BO : empêcher de modifier et/ou supprimer le role SUPER_ADMIN ou ADMIN_SIEGE

src/Application/Sonata/UserBundle/Admin/UserAdmin.php

@@ -109,6 +109,7 @@ class UserAdmin extends BaseUserAdmin
      */
     protected function configureFormFields(FormMapper $formMapper): void
     {
+        $subject = $this->getSubject();
         // define group zoning
         $formMapper
             ->tab('User')
@@ -116,11 +117,13 @@ class UserAdmin extends BaseUserAdmin
                 ->with('General', ['class' => 'col-md-6'])->end()
                 // ->with('Social', ['class' => 'col-md-6'])->end()
             ->end()
-            ->tab('Security')
-                ->with('Groups', ['class' => 'col-md-8'])->end()
-                ->with('Status', ['class' => 'col-md-4'])->end()
+            ->tab('Security');
+        if (!($subject->isGranted('ROLE_SUPER_ADMIN') || $subject->isGranted('ROLE_ADMIN_SIEGE'))) {
+            $formMapper->with('Groups', ['class' => 'col-md-8'])->end();
+        }
+        $formMapper->with('Status', ['class' => 'col-md-4'])->end()
                 // ->with('Keys', ['class' => 'col-md-4'])->end()
-                ->with('Roles', ['class' => 'col-md-12'])->end()
+                // ->with('Roles', ['class' => 'col-md-12'])->end()
             ->end()
         ;
 
@@ -175,27 +178,28 @@ class UserAdmin extends BaseUserAdmin
             ->tab('Security')
                 ->with('Status')
                     ->add('enabled', null, ['required' => false])
-                ->end()
-                ->with('Groups')
-                    ->add('groups', ModelType::class, [
-                        'required' => false,
-                        'expanded' => true,
-                        'multiple' => true,
-                    ])
-                ->end()
-                ->with('Roles')
-                    ->add('realRoles', SecurityRolesType::class, [
-                        'label' => 'form.label_roles',
-                        'expanded' => true,
-                        'multiple' => true,
-                        'required' => false,
-                    ])
-                ->end()
+                ->end();
+        if (!($subject->isGranted('ROLE_SUPER_ADMIN') || $subject->isGranted('ROLE_ADMIN_SIEGE'))) {
+            $formMapper->with('Groups')
+                ->add('groups', ModelType::class, [
+                    'required' => false,
+                    'expanded' => true,
+                    'multiple' => true,
+                ])
+            ->end();
+        }
+                // ->with('Roles')
+                //     ->add('realRoles', SecurityRolesType::class, [
+                //         'label' => 'form.label_roles',
+                //         'expanded' => true,
+                //         'multiple' => true,
+                //         'required' => false,
+                //     ])
+                // ->end()
                 // ->with('Keys')
                 //     ->add('token', null, ['required' => false])
                 //     ->add('twoStepVerificationCode', null, ['required' => false])
                 // ->end()
-            ->end()
-        ;
+        $formMapper->end();
     }
 }

src/Controller/CRUD/CRUDController.php

@@ -27,7 +27,7 @@ class CRUDController extends Controller
 
             return $this->redirectTo($object);
         }
-        if ($object->hasRoale('ROLE_SUPER_ADMIN') || $object->hasRole('ROLE_ADMIN_SIEGE')) {
+        if ($object->hasRole('ROLE_SUPER_ADMIN') || $object->hasRole('ROLE_ADMIN_SIEGE')) {
             $this->addFlash(
                 'sonata_flash_error',
                 'Vous ne pouvez pas supprimer le compte admin !'