feat(sidebar) : add role gate to sidebar provider and global nav config

tests/Functional/Shared/SidebarEndpointTest.php

@@ -22,9 +22,8 @@ final class SidebarEndpointTest extends WebTestCase
 
     public function testSidebarReturnsSectionsForAuthenticatedUser(): void
     {
-        $client    = self::createClient();
-        $container = self::getContainer();
-        $em        = $container->get('doctrine.orm.entity_manager');
+        $client = self::createClient();
+        $em     = self::getContainer()->get('doctrine.orm.entity_manager');
 
         $user = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
         $client->loginUser($user);
@@ -37,4 +36,34 @@ final class SidebarEndpointTest extends WebTestCase
         self::assertArrayHasKey('disabledRoutes', $data);
         self::assertNotEmpty($data['sections']);
     }
+
+    public function testAdminSectionHiddenForNonAdmin(): void
+    {
+        $client = self::createClient();
+        $em     = self::getContainer()->get('doctrine.orm.entity_manager');
+
+        $user = $em->getRepository(User::class)->findOneBy(['username' => 'alice']); // ROLE_USER
+        $client->loginUser($user);
+
+        $client->request('GET', '/api/sidebar');
+        $data   = json_decode($client->getResponse()->getContent(), true);
+        $labels = array_column($data['sections'], 'label');
+
+        self::assertNotContains('sidebar.admin.section', $labels);
+    }
+
+    public function testAdminSectionVisibleForAdmin(): void
+    {
+        $client = self::createClient();
+        $em     = self::getContainer()->get('doctrine.orm.entity_manager');
+
+        $user = $em->getRepository(User::class)->findOneBy(['username' => 'admin']); // ROLE_ADMIN
+        $client->loginUser($user);
+
+        $client->request('GET', '/api/sidebar');
+        $data   = json_decode($client->getResponse()->getContent(), true);
+        $labels = array_column($data['sections'], 'label');
+
+        self::assertContains('sidebar.admin.section', $labels);
+    }
 }

tests/Unit/Shared/Sidebar/SidebarFilterTest.php

@@ -20,7 +20,7 @@ final class SidebarFilterTest extends TestCase
             ]],
         ];
 
-        $result = SidebarFilter::filter($sections, []);
+        $result = SidebarFilter::filter($sections, [], ['ROLE_USER']);
 
         self::assertCount(1, $result['sections']);
         self::assertSame('/', $result['sections'][0]['items'][0]['to']);
@@ -36,7 +36,7 @@ final class SidebarFilterTest extends TestCase
             ]],
         ];
 
-        $result = SidebarFilter::filter($sections, []);
+        $result = SidebarFilter::filter($sections, [], ['ROLE_USER']);
 
         self::assertSame([], $result['sections']);
         self::assertSame(['/time-tracking'], $result['disabledRoutes']);
@@ -50,10 +50,57 @@ final class SidebarFilterTest extends TestCase
             ]],
         ];
 
-        $result = SidebarFilter::filter($sections, ['time_tracking']);
+        $result = SidebarFilter::filter($sections, ['time_tracking'], ['ROLE_USER']);
 
         self::assertCount(1, $result['sections']);
         self::assertSame('/time-tracking', $result['sections'][0]['items'][0]['to']);
         self::assertSame([], $result['disabledRoutes']);
     }
+
+    public function testSectionWithRolesIsHiddenWhenRoleMissing(): void
+    {
+        $sections = [
+            ['label' => 'sidebar.admin.section', 'icon' => 'mdi:cog', 'roles' => ['ROLE_ADMIN'], 'items' => [
+                ['label' => 'sidebar.admin.admin', 'to' => '/admin', 'icon' => 'mdi:cog'],
+            ]],
+        ];
+
+        $result = SidebarFilter::filter($sections, [], ['ROLE_USER']);
+
+        self::assertSame([], $result['sections']);
+        // Filtrage par rôle => PAS de disabledRoutes (réservé au filtrage par module).
+        self::assertSame([], $result['disabledRoutes']);
+    }
+
+    public function testSectionWithRolesIsVisibleWhenRolePresent(): void
+    {
+        $sections = [
+            ['label' => 'sidebar.admin.section', 'icon' => 'mdi:cog', 'roles' => ['ROLE_ADMIN'], 'items' => [
+                ['label' => 'sidebar.admin.admin', 'to' => '/admin', 'icon' => 'mdi:cog'],
+            ]],
+        ];
+
+        $result = SidebarFilter::filter($sections, [], ['ROLE_USER', 'ROLE_ADMIN']);
+
+        self::assertCount(1, $result['sections']);
+        self::assertSame('/admin', $result['sections'][0]['items'][0]['to']);
+        self::assertArrayNotHasKey('roles', $result['sections'][0]);
+    }
+
+    public function testItemWithRolesIsHiddenWhenRoleMissing(): void
+    {
+        $sections = [
+            ['label' => 'sidebar.hr.section', 'icon' => 'mdi:calendar', 'items' => [
+                ['label' => 'sidebar.hr.teamAbsences', 'to' => '/team-absences', 'icon' => 'mdi:account-group', 'roles' => ['ROLE_ADMIN']],
+                ['label' => 'sidebar.hr.x', 'to' => '/x', 'icon' => 'mdi:x'],
+            ]],
+        ];
+
+        $result = SidebarFilter::filter($sections, [], ['ROLE_USER']);
+
+        self::assertCount(1, $result['sections']);
+        self::assertCount(1, $result['sections'][0]['items']);
+        self::assertSame('/x', $result['sections'][0]['items'][0]['to']);
+        self::assertArrayNotHasKey('roles', $result['sections'][0]['items'][0]);
+    }
 }