feat(sidebar) : add role gate to sidebar provider and global nav config

tests/Functional/Shared/SidebarEndpointTest.php

@@ -22,9 +22,8 @@ final class SidebarEndpointTest extends WebTestCase
 
     public function testSidebarReturnsSectionsForAuthenticatedUser(): void
     {
-        $client    = self::createClient();
-        $container = self::getContainer();
-        $em        = $container->get('doctrine.orm.entity_manager');
+        $client = self::createClient();
+        $em     = self::getContainer()->get('doctrine.orm.entity_manager');
 
         $user = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
         $client->loginUser($user);
@@ -37,4 +36,34 @@ final class SidebarEndpointTest extends WebTestCase
         self::assertArrayHasKey('disabledRoutes', $data);
         self::assertNotEmpty($data['sections']);
     }
+
+    public function testAdminSectionHiddenForNonAdmin(): void
+    {
+        $client = self::createClient();
+        $em     = self::getContainer()->get('doctrine.orm.entity_manager');
+
+        $user = $em->getRepository(User::class)->findOneBy(['username' => 'alice']); // ROLE_USER
+        $client->loginUser($user);
+
+        $client->request('GET', '/api/sidebar');
+        $data   = json_decode($client->getResponse()->getContent(), true);
+        $labels = array_column($data['sections'], 'label');
+
+        self::assertNotContains('sidebar.admin.section', $labels);
+    }
+
+    public function testAdminSectionVisibleForAdmin(): void
+    {
+        $client = self::createClient();
+        $em     = self::getContainer()->get('doctrine.orm.entity_manager');
+
+        $user = $em->getRepository(User::class)->findOneBy(['username' => 'admin']); // ROLE_ADMIN
+        $client->loginUser($user);
+
+        $client->request('GET', '/api/sidebar');
+        $data   = json_decode($client->getResponse()->getContent(), true);
+        $labels = array_column($data['sections'], 'label');
+
+        self::assertContains('sidebar.admin.section', $labels);
+    }
 }