From cd2601350ac5b32c1adfbeee6a62538938d02b2c Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Wed, 10 Dec 2025 11:10:02 +0100 Subject: [PATCH 1/9] RoleMatrix: allow without AdminBundle --- .../SonataUserExtension.php | 2 +- src/Resources/config/admin.php | 6 +- .../RolesBuilder/AdminRolesBuilder.php | 7 +- .../RolesBuilder/SecurityRolesBuilder.php | 5 +- .../SonataUserExtensionNoAdminTest.php | 13 ++++ .../RolesBuilder/AdminRolesBuilderTest.php | 12 ++++ .../RolesBuilder/SecurityRolesBuilderTest.php | 67 +++++++++++++++++++ 7 files changed, 105 insertions(+), 7 deletions(-) diff --git a/src/DependencyInjection/SonataUserExtension.php b/src/DependencyInjection/SonataUserExtension.php index cfc7a023b..068208e83 100644 --- a/src/DependencyInjection/SonataUserExtension.php +++ b/src/DependencyInjection/SonataUserExtension.php @@ -46,8 +46,8 @@ public function load(array $configs, ContainerBuilder $container): void $loader = new PhpFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); + $loader->load('admin.php'); if (isset($bundles['SonataAdminBundle'])) { - $loader->load('admin.php'); $loader->load(\sprintf('admin_%s.php', $config['manager_type'])); $loader->load('actions.php'); } diff --git a/src/Resources/config/admin.php b/src/Resources/config/admin.php index 33b02daa3..492dc3715 100644 --- a/src/Resources/config/admin.php +++ b/src/Resources/config/admin.php @@ -32,15 +32,15 @@ ->set('sonata.user.admin_roles_builder', AdminRolesBuilder::class) ->args([ service('security.authorization_checker'), - service('sonata.admin.pool'), - service('sonata.admin.configuration'), + service('sonata.admin.pool')->nullOnInvalid(), + service('sonata.admin.configuration')->nullOnInvalid(), service('translator'), ]) ->set('sonata.user.security_roles_builder', SecurityRolesBuilder::class) ->args([ service('security.authorization_checker'), - service('sonata.admin.configuration'), + service('sonata.admin.configuration')->nullOnInvalid(), service('translator'), param('security.role_hierarchy.roles'), ]) diff --git a/src/Security/RolesBuilder/AdminRolesBuilder.php b/src/Security/RolesBuilder/AdminRolesBuilder.php index 9841a27dd..90667343f 100644 --- a/src/Security/RolesBuilder/AdminRolesBuilder.php +++ b/src/Security/RolesBuilder/AdminRolesBuilder.php @@ -33,8 +33,8 @@ final class AdminRolesBuilder implements AdminRolesBuilderInterface public function __construct( private AuthorizationCheckerInterface $authorizationChecker, - private Pool $pool, - private SonataConfiguration $configuration, + private ?Pool $pool, + private ?SonataConfiguration $configuration, private TranslatorInterface $translator, ) { } @@ -66,6 +66,9 @@ public function addExcludeAdmin(string $exclude): void public function getRoles(?string $domain = null): array { + if (!isset($this->pool, $this->configuration)) { + return []; + } $adminServiceCodes = array_diff($this->pool->getAdminServiceCodes(), $this->excludeAdmins); // get groups and admins sort by config diff --git a/src/Security/RolesBuilder/SecurityRolesBuilder.php b/src/Security/RolesBuilder/SecurityRolesBuilder.php index eb40027a7..ff46abafd 100644 --- a/src/Security/RolesBuilder/SecurityRolesBuilder.php +++ b/src/Security/RolesBuilder/SecurityRolesBuilder.php @@ -29,7 +29,7 @@ final class SecurityRolesBuilder implements ExpandableRolesBuilderInterface */ public function __construct( private AuthorizationCheckerInterface $authorizationChecker, - private SonataConfiguration $configuration, + private ?SonataConfiguration $configuration, private TranslatorInterface $translator, private array $rolesHierarchy = [], ) { @@ -84,6 +84,9 @@ public function getRoles(?string $domain = null): array */ private function getHierarchy(): array { + if (!$this->configuration) { + return $this->rolesHierarchy; + } $roleSuperAdmin = $this->configuration->getOption('role_super_admin'); \assert(\is_string($roleSuperAdmin)); diff --git a/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php b/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php index 564fb692a..9a1c18229 100644 --- a/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php +++ b/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php @@ -50,6 +50,19 @@ public function testGetGlobalVariablesService(): void ); } + + public function testGetAdminService(): void + { + $this->load(); + + $this->assertContainerBuilderHasServiceDefinitionWithArgument( + 'sonata.user.admin_roles_builder', + 1, + new Reference('sonata.admin.pool', ContainerInterface::NULL_ON_INVALID_REFERENCE) + ); + } + + /** * @return mixed[] */ diff --git a/tests/Security/RolesBuilder/AdminRolesBuilderTest.php b/tests/Security/RolesBuilder/AdminRolesBuilderTest.php index 450290bfb..49d46d8b2 100644 --- a/tests/Security/RolesBuilder/AdminRolesBuilderTest.php +++ b/tests/Security/RolesBuilder/AdminRolesBuilderTest.php @@ -235,4 +235,16 @@ public function testGetAddExcludeAdmins(): void static::assertSame(['sonata.admin.bar'], $rolesBuilder->getExcludeAdmins()); } + + public function testGetRolesNoConfig(): void + { + $rolesBuilder = new AdminRolesBuilder( + $this->authorizationChecker, + null, + null, + $this->translator + ); + + static::assertEmpty($rolesBuilder->getRoles()); + } } diff --git a/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php b/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php index e788d2ce7..9012e706e 100644 --- a/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php +++ b/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php @@ -210,4 +210,71 @@ public function testGetRolesWithExistingRole(): void static::assertSame($expected, $securityRolesBuilder->getExpandedRoles()); } + + + public function testGetRolesNoConfiguration(): void + { + $securityRolesBuilder = new SecurityRolesBuilder( + $this->authorizationChecker, + null, + $this->translator, + $this->rolesHierarchy + ); + + $this->authorizationChecker->method('isGranted') + ->willReturn(true); + + $expected = [ + 'ROLE_FOO' => [ + 'role' => 'ROLE_FOO', + 'role_translated' => 'ROLE_FOO: ROLE_BAR, ROLE_ADMIN', + 'is_granted' => true, + ], + 'ROLE_BAR' => [ + 'role' => 'ROLE_BAR', + 'role_translated' => 'ROLE_BAR', + 'is_granted' => true, + ], + 'ROLE_ADMIN' => [ + 'role' => 'ROLE_ADMIN', + 'role_translated' => 'ROLE_ADMIN', + 'is_granted' => true, + ], + ]; + + static::assertSame($expected, $securityRolesBuilder->getExpandedRoles()); + } + + public function testGetRolesNotExpandedNoConfiguration(): void + { + $securityRolesBuilder = new SecurityRolesBuilder( + $this->authorizationChecker, + null, + $this->translator, + $this->rolesHierarchy + ); + + $this->authorizationChecker->method('isGranted') + ->willReturn(true); + + $expected = [ + 'ROLE_FOO' => [ + 'role' => 'ROLE_FOO', + 'role_translated' => 'ROLE_FOO', + 'is_granted' => true, + ], + 'ROLE_BAR' => [ + 'role' => 'ROLE_BAR', + 'role_translated' => 'ROLE_BAR', + 'is_granted' => true, + ], + 'ROLE_ADMIN' => [ + 'role' => 'ROLE_ADMIN', + 'role_translated' => 'ROLE_ADMIN', + 'is_granted' => true, + ], + ]; + + static::assertSame($expected, $securityRolesBuilder->getRoles(null)); + } } From d5243cb3b34a96ff95ced861d168fcc94ad727e7 Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Wed, 10 Dec 2025 11:27:05 +0100 Subject: [PATCH 2/9] ~ more null checks --- src/Security/RolesBuilder/AdminRolesBuilder.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Security/RolesBuilder/AdminRolesBuilder.php b/src/Security/RolesBuilder/AdminRolesBuilder.php index 90667343f..c86ac0a30 100644 --- a/src/Security/RolesBuilder/AdminRolesBuilder.php +++ b/src/Security/RolesBuilder/AdminRolesBuilder.php @@ -106,6 +106,9 @@ public function getRoles(?string $domain = null): array */ private function getAdminRolesByAdminCode(string $code, ?string $domain = null, string $groupLabelTranslated = '', string $groupCode = ''): array { + if (!$this->pool) { + return []; + } $adminRoles = []; $admin = $this->pool->getInstance($code); $securityHandler = $admin->getSecurityHandler(); @@ -134,8 +137,13 @@ private function getAdminRolesByAdminCode(string $code, ?string $domain = null, */ private function isMaster(AdminInterface $admin): bool { - return $admin->isGranted('MASTER') || $admin->isGranted('OPERATOR') - || $this->authorizationChecker->isGranted($this->configuration->getOption('role_super_admin')); + if ($admin->isGranted('MASTER') || $admin->isGranted('OPERATOR')) { + return true; + } + if (!$this->configuration) { + return false; + } + return $this->authorizationChecker->isGranted($this->configuration->getOption('role_super_admin')); } private function translateRole(string $role, ?string $domain): string From 5337240a1888e8fbf925e730b2e52b77a1e94002 Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Wed, 10 Dec 2025 11:34:52 +0100 Subject: [PATCH 3/9] null check --- src/Security/RolesBuilder/AdminRolesBuilder.php | 4 ++-- src/Security/RolesBuilder/SecurityRolesBuilder.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Security/RolesBuilder/AdminRolesBuilder.php b/src/Security/RolesBuilder/AdminRolesBuilder.php index c86ac0a30..de7ae3891 100644 --- a/src/Security/RolesBuilder/AdminRolesBuilder.php +++ b/src/Security/RolesBuilder/AdminRolesBuilder.php @@ -106,7 +106,7 @@ public function getRoles(?string $domain = null): array */ private function getAdminRolesByAdminCode(string $code, ?string $domain = null, string $groupLabelTranslated = '', string $groupCode = ''): array { - if (!$this->pool) { + if (null === $this->pool) { return []; } $adminRoles = []; @@ -140,7 +140,7 @@ private function isMaster(AdminInterface $admin): bool if ($admin->isGranted('MASTER') || $admin->isGranted('OPERATOR')) { return true; } - if (!$this->configuration) { + if (null === $this->configuration) { return false; } return $this->authorizationChecker->isGranted($this->configuration->getOption('role_super_admin')); diff --git a/src/Security/RolesBuilder/SecurityRolesBuilder.php b/src/Security/RolesBuilder/SecurityRolesBuilder.php index ff46abafd..ce110cbb4 100644 --- a/src/Security/RolesBuilder/SecurityRolesBuilder.php +++ b/src/Security/RolesBuilder/SecurityRolesBuilder.php @@ -84,7 +84,7 @@ public function getRoles(?string $domain = null): array */ private function getHierarchy(): array { - if (!$this->configuration) { + if (null === $this->configuration) { return $this->rolesHierarchy; } $roleSuperAdmin = $this->configuration->getOption('role_super_admin'); From cd8400f0a65980afbadb16d3e671fac1c1b87593 Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Wed, 10 Dec 2025 11:36:21 +0100 Subject: [PATCH 4/9] check style --- src/Security/RolesBuilder/AdminRolesBuilder.php | 1 + src/Security/RolesBuilder/SecurityRolesBuilder.php | 2 +- tests/DependencyInjection/SonataUserExtensionNoAdminTest.php | 2 -- tests/Security/RolesBuilder/SecurityRolesBuilderTest.php | 1 - 4 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Security/RolesBuilder/AdminRolesBuilder.php b/src/Security/RolesBuilder/AdminRolesBuilder.php index de7ae3891..7286681fa 100644 --- a/src/Security/RolesBuilder/AdminRolesBuilder.php +++ b/src/Security/RolesBuilder/AdminRolesBuilder.php @@ -143,6 +143,7 @@ private function isMaster(AdminInterface $admin): bool if (null === $this->configuration) { return false; } + return $this->authorizationChecker->isGranted($this->configuration->getOption('role_super_admin')); } diff --git a/src/Security/RolesBuilder/SecurityRolesBuilder.php b/src/Security/RolesBuilder/SecurityRolesBuilder.php index ce110cbb4..63d41ca2f 100644 --- a/src/Security/RolesBuilder/SecurityRolesBuilder.php +++ b/src/Security/RolesBuilder/SecurityRolesBuilder.php @@ -85,7 +85,7 @@ public function getRoles(?string $domain = null): array private function getHierarchy(): array { if (null === $this->configuration) { - return $this->rolesHierarchy; + return $this->rolesHierarchy; } $roleSuperAdmin = $this->configuration->getOption('role_super_admin'); \assert(\is_string($roleSuperAdmin)); diff --git a/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php b/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php index 9a1c18229..b9b8028e9 100644 --- a/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php +++ b/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php @@ -50,7 +50,6 @@ public function testGetGlobalVariablesService(): void ); } - public function testGetAdminService(): void { $this->load(); @@ -62,7 +61,6 @@ public function testGetAdminService(): void ); } - /** * @return mixed[] */ diff --git a/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php b/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php index 9012e706e..038c2f519 100644 --- a/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php +++ b/tests/Security/RolesBuilder/SecurityRolesBuilderTest.php @@ -211,7 +211,6 @@ public function testGetRolesWithExistingRole(): void static::assertSame($expected, $securityRolesBuilder->getExpandedRoles()); } - public function testGetRolesNoConfiguration(): void { $securityRolesBuilder = new SecurityRolesBuilder( From c0ccccb1b95715a4205b2bc50d3cb9666a865f74 Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Wed, 10 Dec 2025 11:44:19 +0100 Subject: [PATCH 5/9] different null check --- src/Security/RolesBuilder/AdminRolesBuilder.php | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/src/Security/RolesBuilder/AdminRolesBuilder.php b/src/Security/RolesBuilder/AdminRolesBuilder.php index 7286681fa..668765a25 100644 --- a/src/Security/RolesBuilder/AdminRolesBuilder.php +++ b/src/Security/RolesBuilder/AdminRolesBuilder.php @@ -66,7 +66,7 @@ public function addExcludeAdmin(string $exclude): void public function getRoles(?string $domain = null): array { - if (!isset($this->pool, $this->configuration)) { + if (null === $this->pool || null === $this->configuration) { return []; } $adminServiceCodes = array_diff($this->pool->getAdminServiceCodes(), $this->excludeAdmins); @@ -106,9 +106,6 @@ public function getRoles(?string $domain = null): array */ private function getAdminRolesByAdminCode(string $code, ?string $domain = null, string $groupLabelTranslated = '', string $groupCode = ''): array { - if (null === $this->pool) { - return []; - } $adminRoles = []; $admin = $this->pool->getInstance($code); $securityHandler = $admin->getSecurityHandler(); @@ -137,14 +134,8 @@ private function getAdminRolesByAdminCode(string $code, ?string $domain = null, */ private function isMaster(AdminInterface $admin): bool { - if ($admin->isGranted('MASTER') || $admin->isGranted('OPERATOR')) { - return true; - } - if (null === $this->configuration) { - return false; - } - - return $this->authorizationChecker->isGranted($this->configuration->getOption('role_super_admin')); + return $admin->isGranted('MASTER') || $admin->isGranted('OPERATOR') + || $this->authorizationChecker->isGranted($this->configuration->getOption('role_super_admin')); } private function translateRole(string $role, ?string $domain): string From f77fe8a5dc119dbf644facc12371abf13e0e3ad5 Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Mon, 15 Dec 2025 15:45:27 +0100 Subject: [PATCH 6/9] rearrage services, don't need AdminRolesBuilder --- .../SonataUserExtension.php | 2 +- src/Resources/config/admin.php | 28 ----------------- src/Resources/config/form.php | 30 ++++++++++++++++++- src/Resources/config/twig.php | 10 ++++++- .../RolesBuilder/AdminRolesBuilder.php | 7 ++--- .../RolesBuilder/MatrixRolesBuilder.php | 14 ++++----- 6 files changed, 48 insertions(+), 43 deletions(-) diff --git a/src/DependencyInjection/SonataUserExtension.php b/src/DependencyInjection/SonataUserExtension.php index 068208e83..cfc7a023b 100644 --- a/src/DependencyInjection/SonataUserExtension.php +++ b/src/DependencyInjection/SonataUserExtension.php @@ -46,8 +46,8 @@ public function load(array $configs, ContainerBuilder $container): void $loader = new PhpFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); - $loader->load('admin.php'); if (isset($bundles['SonataAdminBundle'])) { + $loader->load('admin.php'); $loader->load(\sprintf('admin_%s.php', $config['manager_type'])); $loader->load('actions.php'); } diff --git a/src/Resources/config/admin.php b/src/Resources/config/admin.php index 492dc3715..e9eff1289 100644 --- a/src/Resources/config/admin.php +++ b/src/Resources/config/admin.php @@ -22,39 +22,11 @@ return static function (ContainerConfigurator $containerConfigurator): void { $containerConfigurator->services() - ->set('sonata.user.matrix_roles_builder', MatrixRolesBuilder::class) - ->args([ - service('security.token_storage'), - service('sonata.user.admin_roles_builder'), - service('sonata.user.security_roles_builder'), - ]) - ->set('sonata.user.admin_roles_builder', AdminRolesBuilder::class) ->args([ service('security.authorization_checker'), service('sonata.admin.pool')->nullOnInvalid(), service('sonata.admin.configuration')->nullOnInvalid(), service('translator'), - ]) - - ->set('sonata.user.security_roles_builder', SecurityRolesBuilder::class) - ->args([ - service('security.authorization_checker'), - service('sonata.admin.configuration')->nullOnInvalid(), - service('translator'), - param('security.role_hierarchy.roles'), - ]) - - ->set('sonata.user.form.roles_matrix_type', RolesMatrixType::class) - ->public() - ->tag('form.type') - ->args([ - service('sonata.user.matrix_roles_builder'), - ]) - - ->set('sonata.user.roles_matrix_extension', RolesMatrixExtension::class) - ->tag('twig.extension') - ->args([ - service('sonata.user.matrix_roles_builder'), ]); }; diff --git a/src/Resources/config/form.php b/src/Resources/config/form.php index 7792cde34..f68f9c04e 100644 --- a/src/Resources/config/form.php +++ b/src/Resources/config/form.php @@ -15,6 +15,11 @@ use Sonata\UserBundle\Form\Type\ResetPasswordRequestFormType; use Sonata\UserBundle\Form\Type\ResettingFormType; +use Sonata\UserBundle\Form\Type\RolesMatrixType; +use Sonata\UserBundle\Security\RolesBuilder\AdminRolesBuilder; +use Sonata\UserBundle\Security\RolesBuilder\MatrixRolesBuilder; +use Sonata\UserBundle\Security\RolesBuilder\SecurityRolesBuilder; +use Sonata\UserBundle\Twig\RolesMatrixExtension; return static function (ContainerConfigurator $containerConfigurator): void { $containerConfigurator->services() @@ -26,5 +31,28 @@ ]) ->set('sonata.user.form.type.reset_password_request', ResetPasswordRequestFormType::class) - ->tag('form.type', ['alias' => 'sonata_user_reset_password_request']); + ->tag('form.type', ['alias' => 'sonata_user_reset_password_request']) + + ->set('sonata.user.matrix_roles_builder', MatrixRolesBuilder::class) + ->args([ + service('security.token_storage'), + service('sonata.user.admin_roles_builder')->nullOnInvalid(), + service('sonata.user.security_roles_builder')->nullOnInvalid(), + ]) + + ->set('sonata.user.security_roles_builder', SecurityRolesBuilder::class) + ->args([ + service('security.authorization_checker'), + service('sonata.admin.configuration')->nullOnInvalid(), + service('translator'), + param('security.role_hierarchy.roles'), + ]) + + ->set('sonata.user.form.roles_matrix_type', RolesMatrixType::class) + ->public() + ->tag('form.type') + ->args([ + service('sonata.user.matrix_roles_builder'), + ]) + ; }; diff --git a/src/Resources/config/twig.php b/src/Resources/config/twig.php index 6695113af..a2a2a7448 100644 --- a/src/Resources/config/twig.php +++ b/src/Resources/config/twig.php @@ -14,6 +14,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator; use Sonata\UserBundle\Twig\GlobalVariables; +use Sonata\UserBundle\Twig\RolesMatrixExtension; return static function (ContainerConfigurator $containerConfigurator): void { $containerConfigurator->services() @@ -25,5 +26,12 @@ abstract_arg('impersonating enabled'), abstract_arg('impersonating route'), abstract_arg('impersonating route parameters'), - ]); + ]) + + ->set('sonata.user.roles_matrix_extension', RolesMatrixExtension::class) + ->tag('twig.extension') + ->args([ + service('sonata.user.matrix_roles_builder'), + ]) + ; }; diff --git a/src/Security/RolesBuilder/AdminRolesBuilder.php b/src/Security/RolesBuilder/AdminRolesBuilder.php index 668765a25..9841a27dd 100644 --- a/src/Security/RolesBuilder/AdminRolesBuilder.php +++ b/src/Security/RolesBuilder/AdminRolesBuilder.php @@ -33,8 +33,8 @@ final class AdminRolesBuilder implements AdminRolesBuilderInterface public function __construct( private AuthorizationCheckerInterface $authorizationChecker, - private ?Pool $pool, - private ?SonataConfiguration $configuration, + private Pool $pool, + private SonataConfiguration $configuration, private TranslatorInterface $translator, ) { } @@ -66,9 +66,6 @@ public function addExcludeAdmin(string $exclude): void public function getRoles(?string $domain = null): array { - if (null === $this->pool || null === $this->configuration) { - return []; - } $adminServiceCodes = array_diff($this->pool->getAdminServiceCodes(), $this->excludeAdmins); // get groups and admins sort by config diff --git a/src/Security/RolesBuilder/MatrixRolesBuilder.php b/src/Security/RolesBuilder/MatrixRolesBuilder.php index f06466d98..0796a206f 100644 --- a/src/Security/RolesBuilder/MatrixRolesBuilder.php +++ b/src/Security/RolesBuilder/MatrixRolesBuilder.php @@ -22,8 +22,8 @@ final class MatrixRolesBuilder implements MatrixRolesBuilderInterface { public function __construct( private TokenStorageInterface $tokenStorage, - private AdminRolesBuilderInterface $adminRolesBuilder, - private ExpandableRolesBuilderInterface $securityRolesBuilder, + private ?AdminRolesBuilderInterface $adminRolesBuilder, + private ?ExpandableRolesBuilderInterface $securityRolesBuilder, ) { } @@ -34,8 +34,8 @@ public function getRoles(?string $domain = null): array } return array_merge( - $this->securityRolesBuilder->getRoles($domain), - $this->adminRolesBuilder->getRoles($domain) + $this->securityRolesBuilder?->getRoles($domain) ?? [], + $this->adminRolesBuilder?->getRoles($domain) ?? [] ); } @@ -46,13 +46,13 @@ public function getExpandedRoles(?string $domain = null): array } return array_merge( - $this->securityRolesBuilder->getExpandedRoles($domain), - $this->adminRolesBuilder->getRoles($domain) + $this->securityRolesBuilder?->getExpandedRoles($domain) ?? [], + $this->adminRolesBuilder?->getRoles($domain) ?? [] ); } public function getPermissionLabels(): array { - return $this->adminRolesBuilder->getPermissionLabels(); + return $this->adminRolesBuilder?->getPermissionLabels() ?? []; } } From acec02ffd414e3bb1309a32bb6bbf6c283578a9f Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Mon, 15 Dec 2025 15:47:02 +0100 Subject: [PATCH 7/9] ~ fix test --- .../Security/RolesBuilder/AdminRolesBuilderTest.php | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tests/Security/RolesBuilder/AdminRolesBuilderTest.php b/tests/Security/RolesBuilder/AdminRolesBuilderTest.php index 49d46d8b2..450290bfb 100644 --- a/tests/Security/RolesBuilder/AdminRolesBuilderTest.php +++ b/tests/Security/RolesBuilder/AdminRolesBuilderTest.php @@ -235,16 +235,4 @@ public function testGetAddExcludeAdmins(): void static::assertSame(['sonata.admin.bar'], $rolesBuilder->getExcludeAdmins()); } - - public function testGetRolesNoConfig(): void - { - $rolesBuilder = new AdminRolesBuilder( - $this->authorizationChecker, - null, - null, - $this->translator - ); - - static::assertEmpty($rolesBuilder->getRoles()); - } } From 0c9def7e7e047a6ee0d3d5db72eb3c61db329599 Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Mon, 15 Dec 2025 15:52:54 +0100 Subject: [PATCH 8/9] ~ fix lint --- src/Resources/config/admin.php | 4 ---- src/Resources/config/form.php | 5 +---- src/Resources/config/twig.php | 3 +-- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/src/Resources/config/admin.php b/src/Resources/config/admin.php index e9eff1289..fa8de13e2 100644 --- a/src/Resources/config/admin.php +++ b/src/Resources/config/admin.php @@ -13,11 +13,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator; -use Sonata\UserBundle\Form\Type\RolesMatrixType; use Sonata\UserBundle\Security\RolesBuilder\AdminRolesBuilder; -use Sonata\UserBundle\Security\RolesBuilder\MatrixRolesBuilder; -use Sonata\UserBundle\Security\RolesBuilder\SecurityRolesBuilder; -use Sonata\UserBundle\Twig\RolesMatrixExtension; return static function (ContainerConfigurator $containerConfigurator): void { $containerConfigurator->services() diff --git a/src/Resources/config/form.php b/src/Resources/config/form.php index f68f9c04e..2148123f0 100644 --- a/src/Resources/config/form.php +++ b/src/Resources/config/form.php @@ -16,10 +16,8 @@ use Sonata\UserBundle\Form\Type\ResetPasswordRequestFormType; use Sonata\UserBundle\Form\Type\ResettingFormType; use Sonata\UserBundle\Form\Type\RolesMatrixType; -use Sonata\UserBundle\Security\RolesBuilder\AdminRolesBuilder; use Sonata\UserBundle\Security\RolesBuilder\MatrixRolesBuilder; use Sonata\UserBundle\Security\RolesBuilder\SecurityRolesBuilder; -use Sonata\UserBundle\Twig\RolesMatrixExtension; return static function (ContainerConfigurator $containerConfigurator): void { $containerConfigurator->services() @@ -53,6 +51,5 @@ ->tag('form.type') ->args([ service('sonata.user.matrix_roles_builder'), - ]) - ; + ]); }; diff --git a/src/Resources/config/twig.php b/src/Resources/config/twig.php index a2a2a7448..896aac7c0 100644 --- a/src/Resources/config/twig.php +++ b/src/Resources/config/twig.php @@ -32,6 +32,5 @@ ->tag('twig.extension') ->args([ service('sonata.user.matrix_roles_builder'), - ]) - ; + ]); }; From 644fa1ef304b2bcd53f38e07376401ddcb6dba3c Mon Sep 17 00:00:00 2001 From: Hans Mackowiak Date: Mon, 15 Dec 2025 15:55:57 +0100 Subject: [PATCH 9/9] ~ fix tests --- .../DependencyInjection/SonataUserExtensionNoAdminTest.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php b/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php index b9b8028e9..fc56b6d56 100644 --- a/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php +++ b/tests/DependencyInjection/SonataUserExtensionNoAdminTest.php @@ -50,14 +50,14 @@ public function testGetGlobalVariablesService(): void ); } - public function testGetAdminService(): void + public function testGetMatrixService(): void { $this->load(); $this->assertContainerBuilderHasServiceDefinitionWithArgument( - 'sonata.user.admin_roles_builder', + 'sonata.user.matrix_roles_builder', 1, - new Reference('sonata.admin.pool', ContainerInterface::NULL_ON_INVALID_REFERENCE) + new Reference('sonata.user.admin_roles_builder', ContainerInterface::NULL_ON_INVALID_REFERENCE) ); }