diff --git a/.github/workflows/ppd.yml b/.github/workflows/ppd.yml
index eff21432..29270445 100644
--- a/.github/workflows/ppd.yml
+++ b/.github/workflows/ppd.yml
@@ -112,7 +112,7 @@ jobs:
   deploy-back-lecoffre:
     needs: build-and-push-images-lecoffre
     runs-on: ubuntu-latest
-    environment: staging
+    environment: preprod
     steps:
       - name: Install CLI
         uses: scaleway/action-scw@v0
@@ -183,7 +183,7 @@ jobs:
   deploy-cron-lecoffre:
     needs: build-and-push-images-lecoffre
     runs-on: ubuntu-latest
-    environment: staging
+    environment: preprod
     steps:
       - name: Install CLI
         uses: scaleway/action-scw@v0
@@ -211,6 +211,7 @@ jobs:
             scw container container update ${{ env.CONTAINER_ID }} $env_string       
         env:
           ENV_VARS: ${{ secrets.ENV }}
+
           SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY_LECOFFRE }}
           SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY_LECOFFRE }}
           SCW_DEFAULT_PROJECT_ID: ${{ env.PROJECT_ID_LECOFFRE }}
diff --git a/.github/workflows/prd.yml b/.github/workflows/prd.yml
index d19ff352..718abfdd 100644
--- a/.github/workflows/prd.yml
+++ b/.github/workflows/prd.yml
@@ -111,7 +111,7 @@ jobs:
   deploy-back-lecoffre:
     needs: build-and-push-images-lecoffre
     runs-on: ubuntu-latest
-    environment: staging
+    environment: prod
     steps:
       - name: Install CLI
         uses: scaleway/action-scw@v0
@@ -181,7 +181,7 @@ jobs:
   deploy-cron-lecoffre:
     needs: build-and-push-images-lecoffre
     runs-on: ubuntu-latest
-    environment: staging
+    environment: prod
     steps:
       - name: Install CLI
         uses: scaleway/action-scw@v0
@@ -209,6 +209,7 @@ jobs:
             scw container container update ${{ env.CONTAINER_ID }} $env_string       
         env:
           ENV_VARS: ${{ secrets.ENV }}
+
           SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY_LECOFFRE }}
           SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY_LECOFFRE }}
           SCW_DEFAULT_PROJECT_ID: ${{ env.PROJECT_ID_LECOFFRE }}
diff --git a/.github/workflows/stg.yml b/.github/workflows/stg.yml
index b4ceffe2..bd024bec 100644
--- a/.github/workflows/stg.yml
+++ b/.github/workflows/stg.yml
@@ -213,3 +213,4 @@ jobs:
           SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY_LECOFFRE }}
           SCW_DEFAULT_PROJECT_ID: ${{ env.PROJECT_ID_LECOFFRE }}
           SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID_LECOFFRE }}
+
diff --git a/Dockerfile-Cron b/Dockerfile-Cron
index 3dbfefe4..77780e6f 100644
--- a/Dockerfile-Cron
+++ b/Dockerfile-Cron
@@ -15,13 +15,6 @@ RUN ssh-keyscan github.com smart-chain-fr/leCoffre-resources.git >> /root/.ssh/k
 
 RUN npm install --frozen-lockfile
 
-# Rebuild the source code only when needed
-FROM node:19-alpine AS builder
-
-WORKDIR leCoffre
-
-COPY --from=deps leCoffre/node_modules ./node_modules
-COPY --from=deps leCoffre/package.json package.json
 COPY tsconfig.json tsconfig.json
 COPY src src
 
@@ -35,11 +28,12 @@ WORKDIR leCoffre
 
 RUN adduser -D lecoffreuser --uid 10000 && chown -R lecoffreuser .
 
-COPY --from=builder --chown=lecoffreuser leCoffre/node_modules ./node_modules
-COPY --from=builder --chown=lecoffreuser leCoffre/dist dist
-COPY --from=builder --chown=lecoffreuser leCoffre/package.json ./package.json
-COPY --from=builder --chown=lecoffreuser leCoffre/src/common/databases ./src/common/databases 
+COPY --from=deps --chown=lecoffreuser leCoffre/node_modules ./node_modules
+COPY --from=deps --chown=lecoffreuser leCoffre/dist dist
+COPY --from=deps --chown=lecoffreuser leCoffre/package.json ./package.json
+COPY --from=deps --chown=lecoffreuser leCoffre/src/common/databases ./src/common/databases
 
+RUN apk update && apk add chromium
 USER lecoffreuser
 
 CMD ["npm", "run", "cron"]
diff --git a/devops/ppd.values.yaml b/devops/ppd.values.yaml
index 855ab153..78ece8a3 100644
--- a/devops/ppd.values.yaml
+++ b/devops/ppd.values.yaml
@@ -1,4 +1,4 @@
-dockerPullSecret: docker-pull-secret
+-tpdockerPullSecret: docker-pull-secret
 
 scwSecretKey: AgChoEnPitXp4Ny/rVMEcevaWKNVpyj2cJYAcq+yFqKwVwnLB+ffDvwqz9XBHu+6d4Nyyjkf37zUAMoaM21lEDWA7x3zfG2/D/j+rvX1qxzZgLD0mjBk7fGElVm332I6JA83oInes8AMMYEDPLElzHnpKRb9KtkIP4NzgOcCeW0ijft3N7Vroez6LEHsBPCA1I9XjKSkGEDvrO0MhWX3iJOlfz+SPMfJAV7rPawOs0ZmohTHrPW8qIvGDn8HCzKyU8zRBoMt+Ogpf5pH4U3JryEFuqD61KAQgablAM8edPIvsgNno9HAEuC2QtRLYA9aUhuKdaKuS58c9P2E80PHWXIlbpFCg6EugQTgNfnYp+3qDUNz8edeCfapYLvF4s9eCMGyMsGnpDR8EDNOyuGy7Y3l7okX8Xqu464gMp9E+hX7bHkcD6a4xfyIgJcWxsku0tm1TH1dpn4M1UXRuyZZif8P08nuE6MTUL67sAR9J1lpn4lVEL4kflk0pP2tZ5ncgPQFafJrRz05krMb0eU5tb2H4gs7ao/LL6idWo8MM9K1yr8lIuT5x2WW5CX+RjA+i50ex114V6vX3PNP5oVyt+DynTUB9QmXzVm3oLfDc3Cae1uqh7X0CFd+xiztJBtg0VtJaD/xUJcuWfY4cV2lERo9fRrykltzlJqiXHO4nowt8OtN0BcViVV8NJhPhYFzyb4ympxpOlTjm3GETuT2TYhUqdgS9nzleEAbOmOHZdIO2COunPE=
 
@@ -18,10 +18,10 @@ lecoffreBack:
     limits:
       memory: 2Gi
   ingress: 
-    host: api.ppd.lecoffre.smart-chain.fr
+    host: api-tp.ppd.lecoffre.smart-chain.fr
     tls:
       hosts: 
-      - api.ppd.lecoffre.smart-chain.fr 
+      - api-tp.ppd.lecoffre.smart-chain.fr 
       secretName: api-tls
     annotations:
       kubernetes.io/ingress.class: nginx
diff --git a/src/app/api/admin/StripeController.ts b/src/app/api/admin/StripeController.ts
index b5e5d5a9..1c33a401 100644
--- a/src/app/api/admin/StripeController.ts
+++ b/src/app/api/admin/StripeController.ts
@@ -2,7 +2,7 @@ import authHandler from "@App/middlewares/AuthHandler";
 import ruleHandler from "@App/middlewares/RulesHandler";
 // import roleHandler from "@App/middlewares/RolesHandler";
 import ApiController from "@Common/system/controller-pattern/ApiController";
-import { Controller, Get, Post} from "@ControllerPattern/index";
+import { Controller, Get, Post } from "@ControllerPattern/index";
 import StripeService from "@Services/common/StripeService/StripeService";
 import { validateOrReject } from "class-validator";
 import { Request, Response } from "express";
@@ -28,13 +28,13 @@ export default class StripeController extends ApiController {
 			//add office id to request body
 			req.body.office = { uid: officeId };
 
-			const frequency : EPaymentFrequency = req.body.frequency;
-			if(!frequency || !Object.values(EPaymentFrequency).includes(frequency)) {
+			const frequency: EPaymentFrequency = req.body.frequency;
+			if (!frequency || !Object.values(EPaymentFrequency).includes(frequency)) {
 				this.httpBadRequest(response, "Invalid frequency");
 				return;
 			}
- 
-			//init Subscription resource with request body values
+
+			//init Subscription resource with request body valuess
 			const subscriptionEntity = Subscription.hydrate<Subscription>(req.body, { strategy: "excludeAll" });
 
 			await validateOrReject(subscriptionEntity, { groups: ["createSubscription"], forbidUnknownValues: false });
@@ -42,7 +42,6 @@ export default class StripeController extends ApiController {
 			const stripeSession = await this.stripeService.createCheckoutSession(subscriptionEntity, frequency);
 
 			this.httpCreated(response, stripeSession);
-			
 		} catch (error) {
 			this.httpInternalError(response, error);
 			return;
@@ -70,7 +69,6 @@ export default class StripeController extends ApiController {
 	@Get("/api/v1/admin/stripe/:uid/client-portal", [authHandler, ruleHandler])
 	protected async getClientPortalSession(req: Request, response: Response) {
 		try {
-			
 			const uid = req.params["uid"];
 			if (!uid) {
 				this.httpBadRequest(response, "No uid provided");
@@ -95,7 +93,7 @@ export default class StripeController extends ApiController {
 				return;
 			}
 
-			const customer =  await this.stripeService.getCustomerBySubscription(uid);
+			const customer = await this.stripeService.getCustomerBySubscription(uid);
 			this.httpSuccess(response, customer);
 		} catch (error) {
 			this.httpInternalError(response, error);
diff --git a/src/app/api/idnot/UserController.ts b/src/app/api/idnot/UserController.ts
index 0b8fec33..f6440ccc 100644
--- a/src/app/api/idnot/UserController.ts
+++ b/src/app/api/idnot/UserController.ts
@@ -57,7 +57,8 @@ export default class UserController extends ApiController {
 
 			//Whitelist feature
 			//Get user with contact
-			const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true, office_membership: true});						
+			const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true, office_membership: true});
+			console.log(prismaUser);								
 
 			if (!prismaUser) {
 				this.httpNotFoundRequest(response, "user not found");
@@ -66,6 +67,7 @@ export default class UserController extends ApiController {
 			
 			//Hydrate user to be able to use his contact
 			const userHydrated = User.hydrate<User>(prismaUser, { strategy: "excludeAll" });
+			console.log(userHydrated);
 					
 			if (!userHydrated.contact?.email || userHydrated.contact?.email === "") {
 				this.httpUnauthorized(response, "Email not found");
@@ -73,14 +75,18 @@ export default class UserController extends ApiController {
 			}
 			let isSubscribed = false;
 
-			const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });	
+			const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });
+			console.log(subscriptions);
 											
-			if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {				
+			if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
+				console.log("No subscription found");
 				isSubscribed = false;
 			}
-			else if (subscriptions[0]?.type === EType.Unlimited) {				
+			else if (subscriptions[0]?.type === EType.Unlimited) {	
+				console.log("Unlimited subscription found");		
 				isSubscribed = true;
-			} else {				
+			} else {
+				console.log("Standard subscription found");
 				const hasSeat = await this.subscriptionsService.get({
 					where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } },
 				});
@@ -116,10 +122,22 @@ export default class UserController extends ApiController {
 
 			await this.idNotService.updateOffice(user.office_uid);
 
-			const payload = await this.authService.getUserJwtPayload(user.idNot);			
+			const payload = await this.authService.getUserJwtPayload(user.idNot);
+			console.log(payload);
 			if(!payload) return;
 			
-			if(!isSubscribed && userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin"){
+			console.log(isSubscribed, userHydrated.role?.name);
+			if(!isSubscribed && userHydrated.role?.name === "admin"){
+				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({ where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" }, include: { rules: true } });
+				
+				const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, { strategy: "excludeAll" });				
+				if(!manageSubscriptionRules[0]) return;
+	
+				payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];	
+							
+				isSubscribed = true;					
+			}
+			if(!isSubscribed && userHydrated.role?.name === "super-admin"){
 				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({ where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" }, include: { rules: true } });
 				
 				const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, { strategy: "excludeAll" });