regex: true
allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
allow_headers: ['Content-Type', 'Authorization']
expose_headers: ['Link']
max_age: 3600
paths:
'^/': null

12
config/packages/notifier.yaml Normal file
View File

@ -0,0 +1,12 @@
framework:
notifier:
chatter_transports:
texter_transports:
channel_policy:
# use chat/slack, chat/telegram, sms/twilio or sms/nexmo
urgent: ['email']
high: ['email']
medium: ['email']
low: ['email']
admin_recipients:
- { email: admin@example.com }

10
config/packages/routing.yaml Normal file
View File

@ -0,0 +1,10 @@
framework:
router:
# Configure how to generate URLs in non-HTTP contexts, such as CLI commands.
# See https://symfony.com/doc/current/routing.html#generating-urls-in-commands
default_uri: '%env(DEFAULT_URI)%'
when@prod:
framework:
router:
strict_requirements: null

57
config/packages/security.yaml Normal file
View File

@ -0,0 +1,57 @@
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: app_user_provider
form_login:
login_path: app_login
check_path: app_login
enable_csrf: true
default_target_path: /
logout:
path: app_logout
target: app_login
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
path: /
always_remember_me: false
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/login, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/, roles: ROLE_USER }
when@test:
security:
password_hashers:
# By default, password hashers are resource intensive and take time. This is
# important to generate secure password hashes. In tests however, secure hashes
# are not important, waste resources and increase test times. The following
# reduces the work factor to the lowest possible values.
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon

5
config/packages/translation.yaml Normal file
View File

@ -0,0 +1,5 @@
framework:
default_locale: en
translator:
default_path: '%kernel.project_dir%/translations'
providers:

6
config/packages/twig.yaml Normal file
View File

@ -0,0 +1,6 @@
twig:
file_name_pattern: '*.twig'
when@test:
twig:
strict_variables: true

11
config/packages/validator.yaml Normal file
View File

@ -0,0 +1,11 @@
framework:
validation:
# Enables validator auto-mapping support.
# For instance, basic validation constraints will be inferred from Doctrine's metadata.
#auto_mapping:
# App\Entity\: []
when@test:
framework:
validation:
not_compromised_password: false

11
config/packages/web_profiler.yaml Normal file
View File

@ -0,0 +1,11 @@
when@dev:
web_profiler:
toolbar: true
framework:
profiler:
collect_serializer_data: true
when@test:
framework:
profiler: { collect: false }

45
config/packages/webpack_encore.yaml Normal file
View File

@ -0,0 +1,45 @@
webpack_encore:
# The path where Encore is building the assets - i.e. Encore.setOutputPath()
output_path: '%kernel.project_dir%/public/build'
# If multiple builds are defined (as shown below), you can disable the default build:
# output_path: false
# Set attributes that will be rendered on all script and link tags
script_attributes:
defer: true
# Uncomment (also under link_attributes) if using Turbo Drive
# https://turbo.hotwired.dev/handbook/drive#reloading-when-assets-change
# 'data-turbo-track': reload
# link_attributes:
# Uncomment if using Turbo Drive
# 'data-turbo-track': reload
# If using Encore.enableIntegrityHashes() and need the crossorigin attribute (default: false, or use 'anonymous' or 'use-credentials')
# crossorigin: 'anonymous'
# Preload all rendered script and link tags automatically via the HTTP/2 Link header
# preload: true
# Throw an exception if the entrypoints.json file is missing or an entry is missing from the data
# strict_mode: false
# If you have multiple builds:
# builds:
# frontend: '%kernel.project_dir%/public/frontend/build'
# pass the build name as the 3rd argument to the Twig functions
# {{ encore_entry_script_tags('entry1', null, 'frontend') }}
framework:
assets:
json_manifest_path: '%kernel.project_dir%/public/build/manifest.json'
#when@prod:
# webpack_encore:
# # Cache the entrypoints.json (rebuild Symfony's cache when entrypoints.json changes)
# # Available in version 1.2
# cache: true
#when@test:
# webpack_encore:
# strict_mode: false

5
config/preload.php Normal file
View File

@ -0,0 +1,5 @@
<?php
if (file_exists(dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php')) {
require dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php';
}

5
config/routes.yaml Normal file
View File

@ -0,0 +1,5 @@
controllers:
resource:
path: ../src/Controller/
namespace: App\Controller
type: attribute

4
config/routes/api_platform.yaml Normal file
View File

@ -0,0 +1,4 @@
api_platform:
resource: .
type: api_platform
prefix: /api

4
config/routes/framework.yaml Normal file
View File

@ -0,0 +1,4 @@
when@dev:
_errors:
resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
prefix: /_error

3
config/routes/security.yaml Normal file
View File

@ -0,0 +1,3 @@
_security_logout:
resource: security.route_loader.logout
type: service

8
config/routes/web_profiler.yaml Normal file
View File

@ -0,0 +1,8 @@
when@dev:
web_profiler_wdt:
resource: '@WebProfilerBundle/Resources/config/routing/wdt.xml'
prefix: /_wdt
web_profiler_profiler:
resource: '@WebProfilerBundle/Resources/config/routing/profiler.xml'
prefix: /_profiler

24
config/services.yaml Normal file
View File

@ -0,0 +1,24 @@
# This file is the entry point to configure your own services.
# Files in the packages/ subdirectory configure your dependencies.
# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
parameters:
services:
# default configuration for services in *this* file
_defaults:
autowire: true # Automatically injects dependencies in your services.
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
# makes classes in src/ available to be used as services
# this creates a service per class whose id is the fully-qualified class name
App\:
resource: '../src/'
exclude:
- '../src/DependencyInjection/'
- '../src/Entity/'
- '../src/Kernel.php'
# add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones

301
docs/LOGIN.md Normal file
View File

@ -0,0 +1,301 @@
# Login & Authentifizierung
## Übersicht
myCRM verwendet **Symfony Security** mit form-based Login und optionaler "Remember Me" Funktionalität.
## Features
**Email-basierter Login** - Benutzer melden sich mit ihrer Email-Adresse an
**Sicheres Password Hashing** - Automatisch mit Symfony Password Hasher
**Remember Me** - "Angemeldet bleiben" für 7 Tage
**CSRF Protection** - Schutz vor Cross-Site Request Forgery
**Automatische Weiterleitung** - Nach Login zum Dashboard
**Last Login Tracking** - Speichert Zeitpunkt des letzten Logins
**Inaktive User Blocking** - User mit `isActive = false` können sich nicht einloggen
**Vue.js Integration** - User-Daten werden an Frontend übergeben
## URLs
| Route | Zweck |
|-------|-------|
| `/login` | Login-Seite |
| `/logout` | Logout (POST) |
| `/` | Dashboard (nach Login) |
## Test-Benutzer
Nach `doctrine:fixtures:load` verfügbar:
```
Administrator:
Email: admin@mycrm.local
Passwort: admin123
Rechte: Vollzugriff auf alle Module
Vertriebsmitarbeiter:
Email: sales@mycrm.local
Passwort: sales123
Rechte: Kontakte, Deals, Aktivitäten (ohne Löschrechte)
```
⚠️ **Wichtig:** Diese Passwörter nur für Development verwenden!
## Security Configuration
```yaml
# config/packages/security.yaml
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
main:
form_login:
login_path: app_login
check_path: app_login
default_target_path: /
logout:
path: app_logout
target: app_login
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week
access_control:
- { path: ^/login, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/, roles: ROLE_USER }
```
## Backend Usage
### Controller: Aktuellen User abrufen
```php
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
class MyController extends AbstractController
{
public function index(): Response
{
// Get current user
$user = $this->getUser();
if (!$user) {
throw $this->createAccessDeniedException();
}
// User properties
$email = $user->getEmail();
$fullName = $user->getFullName();
$isActive = $user->isActive();
$lastLogin = $user->getLastLoginAt();
// Check roles
if ($this->isGranted('ROLE_ADMIN')) {
// Admin stuff
}
return $this->render('template.html.twig', [
'user' => $user
]);
}
}
```
### Service: User von Security Token
```php
use Symfony\Bundle\SecurityBundle\Security;
class MyService
{
public function __construct(
private Security $security
) {}
public function doSomething(): void
{
$user = $this->security->getUser();
if ($user instanceof \App\Entity\User) {
// Work with user
}
}
}
```
### Twig: User-Informationen
```twig
{% if app.user %}
<p>Angemeldet als: {{ app.user.fullName }}</p>
<p>Email: {{ app.user.email }}</p>
{% if is_granted('ROLE_ADMIN') %}
<a href="/admin">Admin-Bereich</a>
{% endif %}
{% else %}
<a href="{{ path('app_login') }}">Login</a>
{% endif %}
```
## Frontend Usage (Vue.js)
### Auth Store (Pinia)
```javascript
import { useAuthStore } from '@/stores/auth';
// In Component
const authStore = useAuthStore();
// Check authentication
if (authStore.isAuthenticated) {
console.log('User:', authStore.user);
console.log('Full Name:', authStore.fullName);
}
// Check roles
if (authStore.hasRole('ROLE_ADMIN')) {
// Show admin features
}
if (authStore.isAdmin) {
// Shortcut for ROLE_ADMIN check
}
// Logout
authStore.logout();
```
### In Vue Components
```vue
<template>
<div>
<p v-if="authStore.isAuthenticated">
Willkommen, {{ authStore.fullName }}!
</p>
<button @click="authStore.logout()">
Abmelden
</button>
</div>
</template>
<script setup>
import { useAuthStore } from '@/stores/auth';
const authStore = useAuthStore();
</script>
```
## Event Listeners
### LoginSuccessListener
Wird automatisch nach erfolgreichem Login ausgeführt:
```php
// src/EventListener/LoginSuccessListener.php
#[AsEventListener(event: LoginSuccessEvent::class)]
class LoginSuccessListener
{
public function __invoke(LoginSuccessEvent $event): void
{
$user = $event->getUser();
// Update last login timestamp
$user->setLastLoginAt(new \DateTimeImmutable());
$this->entityManager->flush();
}
}
```
Du kannst weitere Listener hinzufügen für:
- Audit Logging
- Login-Benachrichtigungen
- Session-Tracking
- etc.
## Password Management
### Passwort ändern
```php
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
public function changePassword(
User $user,
string $newPassword,
UserPasswordHasherInterface $passwordHasher
): void {
$hashedPassword = $passwordHasher->hashPassword($user, $newPassword);
$user->setPassword($hashedPassword);
$this->entityManager->flush();
}
```
### Neuen User erstellen
```php
$user = new User();
$user->setEmail('neuer@user.de');
$user->setFirstName('Max');
$user->setLastName('Mustermann');
$user->setIsActive(true);
$user->setRoles(['ROLE_USER']);
$hashedPassword = $passwordHasher->hashPassword($user, 'passwort123');
$user->setPassword($hashedPassword);
$entityManager->persist($user);
$entityManager->flush();
```
## Security Best Practices
1. ✅ **Password Hashing** - Automatisch mit bcrypt/argon2
2. ✅ **CSRF Protection** - Aktiviert für Login-Form
3. ✅ **Remember Me Cookie** - Sicher mit Secret Key
4. ✅ **Inactive User Check** - User mit `isActive = false` blockiert
5. ✅ **Access Control** - Alle Routen außer `/login` erfordern Authentication
6. ✅ **HTTPS Recommended** - In Production immer HTTPS verwenden
7. ✅ **Session Security** - Symfony Session-Handling
## Troubleshooting
### "Access Denied" nach Login
- Prüfe `User::getRoles()` - muss mindestens `['ROLE_USER']` zurückgeben
- Prüfe `access_control` in `security.yaml`
### "Bad credentials"
- Passwort falsch eingegeben
- User existiert nicht
- User ist inaktiv (`isActive = false`)
### Remember Me funktioniert nicht
- Secret Key in `.env` gesetzt?
- Cookie wird vom Browser blockiert?
- Lifetime abgelaufen?
### Logout funktioniert nicht
- Sicherstellen dass `/logout` als POST Route konfiguriert ist
- CSRF-Token prüfen
## Next Steps
- [ ] Password Reset Funktionalität
- [ ] Two-Factor Authentication (2FA)
- [ ] OAuth Integration (Google, Microsoft)
- [ ] Rate Limiting für Login-Versuche
- [ ] Login History/Audit Log
- [ ] Email-Verifizierung bei Registrierung

218
docs/PERMISSIONS.md Normal file
View File

@ -0,0 +1,218 @@
# Benutzer- und Rechteverwaltung
## Übersicht
myCRM verwendet ein **modulares Rechtesystem** mit granularen Berechtigungen pro Modul.
## Architektur
### Entities
1. **User** (`users`) - Benutzer mit Authentifizierung
- Email (Login)
- Vorname, Nachname
- Password (gehashed)
- Aktiv-Status
- Multiple Rollen (ManyToMany)
2. **Role** (`roles`) - Rollen mit konfigurierbaren Berechtigungen
- Name (z.B. "Administrator", "Vertriebsmitarbeiter")
- Beschreibung
- System-Rolle Flag (nicht löschbar)
- Berechtigungen pro Modul
3. **Module** (`modules`) - CRM-Module
- Name, Code (eindeutig)
- Icon (PrimeIcons)
- Sortierung
- Aktiv-Status
4. **RolePermission** (`role_permissions`) - Verknüpfung Rolle ↔ Modul
- Pro Modul definierbare Aktionen:
- `canView` - Anzeigen
- `canCreate` - Erstellen
- `canEdit` - Bearbeiten
- `canDelete` - Löschen
- `canExport` - Exportieren
- `canManage` - Verwalten (Admin-Rechte)
## Standard-Module
Nach dem Setup via Fixtures verfügbar:
| Modul | Code | Icon | Beschreibung |
|-------|------|------|--------------|
| Dashboard | `dashboard` | pi-chart-line | Übersicht und KPIs |
| Kontakte | `contacts` | pi-users | Kontaktverwaltung |
| Unternehmen | `companies` | pi-building | Firmendatenbank |
| Deals | `deals` | pi-dollar | Sales-Pipeline |
| Aktivitäten | `activities` | pi-calendar | Interaktions-Historie |
| Berichte | `reports` | pi-chart-bar | Analytics |
| Einstellungen | `settings` | pi-cog | Systemeinstellungen |
## Standard-Rollen
### Administrator
- **Vollzugriff** auf alle Module
- Alle Aktionen erlaubt (View, Create, Edit, Delete, Export, Manage)
- System-Rolle (nicht löschbar)
### Vertriebsmitarbeiter
- Zugriff auf: Dashboard, Kontakte, Unternehmen, Deals, Aktivitäten
- Kann erstellen, bearbeiten, exportieren
- **Kein** Lösch- und Manage-Recht
### Betrachter
- **Nur Leserechte** auf die meisten Module
- Keine Create/Edit/Delete/Export Rechte
## Test-Benutzer
Nach `doctrine:fixtures:load` verfügbar:
| Email | Passwort | Rolle | Name |
|-------|----------|-------|------|
| admin@mycrm.local | admin123 | Administrator | Admin User |
| sales@mycrm.local | sales123 | Vertriebsmitarbeiter | Max Mustermann |
⚠️ **Wichtig:** Diese Passwörter sind nur für Development! In Production bitte ändern.
## Usage in Code
### Berechtigung prüfen (in User-Entity)
```php
// In Controller oder Service
$user = $this->getUser();
if ($user->hasModulePermission('contacts', 'create')) {
// User darf Kontakte erstellen
}
if ($user->hasModulePermission('deals', 'delete')) {
// User darf Deals löschen
}
```
### Mögliche Aktionen
- `view` - Anzeigen
- `create` - Erstellen
- `edit` - Bearbeiten
- `delete` - Löschen
- `export` - Exportieren
- `manage` - Verwalten
### In Twig Templates
```twig
{% if app.user.hasModulePermission('contacts', 'create') %}
<button>Neuer Kontakt</button>
{% endif %}
```
### Mit Symfony Voters (empfohlen)
```php
// In Controller
$this->denyAccessUnlessGranted('MODULE_VIEW', 'contacts');
$this->denyAccessUnlessGranted('MODULE_CREATE', 'contacts');
```
## Neue Rolle erstellen
```php
use App\Entity\Role;
use App\Entity\RolePermission;
$role = new Role();
$role->setName('Kundensupport');
$role->setDescription('Support-Team mit eingeschränkten Rechten');
$role->setIsSystem(false);
$entityManager->persist($role);
// Berechtigungen hinzufügen
$contactsModule = $moduleRepository->findByCode('contacts');
$permission = new RolePermission();
$permission->setRole($role);
$permission->setModule($contactsModule);
$permission->setCanView(true);
$permission->setCanEdit(true);
$permission->setCanCreate(false);
$permission->setCanDelete(false);
$permission->setCanExport(false);
$permission->setCanManage(false);
$entityManager->persist($permission);
$entityManager->flush();
```
## Neues Modul hinzufügen
```php
use App\Entity\Module;
$module = new Module();
$module->setName('Tickets');
$module->setCode('tickets');
$module->setDescription('Support-Ticketsystem');
$module->setIcon('pi-ticket');
$module->setSortOrder(70);
$module->setIsActive(true);
$entityManager->persist($module);
$entityManager->flush();
// Dann Berechtigungen für existierende Rollen definieren...
```
## API Platform Integration
Die Entities können über API Platform exponiert werden:
```php
use ApiPlatform\Metadata\ApiResource;
#[ApiResource]
class Role { ... }
```
## Security Best Practices
1. **System-Rollen** (`isSystem = true`) können nicht gelöscht werden
2. **Passwörter** werden mit Symfony Password Hasher gehashed
3. **Inactive Users** (`isActive = false`) können sich nicht einloggen
4. **Symfony Standard Roles** (`ROLE_ADMIN`, `ROLE_USER`) für grundlegende Zugriffskontrolle
5. **Modulare Berechtigungen** für feingranulare Kontrolle
## Datenbank-Schema
```
users
├─ id, email, firstName, lastName, password, isActive
├─ roles (JSON Array - Symfony Standard Roles)
└─ createdAt, lastLoginAt
roles
├─ id, name, description, isSystem
└─ createdAt, updatedAt
modules
└─ id, name, code, description, icon, sortOrder, isActive
role_permissions
├─ id, role_id, module_id
└─ canView, canCreate, canEdit, canDelete, canExport, canManage
user_roles (ManyToMany Join Table)
└─ user_id, role_id
```
## Next Steps
- [ ] Voter erstellen für `MODULE_*` Permissions
- [ ] API Endpoints für Role Management
- [ ] Vue.js Components für User/Role Administration
- [ ] Audit Log für Berechtigungsänderungen

28
importmap.php Normal file
View File

@ -0,0 +1,28 @@
<?php
/**
* Returns the importmap for this application.
*
* - "path" is a path inside the asset mapper system. Use the
* "debug:asset-map" command to see the full list of paths.
*
* - "entrypoint" (JavaScript only) set to true for any module that will
* be used as an "entrypoint" (and passed to the importmap() Twig function).
*
* The "importmap:require" command can be used to add new entries to this file.
*/
return [
'app' => [
'path' => './assets/app.js',
'entrypoint' => true,
],
'@hotwired/stimulus' => [
'version' => '3.2.2',
],
'@symfony/stimulus-bundle' => [
'path' => './vendor/symfony/stimulus-bundle/assets/dist/loader.js',
],
'@hotwired/turbo' => [
'version' => '7.3.0',
],
];

0
migrations/.gitignore vendored Normal file
View File

49
migrations/Version20251108090624.php Normal file
View File

@ -0,0 +1,49 @@
<?php
declare(strict_types=1);
namespace DoctrineMigrations;
use Doctrine\DBAL\Schema\Schema;
use Doctrine\Migrations\AbstractMigration;
/**
* Auto-generated Migration: Please modify to your needs!
*/
final class Version20251108090624 extends AbstractMigration
{
public function getDescription(): string
{
return '';
}
public function up(Schema $schema): void
{
// this up() migration is auto-generated, please modify it to your needs
$this->addSql('CREATE TABLE modules (id INT AUTO_INCREMENT NOT NULL, name VARCHAR(100) NOT NULL, code VARCHAR(100) NOT NULL, description VARCHAR(255) DEFAULT NULL, is_active TINYINT(1) NOT NULL, sort_order INT NOT NULL, icon VARCHAR(50) DEFAULT NULL, UNIQUE INDEX UNIQ_2EB743D75E237E06 (name), UNIQUE INDEX UNIQ_2EB743D777153098 (code), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
$this->addSql('CREATE TABLE role_permissions (id INT AUTO_INCREMENT NOT NULL, role_id INT NOT NULL, module_id INT NOT NULL, can_view TINYINT(1) NOT NULL, can_create TINYINT(1) NOT NULL, can_edit TINYINT(1) NOT NULL, can_delete TINYINT(1) NOT NULL, can_export TINYINT(1) NOT NULL, can_manage TINYINT(1) NOT NULL, INDEX IDX_1FBA94E6D60322AC (role_id), INDEX IDX_1FBA94E6AFC2B591 (module_id), UNIQUE INDEX role_module_unique (role_id, module_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
$this->addSql('CREATE TABLE roles (id INT AUTO_INCREMENT NOT NULL, name VARCHAR(100) NOT NULL, description VARCHAR(255) DEFAULT NULL, is_system TINYINT(1) NOT NULL, created_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', updated_at DATETIME DEFAULT NULL COMMENT \'(DC2Type:datetime_immutable)\', UNIQUE INDEX UNIQ_B63E2EC75E237E06 (name), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
$this->addSql('CREATE TABLE users (id INT AUTO_INCREMENT NOT NULL, email VARCHAR(180) NOT NULL, first_name VARCHAR(100) NOT NULL, last_name VARCHAR(100) NOT NULL, is_active TINYINT(1) NOT NULL, roles JSON NOT NULL COMMENT \'(DC2Type:json)\', password VARCHAR(255) NOT NULL, created_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', last_login_at DATETIME DEFAULT NULL COMMENT \'(DC2Type:datetime_immutable)\', UNIQUE INDEX UNIQ_IDENTIFIER_EMAIL (email), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
$this->addSql('CREATE TABLE user_roles (user_id INT NOT NULL, role_id INT NOT NULL, INDEX IDX_54FCD59FA76ED395 (user_id), INDEX IDX_54FCD59FD60322AC (role_id), PRIMARY KEY(user_id, role_id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
$this->addSql('CREATE TABLE messenger_messages (id BIGINT AUTO_INCREMENT NOT NULL, body LONGTEXT NOT NULL, headers LONGTEXT NOT NULL, queue_name VARCHAR(190) NOT NULL, created_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', available_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', delivered_at DATETIME DEFAULT NULL COMMENT \'(DC2Type:datetime_immutable)\', INDEX IDX_75EA56E0FB7336F0 (queue_name), INDEX IDX_75EA56E0E3BD61CE (available_at), INDEX IDX_75EA56E016BA31DB (delivered_at), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
$this->addSql('ALTER TABLE role_permissions ADD CONSTRAINT FK_1FBA94E6D60322AC FOREIGN KEY (role_id) REFERENCES roles (id) ON DELETE CASCADE');
$this->addSql('ALTER TABLE role_permissions ADD CONSTRAINT FK_1FBA94E6AFC2B591 FOREIGN KEY (module_id) REFERENCES modules (id) ON DELETE CASCADE');
$this->addSql('ALTER TABLE user_roles ADD CONSTRAINT FK_54FCD59FA76ED395 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE');
$this->addSql('ALTER TABLE user_roles ADD CONSTRAINT FK_54FCD59FD60322AC FOREIGN KEY (role_id) REFERENCES roles (id) ON DELETE CASCADE');
}
public function down(Schema $schema): void
{
// this down() migration is auto-generated, please modify it to your needs
$this->addSql('ALTER TABLE role_permissions DROP FOREIGN KEY FK_1FBA94E6D60322AC');
$this->addSql('ALTER TABLE role_permissions DROP FOREIGN KEY FK_1FBA94E6AFC2B591');
$this->addSql('ALTER TABLE user_roles DROP FOREIGN KEY FK_54FCD59FA76ED395');
$this->addSql('ALTER TABLE user_roles DROP FOREIGN KEY FK_54FCD59FD60322AC');
$this->addSql('DROP TABLE modules');
$this->addSql('DROP TABLE role_permissions');
$this->addSql('DROP TABLE roles');
$this->addSql('DROP TABLE users');
$this->addSql('DROP TABLE user_roles');
$this->addSql('DROP TABLE messenger_messages');
}
}

6667
package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

33
package.json Normal file
View File

@ -0,0 +1,33 @@
{
"devDependencies": {
"@babel/core": "^7.17.0",
"@babel/preset-env": "^7.16.0",
"@symfony/webpack-encore": "^5.1.0",
"core-js": "^3.38.0",
"postcss": "^8.4.0",
"postcss-loader": "^7.0.0",
"regenerator-runtime": "^0.13.9",
"sass": "^1.70.0",
"sass-loader": "^16.0.0",
"vue": "^3.5.0",
"vue-loader": "^17.4.0",
"webpack": "^5.74.0",
"webpack-cli": "^5.1.0"
},
"dependencies": {
"@primevue/themes": "^4.4.1",
"pinia": "^2.2.0",
"primeflex": "^3.3.1",
"primeicons": "^7.0.0",
"primevue": "^4.3.0",
"vue-router": "^4.5.0"
},
"license": "UNLICENSED",
"private": true,
"scripts": {
"dev-server": "encore dev-server",
"dev": "encore dev",
"watch": "encore dev --watch",
"build": "encore production --progress"
}
}

44
phpunit.dist.xml Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- https://phpunit.readthedocs.io/en/latest/configuration.html -->
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
colors="true"
failOnDeprecation="true"
failOnNotice="true"
failOnWarning="true"
bootstrap="tests/bootstrap.php"
cacheDirectory=".phpunit.cache"
>
<php>
<ini name="display_errors" value="1" />
<ini name="error_reporting" value="-1" />
<server name="APP_ENV" value="test" force="true" />
<server name="SHELL_VERBOSITY" value="-1" />
</php>
<testsuites>
<testsuite name="Project Test Suite">
<directory>tests</directory>
</testsuite>
</testsuites>
<source ignoreSuppressionOfDeprecations="true"
ignoreIndirectDeprecations="true"
restrictNotices="true"
restrictWarnings="true"
>
<include>
<directory>src</directory>
</include>
<deprecationTrigger>
<method>Doctrine\Deprecations\Deprecation::trigger</method>
<method>Doctrine\Deprecations\Deprecation::delegateTriggerToBackend</method>
<function>trigger_deprecation</function>
</deprecationTrigger>
</source>
<extensions>
</extensions>
</phpunit>

9
public/index.php Normal file
View File

@ -0,0 +1,9 @@
<?php
use App\Kernel;
require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
return function (array $context) {
return new Kernel($context['APP_ENV'], (bool) $context['APP_DEBUG']);
};

0
src/ApiResource/.gitignore vendored Normal file
View File

115
src/Command/UserPermissionsCommand.php Normal file
View File

@ -0,0 +1,115 @@
<?php
namespace App\Command;
use App\Repository\UserRepository;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
#[AsCommand(
name: 'app:user:permissions',
description: 'Zeigt die Berechtigungen eines Benutzers an',
)]
class UserPermissionsCommand extends Command
{
public function __construct(
private UserRepository $userRepository
) {
parent::__construct();
}
protected function configure(): void
{
$this
->addArgument('email', InputArgument::REQUIRED, 'Email des Benutzers')
;
}
protected function execute(InputInterface $input, OutputInterface $output): int
{
$io = new SymfonyStyle($input, $output);
$email = $input->getArgument('email');
$user = $this->userRepository->findOneBy(['email' => $email]);
if (!$user) {
$io->error(sprintf('Benutzer mit Email "%s" nicht gefunden.', $email));
return Command::FAILURE;
}
$io->title(sprintf('Berechtigungen für: %s (%s)', $user->getFullName(), $user->getEmail()));
// Symfony Standard Roles
$io->section('Symfony Roles');
$io->listing($user->getRoles());
// Zugewiesene Rollen
$io->section('Zugewiesene Rollen');
$roles = $user->getUserRoles();
if ($roles->isEmpty()) {
$io->note('Keine Rollen zugewiesen');
} else {
foreach ($roles as $role) {
$io->text(sprintf('- %s (%s)', $role->getName(), $role->getDescription()));
}
}
// Modul-Berechtigungen
$io->section('Modul-Berechtigungen');
$allPermissions = [];
foreach ($roles as $role) {
foreach ($role->getPermissions() as $permission) {
$moduleCode = $permission->getModule()->getCode();
$moduleName = $permission->getModule()->getName();
if (!isset($allPermissions[$moduleCode])) {
$allPermissions[$moduleCode] = [
'name' => $moduleName,
'permissions' => []
];
}
// Merge permissions (OR logic - wenn eine Rolle erlaubt, ist es erlaubt)
if ($permission->canView()) $allPermissions[$moduleCode]['permissions']['view'] = true;
if ($permission->canCreate()) $allPermissions[$moduleCode]['permissions']['create'] = true;
if ($permission->canEdit()) $allPermissions[$moduleCode]['permissions']['edit'] = true;
if ($permission->canDelete()) $allPermissions[$moduleCode]['permissions']['delete'] = true;
if ($permission->canExport()) $allPermissions[$moduleCode]['permissions']['export'] = true;
if ($permission->canManage()) $allPermissions[$moduleCode]['permissions']['manage'] = true;
}
}
if (empty($allPermissions)) {
$io->note('Keine Modul-Berechtigungen definiert');
} else {
$rows = [];
foreach ($allPermissions as $moduleCode => $data) {
$perms = [];
if (isset($data['permissions']['view'])) $perms[] = '👁️ View';
if (isset($data['permissions']['create'])) $perms[] = ' Create';
if (isset($data['permissions']['edit'])) $perms[] = '✏️ Edit';
if (isset($data['permissions']['delete'])) $perms[] = '🗑️ Delete';
if (isset($data['permissions']['export'])) $perms[] = '📤 Export';
if (isset($data['permissions']['manage'])) $perms[] = '⚙️ Manage';
$rows[] = [
$data['name'],
$moduleCode,
implode(', ', $perms)
];
}
$io->table(['Modul', 'Code', 'Berechtigungen'], $rows);
}
$io->success('Berechtigungsübersicht erfolgreich angezeigt');
return Command::SUCCESS;
}
}

0
src/Controller/.gitignore vendored Normal file
View File

17
src/Controller/HomeController.php Normal file
View File

@ -0,0 +1,17 @@
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
class HomeController extends AbstractController
{
#[Route('/{reactRouting}', name: 'app_home', requirements: ['reactRouting' => '(?!login|logout|api).*'], defaults: ['reactRouting' => null], priority: -1)]
public function index(): Response
{
return $this->render('base.html.twig');
}
}

38
src/Controller/SecurityController.php Normal file
View File

@ -0,0 +1,38 @@
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
class SecurityController extends AbstractController
{
#[Route(path: '/login', name: 'app_login')]
public function login(AuthenticationUtils $authenticationUtils): Response
{
// Redirect to home if already logged in
if ($this->getUser()) {
return $this->redirectToRoute('app_home');
}
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', [
'last_username' => $lastUsername,
'error' => $error,
]);
}
#[Route(path: '/logout', name: 'app_logout')]
public function logout(): void
{
throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
}
}

192
src/DataFixtures/AppFixtures.php Normal file
View File

@ -0,0 +1,192 @@
<?php
namespace App\DataFixtures;
use App\Entity\Module;
use App\Entity\Role;
use App\Entity\RolePermission;
use App\Entity\User;
use Doctrine\Bundle\FixturesBundle\Fixture;
use Doctrine\Persistence\ObjectManager;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
class AppFixtures extends Fixture
{
public function __construct(
private UserPasswordHasherInterface $passwordHasher
) {
}
public function load(ObjectManager $manager): void
{
// Erstelle CRM-Module
$modules = [
[
'name' => 'Dashboard',
'code' => 'dashboard',
'description' => 'Übersicht und KPIs',
'icon' => 'pi-chart-line',
'sortOrder' => 10
],
[
'name' => 'Kontakte',
'code' => 'contacts',
'description' => 'Kontaktverwaltung',
'icon' => 'pi-users',
'sortOrder' => 20
],
[
'name' => 'Unternehmen',
'code' => 'companies',
'description' => 'Firmendatenbank',
'icon' => 'pi-building',
'sortOrder' => 30
],
[
'name' => 'Deals',
'code' => 'deals',
'description' => 'Sales-Pipeline',
'icon' => 'pi-dollar',
'sortOrder' => 40
],
[
'name' => 'Aktivitäten',
'code' => 'activities',
'description' => 'Interaktions-Historie',
'icon' => 'pi-calendar',
'sortOrder' => 50
],
[
'name' => 'Berichte',
'code' => 'reports',
'description' => 'Analytics und Reports',
'icon' => 'pi-chart-bar',
'sortOrder' => 60
],
[
'name' => 'Einstellungen',
'code' => 'settings',
'description' => 'Systemeinstellungen',
'icon' => 'pi-cog',
'sortOrder' => 100
],
];
$moduleEntities = [];
foreach ($modules as $moduleData) {
$module = new Module();
$module->setName($moduleData['name']);
$module->setCode($moduleData['code']);
$module->setDescription($moduleData['description']);
$module->setIcon($moduleData['icon']);
$module->setSortOrder($moduleData['sortOrder']);
$module->setIsActive(true);
$manager->persist($module);
$moduleEntities[$moduleData['code']] = $module;
}
// Erstelle Admin-Rolle
$adminRole = new Role();
$adminRole->setName('Administrator');
$adminRole->setDescription('Vollzugriff auf alle Module');
$adminRole->setIsSystem(true);
$manager->persist($adminRole);
// Gebe Admin-Rolle volle Rechte auf alle Module
foreach ($moduleEntities as $module) {
$permission = new RolePermission();
$permission->setRole($adminRole);
$permission->setModule($module);
$permission->setCanView(true);
$permission->setCanCreate(true);
$permission->setCanEdit(true);
$permission->setCanDelete(true);
$permission->setCanExport(true);
$permission->setCanManage(true);
$manager->persist($permission);
}
// Erstelle Vertriebsmitarbeiter-Rolle
$salesRole = new Role();
$salesRole->setName('Vertriebsmitarbeiter');
$salesRole->setDescription('Zugriff auf Kontakte, Deals und Aktivitäten');
$salesRole->setIsSystem(false);
$manager->persist($salesRole);
// Berechtigungen für Vertrieb
$salesModules = ['dashboard', 'contacts', 'companies', 'deals', 'activities'];
foreach ($salesModules as $moduleCode) {
if (isset($moduleEntities[$moduleCode])) {
$permission = new RolePermission();
$permission->setRole($salesRole);
$permission->setModule($moduleEntities[$moduleCode]);
$permission->setCanView(true);
$permission->setCanCreate($moduleCode !== 'dashboard');
$permission->setCanEdit($moduleCode !== 'dashboard');
$permission->setCanDelete(false);
$permission->setCanExport($moduleCode !== 'dashboard');
$permission->setCanManage(false);
$manager->persist($permission);
}
}
// Erstelle Nur-Lese-Rolle
$viewerRole = new Role();
$viewerRole->setName('Betrachter');
$viewerRole->setDescription('Nur Leserechte');
$viewerRole->setIsSystem(false);
$manager->persist($viewerRole);
// Nur Leserechte für bestimmte Module
$viewerModules = ['dashboard', 'contacts', 'companies', 'deals', 'activities', 'reports'];
foreach ($viewerModules as $moduleCode) {
if (isset($moduleEntities[$moduleCode])) {
$permission = new RolePermission();
$permission->setRole($viewerRole);
$permission->setModule($moduleEntities[$moduleCode]);
$permission->setCanView(true);
$permission->setCanCreate(false);
$permission->setCanEdit(false);
$permission->setCanDelete(false);
$permission->setCanExport(false);
$permission->setCanManage(false);
$manager->persist($permission);
}
}
// Erstelle Admin-Benutzer
$admin = new User();
$admin->setEmail('admin@mycrm.local');
$admin->setFirstName('Admin');
$admin->setLastName('User');
$admin->setIsActive(true);
$admin->setRoles(['ROLE_ADMIN']); // Symfony standard role
$admin->addUserRole($adminRole);
$hashedPassword = $this->passwordHasher->hashPassword($admin, 'admin123');
$admin->setPassword($hashedPassword);
$manager->persist($admin);
// Erstelle Test-Vertriebsmitarbeiter
$sales = new User();
$sales->setEmail('sales@mycrm.local');
$sales->setFirstName('Max');
$sales->setLastName('Mustermann');
$sales->setIsActive(true);
$sales->setRoles(['ROLE_USER']);
$sales->addUserRole($salesRole);
$hashedPassword = $this->passwordHasher->hashPassword($sales, 'sales123');
$sales->setPassword($hashedPassword);
$manager->persist($sales);
$manager->flush();
}
}

0
src/Entity/.gitignore vendored Normal file
View File

152
src/Entity/Module.php Normal file
View File

@ -0,0 +1,152 @@
<?php
namespace App\Entity;
use App\Repository\ModuleRepository;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\Mapping as ORM;
#[ORM\Entity(repositoryClass: ModuleRepository::class)]
#[ORM\Table(name: 'modules')]
class Module
{
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column]
private ?int $id = null;
#[ORM\Column(length: 100, unique: true)]
private ?string $name = null;
#[ORM\Column(length: 100, unique: true)]
private ?string $code = null;
#[ORM\Column(length: 255, nullable: true)]
private ?string $description = null;
#[ORM\Column]
private bool $isActive = true;
#[ORM\Column]
private int $sortOrder = 0;
#[ORM\Column(length: 50, nullable: true)]
private ?string $icon = null;
/**
* @var Collection<int, RolePermission>
*/
#[ORM\OneToMany(targetEntity: RolePermission::class, mappedBy: 'module', cascade: ['persist', 'remove'])]
private Collection $permissions;
public function __construct()
{
$this->permissions = new ArrayCollection();
}
public function getId(): ?int
{
return $this->id;
}
public function getName(): ?string
{
return $this->name;
}
public function setName(string $name): static
{
$this->name = $name;
return $this;
}
public function getCode(): ?string
{
return $this->code;
}
public function setCode(string $code): static
{
$this->code = $code;
return $this;
}
public function getDescription(): ?string
{
return $this->description;
}
public function setDescription(?string $description): static
{
$this->description = $description;
return $this;
}
public function isActive(): bool
{
return $this->isActive;
}
public function setIsActive(bool $isActive): static
{
$this->isActive = $isActive;
return $this;
}
public function getSortOrder(): int
{
return $this->sortOrder;
}
public function setSortOrder(int $sortOrder): static
{
$this->sortOrder = $sortOrder;
return $this;
}
public function getIcon(): ?string
{
return $this->icon;
}
public function setIcon(?string $icon): static
{
$this->icon = $icon;
return $this;
}
/**
* @return Collection<int, RolePermission>
*/
public function getPermissions(): Collection
{
return $this->permissions;
}
public function addPermission(RolePermission $permission): static
{
if (!$this->permissions->contains($permission)) {
$this->permissions->add($permission);
$permission->setModule($this);
}
return $this;
}
public function removePermission(RolePermission $permission): static
{
if ($this->permissions->removeElement($permission)) {
if ($permission->getModule() === $this) {
$permission->setModule(null);
}
}
return $this;
}
public function __toString(): string
{
return $this->name ?? '';
}
}

173
src/Entity/Role.php Normal file
View File

@ -0,0 +1,173 @@
<?php
namespace App\Entity;
use App\Repository\RoleRepository;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\Mapping as ORM;
#[ORM\Entity(repositoryClass: RoleRepository::class)]
#[ORM\Table(name: 'roles')]
class Role
{
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column]
private ?int $id = null;
#[ORM\Column(length: 100, unique: true)]
private ?string $name = null;
#[ORM\Column(length: 255, nullable: true)]
private ?string $description = null;
#[ORM\Column]
private bool $isSystem = false;
/**
* @var Collection<int, User>
*/
#[ORM\ManyToMany(targetEntity: User::class, mappedBy: 'userRoles')]
private Collection $users;
/**
* @var Collection<int, RolePermission>
*/
#[ORM\OneToMany(targetEntity: RolePermission::class, mappedBy: 'role', cascade: ['persist', 'remove'], orphanRemoval: true)]
private Collection $permissions;
#[ORM\Column]
private ?\DateTimeImmutable $createdAt = null;
#[ORM\Column(nullable: true)]
private ?\DateTimeImmutable $updatedAt = null;
public function __construct()
{
$this->users = new ArrayCollection();
$this->permissions = new ArrayCollection();
$this->createdAt = new \DateTimeImmutable();
}
public function getId(): ?int
{
return $this->id;
}
public function getName(): ?string
{
return $this->name;
}
public function setName(string $name): static
{
$this->name = $name;
return $this;
}
public function getDescription(): ?string
{
return $this->description;
}
public function setDescription(?string $description): static
{
$this->description = $description;
return $this;
}
public function isSystem(): bool
{
return $this->isSystem;
}
public function setIsSystem(bool $isSystem): static
{
$this->isSystem = $isSystem;
return $this;
}
/**
* @return Collection<int, User>
*/
public function getUsers(): Collection
{
return $this->users;
}
public function addUser(User $user): static
{
if (!$this->users->contains($user)) {
$this->users->add($user);
$user->addUserRole($this);
}
return $this;
}
public function removeUser(User $user): static
{
if ($this->users->removeElement($user)) {
$user->removeUserRole($this);
}
return $this;
}
/**
* @return Collection<int, RolePermission>
*/
public function getPermissions(): Collection
{
return $this->permissions;
}
public function addPermission(RolePermission $permission): static
{
if (!$this->permissions->contains($permission)) {
$this->permissions->add($permission);
$permission->setRole($this);
}
return $this;
}
public function removePermission(RolePermission $permission): static
{
if ($this->permissions->removeElement($permission)) {
if ($permission->getRole() === $this) {
$permission->setRole(null);
}
}
return $this;
}
public function getCreatedAt(): ?\DateTimeImmutable
{
return $this->createdAt;
}
public function setCreatedAt(\DateTimeImmutable $createdAt): static
{
$this->createdAt = $createdAt;
return $this;
}
public function getUpdatedAt(): ?\DateTimeImmutable
{
return $this->updatedAt;
}
public function setUpdatedAt(?\DateTimeImmutable $updatedAt): static
{
$this->updatedAt = $updatedAt;
return $this;
}
public function __toString(): string
{
return $this->name ?? '';
}
}

136
src/Entity/RolePermission.php Normal file
View File

@ -0,0 +1,136 @@
<?php
namespace App\Entity;
use App\Repository\RolePermissionRepository;
use Doctrine\ORM\Mapping as ORM;
#[ORM\Entity(repositoryClass: RolePermissionRepository::class)]
#[ORM\Table(name: 'role_permissions')]
#[ORM\UniqueConstraint(name: 'role_module_unique', columns: ['role_id', 'module_id'])]
class RolePermission
{
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column]
private ?int $id = null;
#[ORM\ManyToOne(targetEntity: Role::class, inversedBy: 'permissions')]
#[ORM\JoinColumn(nullable: false, onDelete: 'CASCADE')]
private ?Role $role = null;
#[ORM\ManyToOne(targetEntity: Module::class, inversedBy: 'permissions')]
#[ORM\JoinColumn(nullable: false, onDelete: 'CASCADE')]
private ?Module $module = null;
#[ORM\Column]
private bool $canView = false;
#[ORM\Column]
private bool $canCreate = false;
#[ORM\Column]
private bool $canEdit = false;
#[ORM\Column]
private bool $canDelete = false;
#[ORM\Column]
private bool $canExport = false;
#[ORM\Column]
private bool $canManage = false;
public function getId(): ?int
{
return $this->id;
}
public function getRole(): ?Role
{
return $this->role;
}
public function setRole(?Role $role): static
{
$this->role = $role;
return $this;
}
public function getModule(): ?Module
{
return $this->module;
}
public function setModule(?Module $module): static
{
$this->module = $module;
return $this;
}
public function canView(): bool
{
return $this->canView;
}
public function setCanView(bool $canView): static
{
$this->canView = $canView;
return $this;
}
public function canCreate(): bool
{
return $this->canCreate;
}
public function setCanCreate(bool $canCreate): static
{
$this->canCreate = $canCreate;
return $this;
}
public function canEdit(): bool
{
return $this->canEdit;
}
public function setCanEdit(bool $canEdit): static
{
$this->canEdit = $canEdit;
return $this;
}
public function canDelete(): bool
{
return $this->canDelete;
}
public function setCanDelete(bool $canDelete): static
{
$this->canDelete = $canDelete;
return $this;
}
public function canExport(): bool
{
return $this->canExport;
}
public function setCanExport(bool $canExport): static
{
$this->canExport = $canExport;
return $this;
}
public function canManage(): bool
{
return $this->canManage;
}
public function setCanManage(bool $canManage): static
{
$this->canManage = $canManage;
return $this;
}
}

247
src/Entity/User.php Normal file
View File

@ -0,0 +1,247 @@
<?php
namespace App\Entity;
use App\Repository\UserRepository;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\UserInterface;
#[ORM\Entity(repositoryClass: UserRepository::class)]
#[ORM\Table(name: 'users')]
#[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_EMAIL', fields: ['email'])]
class User implements UserInterface, PasswordAuthenticatedUserInterface
{
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column]
private ?int $id = null;
#[ORM\Column(length: 180)]
private ?string $email = null;
#[ORM\Column(length: 100)]
private ?string $firstName = null;
#[ORM\Column(length: 100)]
private ?string $lastName = null;
#[ORM\Column]
private bool $isActive = true;
/**
* @var list<string> The user roles (Symfony standard roles for basic access control)
*/
#[ORM\Column]
private array $roles = [];
/**
* @var Collection<int, Role>
*/
#[ORM\ManyToMany(targetEntity: Role::class, inversedBy: 'users')]
#[ORM\JoinTable(name: 'user_roles')]
private Collection $userRoles;
/**
* @var string The hashed password
*/
#[ORM\Column]
private ?string $password = null;
#[ORM\Column]
private ?\DateTimeImmutable $createdAt = null;
#[ORM\Column(nullable: true)]
private ?\DateTimeImmutable $lastLoginAt = null;
public function __construct()
{
$this->userRoles = new ArrayCollection();
$this->createdAt = new \DateTimeImmutable();
}
public function getId(): ?int
{
return $this->id;
}
public function getEmail(): ?string
{
return $this->email;
}
public function setEmail(string $email): static
{
$this->email = $email;
return $this;
}
/**
* A visual identifier that represents this user.
*
* @see UserInterface
*/
public function getUserIdentifier(): string
{
return (string) $this->email;
}
/**
* @see UserInterface
*/
public function getRoles(): array
{
$roles = $this->roles;
// guarantee every user at least has ROLE_USER
$roles[] = 'ROLE_USER';
return array_unique($roles);
}
/**
* @param list<string> $roles
*/
public function setRoles(array $roles): static
{
$this->roles = $roles;
return $this;
}
/**
* @see PasswordAuthenticatedUserInterface
*/
public function getPassword(): ?string
{
return $this->password;
}
public function setPassword(string $password): static
{
$this->password = $password;
return $this;
}
#[\Deprecated]
public function eraseCredentials(): void
{
// @deprecated, to be removed when upgrading to Symfony 8
}
public function getFirstName(): ?string
{
return $this->firstName;
}
public function setFirstName(string $firstName): static
{
$this->firstName = $firstName;
return $this;
}
public function getLastName(): ?string
{
return $this->lastName;
}
public function setLastName(string $lastName): static
{
$this->lastName = $lastName;
return $this;
}
public function getFullName(): string
{
return trim($this->firstName . ' ' . $this->lastName);
}
public function isActive(): bool
{
return $this->isActive;
}
public function setIsActive(bool $isActive): static
{
$this->isActive = $isActive;
return $this;
}
/**
* @return Collection<int, Role>
*/
public function getUserRoles(): Collection
{
return $this->userRoles;
}
public function addUserRole(Role $role): static
{
if (!$this->userRoles->contains($role)) {
$this->userRoles->add($role);
}
return $this;
}
public function removeUserRole(Role $role): static
{
$this->userRoles->removeElement($role);
return $this;
}
/**
* Check if user has permission for a specific module and action
*/
public function hasModulePermission(string $moduleCode, string $action): bool
{
foreach ($this->userRoles as $role) {
foreach ($role->getPermissions() as $permission) {
if ($permission->getModule()->getCode() === $moduleCode) {
return match($action) {
'view' => $permission->canView(),
'create' => $permission->canCreate(),
'edit' => $permission->canEdit(),
'delete' => $permission->canDelete(),
'export' => $permission->canExport(),
'manage' => $permission->canManage(),
default => false,
};
}
}
}
return false;
}
public function getCreatedAt(): ?\DateTimeImmutable
{
return $this->createdAt;
}
public function setCreatedAt(\DateTimeImmutable $createdAt): static
{
$this->createdAt = $createdAt;
return $this;
}
public function getLastLoginAt(): ?\DateTimeImmutable
{
return $this->lastLoginAt;
}
public function setLastLoginAt(?\DateTimeImmutable $lastLoginAt): static
{
$this->lastLoginAt = $lastLoginAt;
return $this;
}
public function __toString(): string
{
return $this->getFullName();
}
}

31
src/EventListener/LoginSuccessListener.php Normal file
View File

@ -0,0 +1,31 @@
<?php
namespace App\EventListener;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
#[AsEventListener(event: LoginSuccessEvent::class)]
class LoginSuccessListener
{
public function __construct(
private EntityManagerInterface $entityManager
) {
}
public function __invoke(LoginSuccessEvent $event): void
{
$user = $event->getUser();
if (!$user instanceof User) {
return;
}
// Update last login timestamp
$user->setLastLoginAt(new \DateTimeImmutable());
$this->entityManager->flush();
}
}

11
src/Kernel.php Normal file
View File

@ -0,0 +1,11 @@
<?php
namespace App;
use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
use Symfony\Component\HttpKernel\Kernel as BaseKernel;
class Kernel extends BaseKernel
{
use MicroKernelTrait;
}

0
src/Repository/.gitignore vendored Normal file
View File

38
src/Repository/ModuleRepository.php Normal file
View File

@ -0,0 +1,38 @@
<?php
namespace App\Repository;
use App\Entity\Module;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
/**
* @extends ServiceEntityRepository<Module>
*/
class ModuleRepository extends ServiceEntityRepository
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, Module::class);
}
public function findActiveModules(): array
{
return $this->createQueryBuilder('m')
->where('m.isActive = :isActive')
->setParameter('isActive', true)
->orderBy('m.sortOrder', 'ASC')
->addOrderBy('m.name', 'ASC')
->getQuery()
->getResult();
}
public function findByCode(string $code): ?Module
{
return $this->createQueryBuilder('m')
->where('m.code = :code')
->setParameter('code', $code)
->getQuery()
->getOneOrNullResult();
}
}

30
src/Repository/RolePermissionRepository.php Normal file
View File

@ -0,0 +1,30 @@
<?php
namespace App\Repository;
use App\Entity\RolePermission;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
/**
* @extends ServiceEntityRepository<RolePermission>
*/
class RolePermissionRepository extends ServiceEntityRepository
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, RolePermission::class);
}
public function findPermissionsForRole(int $roleId): array
{
return $this->createQueryBuilder('rp')
->join('rp.module', 'm')
->where('rp.role = :roleId')
->setParameter('roleId', $roleId)
->orderBy('m.sortOrder', 'ASC')
->addOrderBy('m.name', 'ASC')
->getQuery()
->getResult();
}
}

36
src/Repository/RoleRepository.php Normal file
View File

@ -0,0 +1,36 @@
<?php
namespace App\Repository;
use App\Entity\Role;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
/**
* @extends ServiceEntityRepository<Role>
*/
class RoleRepository extends ServiceEntityRepository
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, Role::class);
}
public function findActiveRoles(): array
{
return $this->createQueryBuilder('r')
->orderBy('r.name', 'ASC')
->getQuery()
->getResult();
}
public function findNonSystemRoles(): array
{
return $this->createQueryBuilder('r')
->where('r.isSystem = :isSystem')
->setParameter('isSystem', false)
->orderBy('r.name', 'ASC')
->getQuery()
->getResult();
}
}

60
src/Repository/UserRepository.php Normal file
View File

@ -0,0 +1,60 @@
<?php
namespace App\Repository;
use App\Entity\User;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
/**
* @extends ServiceEntityRepository<User>
*/
class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, User::class);
}
/**
* Used to upgrade (rehash) the user's password automatically over time.
*/
public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
{
if (!$user instanceof User) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', $user::class));
}
$user->setPassword($newHashedPassword);
$this->getEntityManager()->persist($user);
$this->getEntityManager()->flush();
}
// /**
// * @return User[] Returns an array of User objects
// */
// public function findByExampleField($value): array
// {
// return $this->createQueryBuilder('u')
// ->andWhere('u.exampleField = :val')
// ->setParameter('val', $value)
// ->orderBy('u.id', 'ASC')
// ->setMaxResults(10)
// ->getQuery()
// ->getResult()
// ;
// }
// public function findOneBySomeField($value): ?User
// {
// return $this->createQueryBuilder('u')
// ->andWhere('u.exampleField = :val')
// ->setParameter('val', $value)
// ->getQuery()
// ->getOneOrNullResult()
// ;
// }
}

72
src/Security/Voter/ModuleVoter.php Normal file
View File

@ -0,0 +1,72 @@
<?php
namespace App\Security\Voter;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class ModuleVoter extends Voter
{
public const VIEW = 'MODULE_VIEW';
public const CREATE = 'MODULE_CREATE';
public const EDIT = 'MODULE_EDIT';
public const DELETE = 'MODULE_DELETE';
public const EXPORT = 'MODULE_EXPORT';
public const MANAGE = 'MODULE_MANAGE';
protected function supports(string $attribute, mixed $subject): bool
{
// Der Voter unterstützt MODULE_* Attribute
// Subject ist der Module-Code als String (z.B. 'contacts', 'deals')
return in_array($attribute, [
self::VIEW,
self::CREATE,
self::EDIT,
self::DELETE,
self::EXPORT,
self::MANAGE,
]) && is_string($subject);
}
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
$user = $token->getUser();
// User muss eingeloggt sein
if (!$user instanceof User) {
return false;
}
// Inaktive User haben keine Rechte
if (!$user->isActive()) {
return false;
}
// ROLE_ADMIN hat automatisch alle Rechte
if (in_array('ROLE_ADMIN', $user->getRoles())) {
return true;
}
// $subject ist der Module-Code (z.B. 'contacts')
$moduleCode = $subject;
// Map Voter-Attribute auf Permission-Actions
$action = match($attribute) {
self::VIEW => 'view',
self::CREATE => 'create',
self::EDIT => 'edit',
self::DELETE => 'delete',
self::EXPORT => 'export',
self::MANAGE => 'manage',
default => null,
};
if ($action === null) {
return false;
}
// Prüfe ob User die Berechtigung hat
return $user->hasModulePermission($moduleCode, $action);
}
}

350
symfony.lock Normal file
View File

@ -0,0 +1,350 @@
{
"api-platform/core": {
"version": "4.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "4.0",
"ref": "cb9e6b8ceb9b62f32d41fc8ad72a25d5bd674c6d"
},
"files": [
"config/packages/api_platform.yaml",
"config/routes/api_platform.yaml",
"src/ApiResource/.gitignore"
]
},
"doctrine/deprecations": {
"version": "1.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "1.0",
"ref": "87424683adc81d7dc305eefec1fced883084aab9"
}
},
"doctrine/doctrine-bundle": {
"version": "2.18",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "2.13",
"ref": "620b57f496f2e599a6015a9fa222c2ee0a32adcb"
},
"files": [
"config/packages/doctrine.yaml",
"src/Entity/.gitignore",
"src/Repository/.gitignore"
]
},
"doctrine/doctrine-fixtures-bundle": {
"version": "4.3",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "3.0",
"ref": "1f5514cfa15b947298df4d771e694e578d4c204d"
},
"files": [
"src/DataFixtures/AppFixtures.php"
]
},
"doctrine/doctrine-migrations-bundle": {
"version": "3.6",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "3.1",
"ref": "1d01ec03c6ecbd67c3375c5478c9a423ae5d6a33"
},
"files": [
"config/packages/doctrine_migrations.yaml",
"migrations/.gitignore"
]
},
"nelmio/cors-bundle": {
"version": "2.6",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "1.5",
"ref": "6bea22e6c564fba3a1391615cada1437d0bde39c"
},
"files": [
"config/packages/nelmio_cors.yaml"
]
},
"phpunit/phpunit": {
"version": "12.4",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "11.1",
"ref": "1117deb12541f35793eec9fff7494d7aa12283fc"
},
"files": [
".env.test",
"phpunit.dist.xml",
"tests/bootstrap.php",
"bin/phpunit"
]
},
"symfony/asset-mapper": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "6.4",
"ref": "5ad1308aa756d58f999ffbe1540d1189f5d7d14a"
},
"files": [
"assets/app.js",
"assets/styles/app.css",
"config/packages/asset_mapper.yaml",
"importmap.php"
]
},
"symfony/console": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "5.3",
"ref": "1781ff40d8a17d87cf53f8d4cf0c8346ed2bb461"
},
"files": [
"bin/console"
]
},
"symfony/debug-bundle": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "5.3",
"ref": "5aa8aa48234c8eb6dbdd7b3cd5d791485d2cec4b"
},
"files": [
"config/packages/debug.yaml"
]
},
"symfony/flex": {
"version": "2.9",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "2.4",
"ref": "52e9754527a15e2b79d9a610f98185a1fe46622a"
},
"files": [
".env",
".env.dev"
]
},
"symfony/framework-bundle": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "7.0",
"ref": "6356c19b9ae08e7763e4ba2d9ae63043efc75db5"
},
"files": [
"config/packages/cache.yaml",
"config/packages/framework.yaml",
"config/preload.php",
"config/routes/framework.yaml",
"config/services.yaml",
"public/index.php",
"src/Controller/.gitignore",
"src/Kernel.php"
]
},
"symfony/mailer": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "4.3",
"ref": "09051cfde49476e3c12cd3a0e44289ace1c75a4f"
},
"files": [
"config/packages/mailer.yaml"
]
},
"symfony/maker-bundle": {
"version": "1.64",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "1.0",
"ref": "fadbfe33303a76e25cb63401050439aa9b1a9c7f"
}
},
"symfony/messenger": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "6.0",
"ref": "d8936e2e2230637ef97e5eecc0eea074eecae58b"
},
"files": [
"config/packages/messenger.yaml"
]
},
"symfony/monolog-bundle": {
"version": "3.10",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "3.7",
"ref": "f5f5f3e4c23f5349796b7de587f19c51e7104299"
},
"files": [
"config/packages/monolog.yaml"
]
},
"symfony/notifier": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "5.0",
"ref": "178877daf79d2dbd62129dd03612cb1a2cb407cc"
},
"files": [
"config/packages/notifier.yaml"
]
},
"symfony/routing": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "7.0",
"ref": "ab1e60e2afd5c6f4a6795908f646e235f2564eb2"
},
"files": [
"config/packages/routing.yaml",
"config/routes.yaml"
]
},
"symfony/security-bundle": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "6.4",
"ref": "2ae08430db28c8eb4476605894296c82a642028f"
},
"files": [
"config/packages/security.yaml",
"config/routes/security.yaml"
]
},
"symfony/stimulus-bundle": {
"version": "2.31",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "2.13",
"ref": "6acd9ff4f7fd5626d2962109bd4ebab351d43c43"
},
"files": [
"assets/bootstrap.js",
"assets/controllers.json",
"assets/controllers/hello_controller.js"
]
},
"symfony/translation": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "6.3",
"ref": "620a1b84865ceb2ba304c8f8bf2a185fbf32a843"
},
"files": [
"config/packages/translation.yaml",
"translations/.gitignore"
]
},
"symfony/twig-bundle": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "6.4",
"ref": "cab5fd2a13a45c266d45a7d9337e28dee6272877"
},
"files": [
"config/packages/twig.yaml",
"templates/base.html.twig"
]
},
"symfony/ux-turbo": {
"version": "2.31",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "2.19",
"ref": "9dd2778a116b6e5e01e5e1582d03d5a9e82630de"
}
},
"symfony/validator": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "7.0",
"ref": "8c1c4e28d26a124b0bb273f537ca8ce443472bfd"
},
"files": [
"config/packages/validator.yaml"
]
},
"symfony/web-profiler-bundle": {
"version": "7.1",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "6.1",
"ref": "8b51135b84f4266e3b4c8a6dc23c9d1e32e543b7"
},
"files": [
"config/packages/web_profiler.yaml",
"config/routes/web_profiler.yaml"
]
},
"symfony/webapp-pack": {
"version": "1.3",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "1.0",
"ref": "7d5c5e282f7e2c36a2c3bbb1504f78456c352407"
},
"files": [
"config/packages/messenger.yaml"
]
},
"symfony/webpack-encore-bundle": {
"version": "2.3",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "2.0",
"ref": "719f6110345acb6495e496601fc1b4977d7102b3"
},
"files": [
"assets/app.js",
"assets/styles/app.css",
"config/packages/webpack_encore.yaml",
"package.json",
"webpack.config.js"
]
},
"twig/extra-bundle": {
"version": "v3.22.0"
}
}

30
templates/base.html.twig Normal file
View File

@ -0,0 +1,30 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}myCRM - Moderne CRM-Lösung{% endblock %}</title>
<link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 128 128%22><text y=%221.2em%22 font-size=%2296%22>📊</text></svg>">
{% block stylesheets %}
{{ encore_entry_link_tags('app') }}
{% endblock %}
{% block javascripts %}
{{ encore_entry_script_tags('app') }}
{% endblock %}
</head>
<body>
<div id="app"
data-user="{{ app.user ? {
id: app.user.id,
email: app.user.email,
firstName: app.user.firstName,
lastName: app.user.lastName,
fullName: app.user.fullName,
roles: app.user.roles
}|json_encode|e('html_attr') : 'null' }}"
></div>
{% block body %}{% endblock %}
</body>
</html>

210
templates/security/login.html.twig Normal file
View File

@ -0,0 +1,210 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login - myCRM</title>
{{ encore_entry_link_tags('app') }}
<style>
body {
margin: 0;
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
}
.login-container {
background: white;
border-radius: 12px;
box-shadow: 0 10px 40px rgba(0, 0, 0, 0.2);
padding: 3rem;
width: 100%;
max-width: 450px;
}
.login-header {
text-align: center;
margin-bottom: 2rem;
}
.login-header h1 {
margin: 0;
color: #2563eb;
font-size: 2rem;
font-weight: 700;
}
.login-header p {
margin: 0.5rem 0 0;
color: #6b7280;
font-size: 0.95rem;
}
.form-group {
margin-bottom: 1.5rem;
}
.form-group label {
display: block;
margin-bottom: 0.5rem;
color: #374151;
font-weight: 500;
font-size: 0.9rem;
}
.form-control {
width: 100%;
padding: 0.75rem 1rem;
border: 1px solid #d1d5db;
border-radius: 6px;
font-size: 1rem;
transition: border-color 0.2s, box-shadow 0.2s;
}
.form-control:focus {
outline: none;
border-color: #2563eb;
box-shadow: 0 0 0 3px rgba(37, 99, 235, 0.1);
}
.btn-login {
width: 100%;
padding: 0.875rem;
background: #2563eb;
color: white;
border: none;
border-radius: 6px;
font-size: 1rem;
font-weight: 600;
cursor: pointer;
transition: background 0.2s;
}
.btn-login:hover {
background: #1d4ed8;
}
.btn-login:active {
background: #1e40af;
}
.alert {
padding: 1rem;
border-radius: 6px;
margin-bottom: 1.5rem;
font-size: 0.9rem;
}
.alert-danger {
background: #fef2f2;
color: #991b1b;
border: 1px solid #fecaca;
}
.alert-info {
background: #eff6ff;
color: #1e40af;
border: 1px solid #bfdbfe;
}
.remember-me {
display: flex;
align-items: center;
gap: 0.5rem;
margin-bottom: 1.5rem;
}
.remember-me input[type="checkbox"] {
width: 18px;
height: 18px;
cursor: pointer;
}
.remember-me label {
margin: 0;
cursor: pointer;
font-weight: normal;
color: #6b7280;
}
.test-credentials {
margin-top: 2rem;
padding: 1rem;
background: #f9fafb;
border-radius: 6px;
font-size: 0.85rem;
}
.test-credentials h4 {
margin: 0 0 0.75rem;
color: #374151;
font-size: 0.9rem;
}
.test-credentials div {
margin: 0.5rem 0;
color: #6b7280;
}
.test-credentials code {
background: white;
padding: 0.25rem 0.5rem;
border-radius: 3px;
color: #2563eb;
font-family: 'Courier New', monospace;
}
</style>
</head>
<body>
<div class="login-container">
<div class="login-header">
<h1>📊 myCRM</h1>
<p>Moderne CRM-Lösung</p>
</div>
{% if error %}
<div class="alert alert-danger">
{{ error.messageKey|trans(error.messageData, 'security') }}
</div>
{% endif %}
{% if app.user %}
<div class="alert alert-info">
Sie sind bereits angemeldet als <strong>{{ app.user.userIdentifier }}</strong>.
<a href="{{ path('app_logout') }}">Abmelden</a> oder
<a href="/">zum Dashboard</a>
</div>
{% else %}
<form method="post">
<div class="form-group">
<label for="username">E-Mail-Adresse</label>
<input
type="email"
value="{{ last_username }}"
name="_username"
id="username"
class="form-control"
autocomplete="email"
placeholder="ihre@email.de"
required
autofocus
>
</div>
<div class="form-group">
<label for="password">Passwort</label>
<input
type="password"
name="_password"
id="password"
class="form-control"
autocomplete="current-password"
placeholder="••••••••"
required
>
</div>
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
<div class="remember-me">
<input type="checkbox" name="_remember_me" id="_remember_me">
<label for="_remember_me">Angemeldet bleiben</label>
</div>
<button class="btn-login" type="submit">
Anmelden
</button>
</form>
<div class="test-credentials">
<h4>🔐 Test-Zugangsdaten (Development):</h4>
<div><strong>Administrator:</strong> <code>admin@mycrm.local</code> / <code>admin123</code></div>
<div><strong>Vertrieb:</strong> <code>sales@mycrm.local</code> / <code>sales123</code></div>
</div>
{% endif %}
</div>
</body>
</html>

83
tests/LoginControllerTest.php Normal file
View File

@ -0,0 +1,83 @@
<?php
namespace App\Tests;
use App\Entity\User;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
class LoginControllerTest extends WebTestCase
{
private KernelBrowser $client;
protected function setUp(): void
{
$this->client = static::createClient();
$container = static::getContainer();
$em = $container->get('doctrine.orm.entity_manager');
$userRepository = $em->getRepository(User::class);
// Remove any existing users from the test database
foreach ($userRepository->findAll() as $user) {
$em->remove($user);
}
$em->flush();
// Create a User fixture
/** @var UserPasswordHasherInterface $passwordHasher */
$passwordHasher = $container->get('security.user_password_hasher');
$user = (new User())->setEmail('email@example.com');
$user->setPassword($passwordHasher->hashPassword($user, 'password'));
$em->persist($user);
$em->flush();
}
public function testLogin(): void
{
// Denied - Can't login with invalid email address.
$this->client->request('GET', '/login');
self::assertResponseIsSuccessful();
$this->client->submitForm('Sign in', [
'_username' => 'doesNotExist@example.com',
'_password' => 'password',
]);
self::assertResponseRedirects('/login');
$this->client->followRedirect();
// Ensure we do not reveal if the user exists or not.
self::assertSelectorTextContains('.alert-danger', 'Invalid credentials.');
// Denied - Can't login with invalid password.
$this->client->request('GET', '/login');
self::assertResponseIsSuccessful();
$this->client->submitForm('Sign in', [
'_username' => 'email@example.com',
'_password' => 'bad-password',
]);
self::assertResponseRedirects('/login');
$this->client->followRedirect();
// Ensure we do not reveal the user exists but the password is wrong.
self::assertSelectorTextContains('.alert-danger', 'Invalid credentials.');
// Success - Login with valid credentials is allowed.
$this->client->submitForm('Sign in', [
'_username' => 'email@example.com',
'_password' => 'password',
]);
self::assertResponseRedirects('/');
$this->client->followRedirect();
self::assertSelectorNotExists('.alert-danger');
self::assertResponseIsSuccessful();
}
}

13
tests/bootstrap.php Normal file
View File

@ -0,0 +1,13 @@
<?php
use Symfony\Component\Dotenv\Dotenv;
require dirname(__DIR__).'/vendor/autoload.php';
if (method_exists(Dotenv::class, 'bootEnv')) {
(new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
}
if ($_SERVER['APP_DEBUG']) {
umask(0000);
}

0
translations/.gitignore vendored Normal file
View File

76
webpack.config.js Normal file
View File

@ -0,0 +1,76 @@
const Encore = require('@symfony/webpack-encore');
// Manually configure the runtime environment if not already configured yet by the "encore" command.
// It's useful when you use tools that rely on webpack.config.js file.
if (!Encore.isRuntimeEnvironmentConfigured()) {
Encore.configureRuntimeEnvironment(process.env.NODE_ENV || 'dev');
}
Encore
// directory where compiled assets will be stored
.setOutputPath('public/build/')
// public path used by the web server to access the output path
.setPublicPath('/build')
// only needed for CDN's or subdirectory deploy
//.setManifestKeyPrefix('build/')
/*
* ENTRY CONFIG
*
* Each entry will result in one JavaScript file (e.g. app.js)
* and one CSS file (e.g. app.css) if your JavaScript imports CSS.
*/
.addEntry('app', './assets/app.js')
// When enabled, Webpack "splits" your files into smaller pieces for greater optimization.
.splitEntryChunks()
// will require an extra script tag for runtime.js
// but, you probably want this, unless you're building a single-page app
.enableSingleRuntimeChunk()
/*
* FEATURE CONFIG
*
* Enable & configure other features below. For a full
* list of features, see:
* https://symfony.com/doc/current/frontend.html#adding-more-features
*/
.cleanupOutputBeforeBuild()
// Displays build status system notifications to the user
// .enableBuildNotifications()
.enableSourceMaps(!Encore.isProduction())
// enables hashed filenames (e.g. app.abc123.css)
.enableVersioning(Encore.isProduction())
// configure Babel
// .configureBabel((config) => {
// config.plugins.push('@babel/a-babel-plugin');
// })
// enables and configure @babel/preset-env polyfills
.configureBabelPresetEnv((config) => {
config.useBuiltIns = 'usage';
config.corejs = '3.38';
})
// enables Sass/SCSS support
.enableSassLoader()
// Enable Vue.js support
.enableVueLoader()
// uncomment if you use TypeScript
//.enableTypeScriptLoader()
// uncomment to get integrity="..." attributes on your script & link tags
// requires WebpackEncoreBundle 1.4 or higher
//.enableIntegrityHashes(Encore.isProduction())
// Enable PostCSS loader for Vue SFCs
.enablePostCssLoader()
;
module.exports = Encore.getWebpackConfig();