Skip to content

fix: hide admin sidebar when user has no admin permissions (#4770)#5291

Open
jaredgalanis wants to merge 2 commits intoDSpace:mainfrom
jaredgalanis:fix/admin-sidebar-visibility-4770
Open

fix: hide admin sidebar when user has no admin permissions (#4770)#5291
jaredgalanis wants to merge 2 commits intoDSpace:mainfrom
jaredgalanis:fix/admin-sidebar-visibility-4770

Conversation

@jaredgalanis
Copy link

@jaredgalanis jaredgalanis commented Mar 17, 2026

References

Description

Admin sidebar menu providers (New, Edit, Import, Export, Access Control, Registries) had their top-level sections set to visible: true unconditionally. This caused the
sidebar to render for all authenticated users, even those with no admin permissions, showing an empty sidebar with only the pin/unpin toggle.

Each provider's getTopSection() now gates visibility on the same authorization checks used by their subsections, matching the pattern already used by
NotificationsMenuProvider and CoarNotifyMenuProvider.

Instructions for Reviewers

List of changes in this PR:

  • NewMenuProvider top section visibility gated on IsCollectionAdmin || IsCommunityAdmin || AdministratorOf || CanSubmit || CoarNotifyEnabled
  • EditMenuProvider top section visibility gated on IsCollectionAdmin || IsCommunityAdmin || CanEditItem
  • ImportMenuProvider top section visibility gated on AdministratorOf
  • ExportMenuProvider top section visibility gated on AdministratorOf
  • AccessControlMenuProvider top section visibility gated on AdministratorOf || CanManageGroups
  • RegistriesMenuProvider top section visibility gated on AdministratorOf
  • Added "when user has no permissions" unit tests for all 6 providers

How to test:

  1. Log in as a site administrator — admin sidebar should appear with all menu sections
  2. Log in as a community administrator — sidebar should show New, Edit, Access Control
  3. Log in as a collection administrator — sidebar should show New, Edit, Access Control
  4. Log in as a submitter (with submit permissions only) — sidebar should show New only
  5. Log in as an authenticated user with no permissions — sidebar should not appear at all (this was the bug)

Checklist

  • My PR is created against the main branch
  • My PR is small in size (12 files changed, ~100 lines net)
  • My PR passes ESLint validation using npm run lint
  • My PR doesn't introduce circular dependencies (verified via npm run check-circ-deps)
  • My PR includes TypeDoc comments — no new public methods added, existing signatures unchanged
  • My PR passes all specs/tests and includes new/updated specs or tests — 6 new test cases added
  • My PR aligns with Accessibility guidelines — no UI changes, only visibility logic
  • My PR uses i18n keys — no new user-facing text
  • My PR includes details on how to test it — see above
  • If my PR fixes an issue ticket, I've linked them together — Fixes admin-sidebar appears blank when no relevant permissions are found #4770

@jaredgalanis
fix: hide admin sidebar when user has no admin permissions (DSpace#4770)
252eb1e 
Admin sidebar menu providers (New, Edit, Import, Export, Access Control)
had their top-level sections set to visible: true unconditionally. This
caused the sidebar to render for all authenticated users, even those
with no admin permissions, showing an empty sidebar with only the
pin/unpin toggle.

Fix by gating each provider's top section visibility on the same
authorization checks used by their subsections, matching the pattern
already used by NotificationsMenuProvider and CoarNotifyMenuProvider.
@jaredgalanis jaredgalanis marked this pull request as ready for review March 17, 2026 19:44
@lgeggleston lgeggleston added bug component: administrative tools Related to the admin menu or tools port to dspace-9_x This PR needs to be ported to `dspace-9_x` branch for next bug-fix release labels Mar 18, 2026
@lgeggleston lgeggleston moved this to 🙋 Needs Reviewers Assigned in DSpace 10.0 Release Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jaredgalanis jaredgalanis

Labels

bug component: administrative tools Related to the admin menu or tools port to dspace-9_x This PR needs to be ported to `dspace-9_x` branch for next bug-fix release usability

Projects

DSpace 10.0 Release
Status: 🙋 Needs Reviewers Assigned

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

admin-sidebar appears blank when no relevant permissions are found

2 participants

@jaredgalanis @lgeggleston