Skip to content

RoleMatrix: allow without AdminBundle #1733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
VincentLanglet merged 9 commits into from
Dec 15, 2025
Merged

RoleMatrix: allow without AdminBundle #1733

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
cd26013
RoleMatrix: allow without AdminBundle
Hanmac Dec 10, 2025
d5243cb
~ more null checks
Hanmac Dec 10, 2025
5337240
null check
Hanmac Dec 10, 2025
cd8400f
check style
Hanmac Dec 10, 2025
c0ccccb
different null check
Hanmac Dec 10, 2025
f77fe8a
rearrage services, don't need AdminRolesBuilder
Hanmac Dec 15, 2025
acec02f
~ fix test
Hanmac Dec 15, 2025
0c9def7
~ fix lint
Hanmac Dec 15, 2025
644fa1e
~ fix tests
Hanmac Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 2 additions & 34 deletions src/Resources/config/admin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,48 +13,16 @@

namespace Symfony\Component\DependencyInjection\Loader\Configurator;

use Sonata\UserBundle\Form\Type\RolesMatrixType;
use Sonata\UserBundle\Security\RolesBuilder\AdminRolesBuilder;
use Sonata\UserBundle\Security\RolesBuilder\MatrixRolesBuilder;
use Sonata\UserBundle\Security\RolesBuilder\SecurityRolesBuilder;
use Sonata\UserBundle\Twig\RolesMatrixExtension;

return static function (ContainerConfigurator $containerConfigurator): void {
$containerConfigurator->services()

->set('sonata.user.matrix_roles_builder', MatrixRolesBuilder::class)
->args([
service('security.token_storage'),
service('sonata.user.admin_roles_builder'),
service('sonata.user.security_roles_builder'),
])

->set('sonata.user.admin_roles_builder', AdminRolesBuilder::class)
->args([
service('security.authorization_checker'),
service('sonata.admin.pool'),
service('sonata.admin.configuration'),
service('translator'),
])

->set('sonata.user.security_roles_builder', SecurityRolesBuilder::class)
->args([
service('security.authorization_checker'),
service('sonata.admin.configuration'),
service('sonata.admin.pool')->nullOnInvalid(),
service('sonata.admin.configuration')->nullOnInvalid(),
service('translator'),
param('security.role_hierarchy.roles'),
])

->set('sonata.user.form.roles_matrix_type', RolesMatrixType::class)
->public()
->tag('form.type')
->args([
service('sonata.user.matrix_roles_builder'),
])

->set('sonata.user.roles_matrix_extension', RolesMatrixExtension::class)
->tag('twig.extension')
->args([
service('sonata.user.matrix_roles_builder'),
]);
};
27 changes: 26 additions & 1 deletion src/Resources/config/form.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@

use Sonata\UserBundle\Form\Type\ResetPasswordRequestFormType;
use Sonata\UserBundle\Form\Type\ResettingFormType;
use Sonata\UserBundle\Form\Type\RolesMatrixType;
use Sonata\UserBundle\Security\RolesBuilder\MatrixRolesBuilder;
use Sonata\UserBundle\Security\RolesBuilder\SecurityRolesBuilder;

return static function (ContainerConfigurator $containerConfigurator): void {
$containerConfigurator->services()
Expand All @@ -26,5 +29,27 @@
])

->set('sonata.user.form.type.reset_password_request', ResetPasswordRequestFormType::class)
->tag('form.type', ['alias' => 'sonata_user_reset_password_request']);
->tag('form.type', ['alias' => 'sonata_user_reset_password_request'])

->set('sonata.user.matrix_roles_builder', MatrixRolesBuilder::class)
->args([
service('security.token_storage'),
service('sonata.user.admin_roles_builder')->nullOnInvalid(),
service('sonata.user.security_roles_builder')->nullOnInvalid(),
])

->set('sonata.user.security_roles_builder', SecurityRolesBuilder::class)
->args([
service('security.authorization_checker'),
service('sonata.admin.configuration')->nullOnInvalid(),
service('translator'),
param('security.role_hierarchy.roles'),
])

->set('sonata.user.form.roles_matrix_type', RolesMatrixType::class)
->public()
->tag('form.type')
->args([
service('sonata.user.matrix_roles_builder'),
]);
};
7 changes: 7 additions & 0 deletions src/Resources/config/twig.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
namespace Symfony\Component\DependencyInjection\Loader\Configurator;

use Sonata\UserBundle\Twig\GlobalVariables;
use Sonata\UserBundle\Twig\RolesMatrixExtension;

return static function (ContainerConfigurator $containerConfigurator): void {
$containerConfigurator->services()
Expand All @@ -25,5 +26,11 @@
abstract_arg('impersonating enabled'),
abstract_arg('impersonating route'),
abstract_arg('impersonating route parameters'),
])

->set('sonata.user.roles_matrix_extension', RolesMatrixExtension::class)
->tag('twig.extension')
->args([
service('sonata.user.matrix_roles_builder'),
]);
};
14 changes: 7 additions & 7 deletions src/Security/RolesBuilder/MatrixRolesBuilder.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ final class MatrixRolesBuilder implements MatrixRolesBuilderInterface
{
public function __construct(
private TokenStorageInterface $tokenStorage,
private AdminRolesBuilderInterface $adminRolesBuilder,
private ExpandableRolesBuilderInterface $securityRolesBuilder,
private ?AdminRolesBuilderInterface $adminRolesBuilder,
private ?ExpandableRolesBuilderInterface $securityRolesBuilder,
) {
}

Expand All @@ -34,8 +34,8 @@ public function getRoles(?string $domain = null): array
}

return array_merge(
$this->securityRolesBuilder->getRoles($domain),
$this->adminRolesBuilder->getRoles($domain)
$this->securityRolesBuilder?->getRoles($domain) ?? [],
$this->adminRolesBuilder?->getRoles($domain) ?? []
);
}

Expand All @@ -46,13 +46,13 @@ public function getExpandedRoles(?string $domain = null): array
}

return array_merge(
$this->securityRolesBuilder->getExpandedRoles($domain),
$this->adminRolesBuilder->getRoles($domain)
$this->securityRolesBuilder?->getExpandedRoles($domain) ?? [],
$this->adminRolesBuilder?->getRoles($domain) ?? []
);
}

public function getPermissionLabels(): array
{
return $this->adminRolesBuilder->getPermissionLabels();
return $this->adminRolesBuilder?->getPermissionLabels() ?? [];
}
}
5 changes: 4 additions & 1 deletion src/Security/RolesBuilder/SecurityRolesBuilder.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ final class SecurityRolesBuilder implements ExpandableRolesBuilderInterface
*/
public function __construct(
private AuthorizationCheckerInterface $authorizationChecker,
private SonataConfiguration $configuration,
private ?SonataConfiguration $configuration,
private TranslatorInterface $translator,
private array $rolesHierarchy = [],
) {
Expand Down Expand Up @@ -84,6 +84,9 @@ public function getRoles(?string $domain = null): array
*/
private function getHierarchy(): array
{
if (null === $this->configuration) {
return $this->rolesHierarchy;
}
$roleSuperAdmin = $this->configuration->getOption('role_super_admin');
\assert(\is_string($roleSuperAdmin));

Expand Down
11 changes: 11 additions & 0 deletions tests/DependencyInjection/SonataUserExtensionNoAdminTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,17 @@ public function testGetGlobalVariablesService(): void
);
}

public function testGetMatrixService(): void
{
$this->load();

$this->assertContainerBuilderHasServiceDefinitionWithArgument(
'sonata.user.matrix_roles_builder',
1,
new Reference('sonata.user.admin_roles_builder', ContainerInterface::NULL_ON_INVALID_REFERENCE)
);
}

/**
* @return mixed[]
*/
Expand Down
66 changes: 66 additions & 0 deletions tests/Security/RolesBuilder/SecurityRolesBuilderTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,4 +210,70 @@ public function testGetRolesWithExistingRole(): void

static::assertSame($expected, $securityRolesBuilder->getExpandedRoles());
}

public function testGetRolesNoConfiguration(): void
{
$securityRolesBuilder = new SecurityRolesBuilder(
$this->authorizationChecker,
null,
$this->translator,
$this->rolesHierarchy
);

$this->authorizationChecker->method('isGranted')
->willReturn(true);

$expected = [
'ROLE_FOO' => [
'role' => 'ROLE_FOO',
'role_translated' => 'ROLE_FOO: ROLE_BAR, ROLE_ADMIN',
'is_granted' => true,
],
'ROLE_BAR' => [
'role' => 'ROLE_BAR',
'role_translated' => 'ROLE_BAR',
'is_granted' => true,
],
'ROLE_ADMIN' => [
'role' => 'ROLE_ADMIN',
'role_translated' => 'ROLE_ADMIN',
'is_granted' => true,
],
];

static::assertSame($expected, $securityRolesBuilder->getExpandedRoles());
}

public function testGetRolesNotExpandedNoConfiguration(): void
{
$securityRolesBuilder = new SecurityRolesBuilder(
$this->authorizationChecker,
null,
$this->translator,
$this->rolesHierarchy
);

$this->authorizationChecker->method('isGranted')
->willReturn(true);

$expected = [
'ROLE_FOO' => [
'role' => 'ROLE_FOO',
'role_translated' => 'ROLE_FOO',
'is_granted' => true,
],
'ROLE_BAR' => [
'role' => 'ROLE_BAR',
'role_translated' => 'ROLE_BAR',
'is_granted' => true,
],
'ROLE_ADMIN' => [
'role' => 'ROLE_ADMIN',
'role_translated' => 'ROLE_ADMIN',
'is_granted' => true,
],
];

static::assertSame($expected, $securityRolesBuilder->getRoles(null));
}
}
Loading