diff --git a/src/Resources/config/admin.php b/src/Resources/config/admin.php index 33b02daa3..fa8de13e2 100644 --- a/src/Resources/config/admin.php +++ b/src/Resources/config/admin.php @@ -13,48 +13,16 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator; -use Sonata\UserBundle\Form\Type\RolesMatrixType; use Sonata\UserBundle\Security\RolesBuilder\AdminRolesBuilder; -use Sonata\UserBundle\Security\RolesBuilder\MatrixRolesBuilder; -use Sonata\UserBundle\Security\RolesBuilder\SecurityRolesBuilder; -use Sonata\UserBundle\Twig\RolesMatrixExtension; return static function (ContainerConfigurator $containerConfigurator): void { $containerConfigurator->services() - ->set('sonata.user.matrix_roles_builder', MatrixRolesBuilder::class) - ->args([ - service('security.token_storage'), - service('sonata.user.admin_roles_builder'), - service('sonata.user.security_roles_builder'), - ]) - ->set('sonata.user.admin_roles_builder', AdminRolesBuilder::class) ->args([ service('security.authorization_checker'), - service('sonata.admin.pool'), - service('sonata.admin.configuration'), - service('translator'), - ]) - - ->set('sonata.user.security_roles_builder', SecurityRolesBuilder::class) - ->args([ - service('security.authorization_checker'), - service('sonata.admin.configuration'), + service('sonata.admin.pool')->nullOnInvalid(), + service('sonata.admin.configuration')->nullOnInvalid(), service('translator'), - param('security.role_hierarchy.roles'), - ]) - - ->set('sonata.user.form.roles_matrix_type', RolesMatrixType::class) - ->public() - ->tag('form.type') - ->args([ - service('sonata.user.matrix_roles_builder'), - ]) - - ->set('sonata.user.roles_matrix_extension', RolesMatrixExtension::class) - ->tag('twig.extension') - ->args([ - service('sonata.user.matrix_roles_builder'), ]); }; diff --git a/src/Resources/config/form.php b/src/Resources/config/form.php index 7792cde34..2148123f0 100644 --- a/src/Resources/config/form.php +++ b/src/Resources/config/form.php @@ -15,6 +15,9 @@ use Sonata\UserBundle\Form\Type\ResetPasswordRequestFormType; use Sonata\UserBundle\Form\Type\ResettingFormType; +use Sonata\UserBundle\Form\Type\RolesMatrixType; +use Sonata\UserBundle\Security\RolesBuilder\MatrixRolesBuilder; +use Sonata\UserBundle\Security\RolesBuilder\SecurityRolesBuilder; return static function (ContainerConfigurator $containerConfigurator): void { $containerConfigurator->services() @@ -26,5 +29,27 @@ ]) ->set('sonata.user.form.type.reset_password_request', ResetPasswordRequestFormType::class) - ->tag('form.type', ['alias' => 'sonata_user_reset_password_request']); + ->tag('form.type', ['alias' => 'sonata_user_reset_password_request']) + + ->set('sonata.user.matrix_roles_builder', MatrixRolesBuilder::class) + ->args([ + service('security.token_storage'), + service('sonata.user.admin_roles_builder')->nullOnInvalid(), + service('sonata.user.security_roles_builder')->nullOnInvalid(), + ]) + + ->set('sonata.user.security_roles_builder', SecurityRolesBuilder::class) + ->args([ + service('security.authorization_checker'), + service('sonata.admin.configuration')->nullOnInvalid(), + service('translator'), + param('security.role_hierarchy.roles'), + ]) + + ->set('sonata.user.form.roles_matrix_type', RolesMatrixType::class) + ->public() + ->tag('form.type') + ->args([ + service('sonata.user.matrix_roles_builder'), + ]); }; diff --git a/src/Resources/config/twig.php b/src/Resources/config/twig.php index 6695113af..896aac7c0 100644 --- a/src/Resources/config/twig.php +++ b/src/Resources/config/twig.php @@ -14,6 +14,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator; use Sonata\UserBundle\Twig\GlobalVariables; +use Sonata\UserBundle\Twig\RolesMatrixExtension; return static function (ContainerConfigurator $containerConfigurator): void { $containerConfigurator->services() @@ -25,5 +26,11 @@ abstract_arg('impersonating enabled'), abstract_arg('impersonating route'), abstract_arg('impersonating route parameters'), + ]) + + ->set('sonata.user.roles_matrix_extension', RolesMatrixExtension::class) + ->tag('twig.extension') + ->args([ + service('sonata.user.matrix_roles_builder'), ]); }; diff --git a/src/Security/RolesBuilder/MatrixRolesBuilder.php b/src/Security/RolesBuilder/MatrixRolesBuilder.php index f06466d98..0796a206f 100644 --- a/src/Security/RolesBuilder/MatrixRolesBuilder.php +++ b/src/Security/RolesBuilder/MatrixRolesBuilder.php @@ -22,8 +22,8 @@ final class MatrixRolesBuilder implements MatrixRolesBuilderInterface { public function __construct( private TokenStorageInterface $tokenStorage, - private AdminRolesBuilderInterface $adminRolesBuilder, - private ExpandableRolesBuilderInterface $securityRolesBuilder, + private ?AdminRolesBuilderInterface $adminRolesBuilder, + private ?ExpandableRolesBuilderInterface $securityRolesBuilder, ) { } @@ -34,8 +34,8 @@ public function getRoles(?string $domain = null): array } return array_merge( - $this->securityRolesBuilder->getRoles($domain), - $this->adminRolesBuilder->getRoles($domain) + $this->securityRolesBuilder?->getRoles($domain) ?? [], + $this->adminRolesBuilder?->getRoles($domain) ?? [] ); } @@ -46,13 +46,13 @@ public function getExpandedRoles(?string $domain = null): array } return array_merge( - $this->securityRolesBuilder->getExpandedRoles($domain), - $this->adminRolesBuilder->getRoles($domain) + $this->securityRolesBuilder?->getExpandedRoles($domain) ?? [], + $this->adminRolesBuilder?->getRoles($domain) ?? [] ); } public function getPermissionLabels(): array { - return $this->adminRolesBuilder->getPermissionLabels(); + return $this->adminRolesBuilder?->getPermissionLabels() ?? []; } } diff --git a/src/Security/RolesBuilder/SecurityRolesBuilder.php b/src/Security/RolesBuilder/SecurityRolesBuilder.php index eb40027a7..63d41ca2f 100644 --- a/src/Security/RolesBuilder/SecurityRolesBuilder.php +++ b/src/Security/RolesBuilder/SecurityRolesBuilder.php @@ -29,7 +29,7 @@ final class SecurityRolesBuilder implements ExpandableRolesBuilderInterface */ public function __construct( private AuthorizationCheckerInterface $authorizationChecker, - private SonataConfiguration $configuration, + private ?SonataConfiguration $configuration, private TranslatorInterface $translator, private array $rolesHierarchy = [], ) { @@ -84,6 +84,9 @@ public function getRoles(?string $domain = null): array */ private function getHierarchy(): array { + if (null === $this->configuration) { + return $this->rolesHierarchy; + } $roleSuperAdmin = $this->configuration->getOption('role_super_admin'); \assert(\is_string($roleSuperAdmin)); diff --git a/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php b/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php index 564fb692a..fc56b6d56 100644 --- a/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php +++ b/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php @@ -50,6 +50,17 @@ public function testGetGlobalVariablesService(): void ); } + public function testGetMatrixService(): void + { + $this->load(); + + $this->assertContainerBuilderHasServiceDefinitionWithArgument( + 'sonata.user.matrix_roles_builder', + 1, + new Reference('sonata.user.admin_roles_builder', ContainerInterface::NULL_ON_INVALID_REFERENCE) + ); + } + /** * @return mixed[] */ diff --git a/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php b/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php index e788d2ce7..038c2f519 100644 --- a/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php +++ b/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php @@ -210,4 +210,70 @@ public function testGetRolesWithExistingRole(): void static::assertSame($expected, $securityRolesBuilder->getExpandedRoles()); } + + public function testGetRolesNoConfiguration(): void + { + $securityRolesBuilder = new SecurityRolesBuilder( + $this->authorizationChecker, + null, + $this->translator, + $this->rolesHierarchy + ); + + $this->authorizationChecker->method('isGranted') + ->willReturn(true); + + $expected = [ + 'ROLE_FOO' => [ + 'role' => 'ROLE_FOO', + 'role_translated' => 'ROLE_FOO: ROLE_BAR, ROLE_ADMIN', + 'is_granted' => true, + ], + 'ROLE_BAR' => [ + 'role' => 'ROLE_BAR', + 'role_translated' => 'ROLE_BAR', + 'is_granted' => true, + ], + 'ROLE_ADMIN' => [ + 'role' => 'ROLE_ADMIN', + 'role_translated' => 'ROLE_ADMIN', + 'is_granted' => true, + ], + ]; + + static::assertSame($expected, $securityRolesBuilder->getExpandedRoles()); + } + + public function testGetRolesNotExpandedNoConfiguration(): void + { + $securityRolesBuilder = new SecurityRolesBuilder( + $this->authorizationChecker, + null, + $this->translator, + $this->rolesHierarchy + ); + + $this->authorizationChecker->method('isGranted') + ->willReturn(true); + + $expected = [ + 'ROLE_FOO' => [ + 'role' => 'ROLE_FOO', + 'role_translated' => 'ROLE_FOO', + 'is_granted' => true, + ], + 'ROLE_BAR' => [ + 'role' => 'ROLE_BAR', + 'role_translated' => 'ROLE_BAR', + 'is_granted' => true, + ], + 'ROLE_ADMIN' => [ + 'role' => 'ROLE_ADMIN', + 'role_translated' => 'ROLE_ADMIN', + 'is_granted' => true, + ], + ]; + + static::assertSame($expected, $securityRolesBuilder->getRoles(null)); + } }