feat(sidebar) : section Administration + groupe Mon compte + gate de section

- Section "Général" renommée en "Administration" (label i18n sidebar.administration.section). - Item "Administration" (/admin) retiré : la route n'existait pas cote front, generait un 404 Nuxt silencieux a chaque clic. - "Deconnexion" sortie de la section admin, deplacee dans une nouvelle section "Mon compte" (sidebar.account.section) sans permission RBAC — accessible a tout user authentifie. - SidebarProvider supporte desormais un champ `permission` au niveau section : umbrella gate qui masque toute la section et bascule toutes ses routes dans disabledRoutes. Voir doc inline dans config/sidebar.php pour le pattern d'usage. Avantage : pour gater toute l'administration derriere une permission coarse (ex: 'core.admin.access' future), ajouter 'permission' => 'core.admin.access' sur la section suffit — pas besoin de dupliquer la permission sur chaque item. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 11:28:44 +02:00
parent 5f5afccac0
commit 701a480442
3 changed files with 74 additions and 25 deletions
--- a/config/sidebar.php
+++ b/config/sidebar.php
@@ -6,21 +6,46 @@ declare(strict_types=1);
 * Sidebar configuration.
 *
 * This file defines the sidebar sections displayed in the frontend.
- * Each item references the module that owns it via the `module` key.
- * Items whose module is not active (see config/modules.php) are filtered out.
- * Items may also declare a `permission` key (RBAC permission code) : the item
- * is hidden from users who do not hold that permission.
+ *
+ * Each SECTION may declare :
+ *   - `label` (required)    : i18n key resolved by the frontend
+ *   - `icon`  (required)    : MDI icon name
+ *   - `items` (required)    : list of items (see below)
+ *   - `permission` (opt.)   : RBAC permission code ; when set, the whole
+ *                             section (and every one of its items) is hidden
+ *                             from users who do not hold that permission.
+ *                             Use this for "umbrella" sections like
+ *                             Administration where you want to gate the
+ *                             entire group behind one coarse permission.
+ *
+ * Each ITEM may declare :
+ *   - `label`      (required)  : i18n key
+ *   - `to`         (required)  : Nuxt route
+ *   - `icon`       (required)  : MDI icon name
+ *   - `module`     (required)  : owner module ID ; item is hidden if the
+ *                                module is not listed in config/modules.php
+ *   - `permission` (opt.)      : RBAC permission code ; finer-grained gate
+ *                                applied in addition to the section-level one
+ *
+ * Precedence : section-level `permission` is evaluated first. If it fails,
+ * the whole section is skipped and every item's `to` is added to the
+ * `disabledRoutes` payload of /api/sidebar (so the front middleware can
+ * redirect any direct navigation). Individual items without their own
+ * permission are implicitly protected by the section-level one.
 *
 * This config is decoupled from the modules themselves: you can freely
 * move an item from one section to another without touching the module code.
- *
- * Label keys are i18n keys resolved by the frontend (see frontend/i18n/locales/).
 */

 return [
+    // Section "Administration" : regroupe toutes les pages de configuration
+    // applicative (RBAC, users, sites, audit log). Gate implicite : si l'user
+    // n'a aucune des permissions item, la section se vide et disparait.
+    // Pour imposer un gate explicite (ex: "seuls les membres du groupe support
+    // voient l'administration"), ajouter ici : 'permission' => 'core.admin.access'.
    [
-        'label' => 'sidebar.general.section',
-        'icon'  => 'mdi:view-dashboard-outline',
+        'label' => 'sidebar.administration.section',
+        'icon'  => 'mdi:cog-outline',
        'items' => [
            [
                'label'  => 'sidebar.general.dashboard',
@@ -28,12 +53,6 @@ return [
                'icon'   => 'mdi:view-dashboard-outline',
                'module' => 'core',
            ],
-            [
-                'label'  => 'sidebar.general.admin',
-                'to'     => '/admin',
-                'icon'   => 'mdi:cog-outline',
-                'module' => 'core',
-            ],
            [
                'label'      => 'sidebar.core.roles',
                'to'         => '/admin/roles',
@@ -62,12 +81,6 @@ return [
                'module'     => 'core',
                'permission' => 'core.audit_log.view',
            ],
-            [
-                'label'  => 'sidebar.general.logout',
-                'to'     => '/logout',
-                'icon'   => 'mdi:logout',
-                'module' => 'core',
-            ],
        ],
    ],
    [
@@ -82,4 +95,19 @@ return [
            ],
        ],
    ],
+    // Section "Mon compte" : espace personnel. Accessible a tout user authentifie
+    // (aucune permission RBAC requise, tous les items restent dans `core` pour
+    // rester toujours presents meme quand les modules metier sont desactives).
+    [
+        'label' => 'sidebar.account.section',
+        'icon'  => 'mdi:account-circle-outline',
+        'items' => [
+            [
+                'label'  => 'sidebar.account.logout',
+                'to'     => '/logout',
+                'icon'   => 'mdi:logout',
+                'module' => 'core',
+            ],
+        ],
+    ],
 ];