The user menu is not shown if the user is has not the role_admin role

[landure]

In src/Resources/views/standard_layout.html.twig, in the code for sonata_top_nav_menu, the condition is_granted(sonata_config.getOption('role_admin')) prevent users missing the 'role_admin' role to see the sonata_top_nav_menu_user_block with the logout link.

This issue is linked to SonataUserBundle #1591.

The condition should only apply to the sonata_top_nav_menu_add_block block, like this:

                        {% block sonata_top_nav_menu %}
                            {% if app.user %}
                                <div class="navbar-custom-menu">
                                    <ul class="nav navbar-nav">
                                        {% if is_granted(sonata_config.getOption('role_admin')) %}
                                            {% block sonata_top_nav_menu_add_block %}
                                                {% set addBlock = include(get_global_template('add_block')) %}
                                                {% if addBlock is not empty %}
                                                    <li class="dropdown">
                                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
                                                            <i class="fas fa-plus-square fa-fw" aria-hidden="true"></i> <i class="fas fa-caret-down" aria-hidden="true"></i>
                                                        </a>
                                                        {{ addBlock|raw }}
                                                    </li>
                                                {% endif %}
                                            {% endblock %}
                                        {% endif %}
                                        {% block sonata_top_nav_menu_user_block %}
                                            {% set userBlock = include(get_global_template('user_block')) %}
                                            {% if userBlock is not empty %}
                                                <li class="dropdown user-menu">
                                                    <a class="dropdown-toggle" data-toggle="dropdown" href="#">
                                                        <i class="fas fa-user fa-fw" aria-hidden="true"></i> <i class="fas fa-caret-down" aria-hidden="true"></i>
                                                    </a>
                                                    <ul class="dropdown-menu dropdown-user">
                                                        {{ userBlock|raw }}
                                                    </ul>
                                                </li>
                                            {% endif %}
                                        {% endblock %}
                                    </ul>
                                </div>
                            {% endif %}
                        {% endblock %}

Environment

Sonata packages

show

``` $ composer show --latest 'sonata-project/*' sonata-project/block-bundle 4.19.0 4.19.0 Symfony SonataBlockBundle sonata-project/cache 2.2.0 2.2.0 Cache library Package sonata-project/cache is abandoned, you should avoid using it. No replacement was suggested. sonata-project/doctrine-extensions 2.0.1 2.1.0 Doctrine2 behavioral extensions sonata-project/exporter 3.0.0 3.1.1 Lightweight Exporter library sonata-project/form-extensions 1.18.0 1.18.0 Symfony form extensions sonata-project/twig-extensions 2.0.0 2.0.0 Sonata twig extensions ```

Symfony packages

show

``` $ composer show --latest 'symfony/*' Direct dependencies required in composer.json: symfony/asset v6.1.5 v6.2.0 Manages URL generation and versioning of web assets such as CSS stylesheets, JavaScript files and image files symfony/browser-kit v6.1.3 v6.2.0 Simulates the behavior of a web browser, allowing you to make requests, click on links and submit forms programmatically symfony/console v6.1.9 v6.2.3 Eases the creation of beautiful and testable command line interfaces symfony/css-selector v6.1.9 v6.2.3 Converts CSS selectors to XPath expressions symfony/debug-bundle v6.1.3 v6.2.1 Provides a tight integration of the Symfony VarDumper component and the ServerLogCommand from MonologBridge into the Symfony full-stack framework symfony/dependency-injection v6.1.9 v6.2.3 Allows you to standardize and centralize the way objects are constructed in your application symfony/doctrine-messenger v6.1.8 v6.2.0 Symfony Doctrine Messenger Bridge symfony/dotenv v6.1.0 v6.2.0 Registers environment variables from a .env file symfony/expression-language v6.1.6 v6.2.2 Provides an engine that can compile and evaluate expressions symfony/flex v2.2.4 v2.2.4 Composer plugin for Symfony symfony/form v6.1.9 v6.2.3 Allows to easily create, process and reuse HTML forms symfony/framework-bundle v6.1.9 v6.2.3 Provides a tight integration between Symfony components and the Symfony full-stack framework symfony/http-client v6.1.9 v6.2.2 Provides powerful methods to fetch HTTP resources synchronously or asynchronously symfony/intl v6.1.7 v6.2.0 Provides a PHP replacement layer for the C intl extension that includes additional data from the ICU library symfony/mailer v6.1.9 v6.2.2 Helps sending emails symfony/maker-bundle v1.48.0 v1.48.0 Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code. symfony/mercure-bundle v0.3.5 v0.3.5 Symfony MercureBundle symfony/mime v6.1.9 v6.2.2 Allows manipulating MIME messages symfony/monolog-bundle v3.8.0 v3.8.0 Symfony MonologBundle symfony/notifier v6.1.0 v6.2.0 Sends notifications via one or more channels (email, SMS, ...) symfony/phpunit-bridge v6.2.3 v6.2.3 Provides utilities for PHPUnit, especially user deprecation notices management symfony/process v6.1.3 v6.2.0 Executes commands in sub-processes symfony/property-access v6.1.7 v6.2.3 Provides functions to read and write from/to an object or array using a simple string notation symfony/property-info v6.1.9 v6.2.3 Extracts information about PHP class' properties using metadata of popular sources symfony/proxy-manager-bridge v6.1.0 v6.2.0 Provides integration for ProxyManager with various Symfony components symfony/runtime v6.1.3 v6.2.0 Enables decoupling PHP applications from global state symfony/security-bundle v6.1.9 v6.2.3 Provides a tight integration of the Security component into the Symfony full-stack framework symfony/serializer v6.1.9 v6.2.3 Handles serializing and deserializing data structures, including object graphs, into array structures or other formats like XML and JSON. symfony/stopwatch v6.1.5 v6.2.0 Provides a way to profile code symfony/string v6.1.9 v6.2.2 Provides an object-oriented API to strings and deals with bytes, UTF-8 code points and grapheme clusters in a unified way symfony/templating v6.1.3 v6.2.0 Provides all the tools needed to build any kind of template system symfony/translation v6.1.6 v6.2.3 Provides tools to internationalize your application symfony/twig-bundle v6.1.9 v6.2.3 Provides a tight integration of Twig into the Symfony full-stack framework symfony/ux-chartjs v2.6.1 v2.6.1 Chart.js integration for Symfony symfony/validator v6.1.9 v6.2.3 Provides tools to validate values symfony/web-link v6.1.0 v6.2.0 Manages links between resources symfony/web-profiler-bundle v6.1.9 v6.2.4 Provides a development tool that gives detailed information about the execution of any request symfony/webpack-encore-bundle v1.16.0 v1.16.0 Integration with your Symfony app & Webpack Encore! symfony/yaml v6.1.9 v6.2.2 Loads and dumps YAML files Transitive dependencies not required in composer.json: symfony/cache v6.1.10 v6.2.4 Provides extended PSR-6, PSR-16 (and tags) implementations symfony/cache-contracts v3.2.0 v3.2.0 Generic abstractions related to caching symfony/config v6.1.3 v6.2.0 Helps you find, load, combine, autofill and validate configuration values of any kind symfony/deprecation-contracts v3.2.0 v3.2.0 A generic function and convention to trigger deprecation notices symfony/doctrine-bridge v6.1.9 v6.2.3 Provides integration for Doctrine with various Symfony components symfony/dom-crawler v6.1.9 v6.2.3 Eases DOM navigation for HTML and XML documents symfony/error-handler v6.1.9 v6.2.3 Provides tools to manage errors and ease debugging PHP code symfony/event-dispatcher v6.1.9 v6.2.2 Provides tools that allow your application components to communicate with each other by dispatching events and listening to them symfony/event-dispatcher-contracts v3.2.0 v3.2.0 Generic abstractions related to dispatching event symfony/filesystem v6.1.5 v6.2.0 Provides basic utilities for the filesystem symfony/finder v6.1.9 v6.2.3 Finds files and directories via an intuitive fluent interface symfony/http-client-contracts v3.1.1 v3.1.1 Generic abstractions related to HTTP clients symfony/http-foundation v6.1.9 v6.2.2 Defines an object-oriented layer for the HTTP specification symfony/http-kernel v6.1.10 v6.2.4 Provides a structured process for converting a Request into a Response symfony/mercure v0.6.2 v0.6.2 Symfony Mercure Component symfony/messenger v6.1.9 v6.2.2 Helps applications send and receive messages to/from other applications or via message queues symfony/monolog-bridge v6.1.9 v6.2.2 Provides integration for Monolog with various Symfony components symfony/options-resolver v6.1.0 v6.2.0 Provides an improved replacement for the array_replace PHP function symfony/password-hasher v6.1.3 v6.2.0 Provides password hashing utilities symfony/polyfill-intl-grapheme v1.27.0 v1.27.0 Symfony polyfill for intl's grapheme_* functions symfony/polyfill-intl-icu v1.27.0 v1.27.0 Symfony polyfill for intl's ICU-related data and classes symfony/polyfill-intl-idn v1.27.0 v1.27.0 Symfony polyfill for intl's idn_to_ascii and idn_to_utf8 functions symfony/polyfill-intl-normalizer v1.27.0 v1.27.0 Symfony polyfill for intl's Normalizer class and related functions symfony/polyfill-mbstring v1.27.0 v1.27.0 Symfony polyfill for the Mbstring extension symfony/routing v6.1.9 v6.2.3 Maps an HTTP request to a set of configuration variables symfony/security-acl v3.3.2 v3.3.2 Symfony Security Component - ACL (Access Control List) symfony/security-core v6.1.9 v6.2.2 Symfony Security Component - Core Library symfony/security-csrf v6.1.0 v6.2.0 Symfony Security Component - CSRF Library symfony/security-http v6.1.9 v6.2.2 Symfony Security Component - HTTP Integration symfony/service-contracts v3.2.0 v3.2.0 Generic abstractions related to writing services symfony/translation-contracts v3.2.0 v3.2.0 Generic abstractions related to translation symfony/twig-bridge v6.1.9 v6.2.3 Provides integration for Twig with various Symfony components symfony/var-dumper v6.1.9 v6.2.3 Provides mechanisms for walking through any arbitrary PHP variable symfony/var-exporter v6.1.9 v6.2.3 Allows exporting any serializable PHP data structure to plain PHP code ```

PHP version

$ php -v
PHP 8.1.2-1ubuntu2.9 (cli) (built: Oct 19 2022 14:58:09) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.2, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.2-1ubuntu2.9, Copyright (c), by Zend Technologies
    with Xdebug v3.1.2, Copyright (c) 2002-2021, by Derick Rethans

[VincentLanglet]

Can you provide a PR with a screenshot BEFORE/AFTER ? It will be easier for me to understand with screenshot since I don't use the SonataUser bundle

[landure]

Before the change, the user menu is masqued, and there is no logout link:

Here is a screenshot after the change is applied:

I've made a change in user_block.twig.html of SonataUserBundle to mask the Profile link if the user does not have the rights to view it, but the logout button is present.

[VincentLanglet]

I kinda concern why you would have the ability to see the admin if you don't have the role admin.

But PR is welcomed

[jordisala1991]

I thought about this issue more than once on different days. Always end up with the same conclusion. If you end up needing to change this code, your Symfony configuration is not the same as how you are suposed to use Sonata.

If you have users for the sonata admin panel, you are suposed to assign roles and configure the firewall.

For now I am not closing it, I would like to see how it looks when you dont have users and the panel does not use auth.

But I dont think we should apply this change.

Could you explain your use case? Maybe it makes sense and we can understand why you have users without the admin role that you let access to the admin dashboard…

[djpretzel]

Well, hypothetically, I think it might be useful for situations where you have contributors/collaborators to the "administration" of a dataset... who can only contribute to certain objects/tables? So like, crowdsourcing of data collection, with moderated review by "true" administrators? Is this not a valid utilization?

I think this may be the semantic difference between ROLE_ADMIN and something like ROLE_ADMIN_ACCESS?

[jordisala1991]

Normally I configure SONATA_ADMIN as a "only have access to the admin panel" but not have access to do anything else. So on your example I would assign that role and whatever extra roles to manage what need to be access for that users, and have the "real admins" with just more permissions or the super admin role if they have access to everything.

[djpretzel]

That makes sense, but it also makes SONATA_ADMIN more like... SONATA_USER, in practice/semantically... I feel like that should almost be the best practice or default/recommended implementation...

[VincentLanglet]

Is there any bad impact to do the proposed changed in https://github.com/sonata-project/SonataAdminBundle/issues/7995#issue-1517188540 @jordisala1991 ?

[jordisala1991]

@landure and @djpretzel see #8041 . It should fix this issue.