Gate sidebar menu items by can_access_page?

Members, Fee Types and Administration subitems only shown when user
has page permission. Add admin_menu_visible? helper. Sidebar test
uses admin user so menu items render.

lib/mv_web/components/layouts/sidebar.ex

@@ -70,33 +70,56 @@ defmodule MvWeb.Layouts.Sidebar do
   defp sidebar_menu(assigns) do
     ~H"""
     <ul class="menu flex-1 w-full p-2" role="menubar">
-      <.menu_item
+      <%= if can_access_page?(@current_user, "/members") do %>
-        href={~p"/members"}
+        <.menu_item
-        icon="hero-users"
+          href={~p"/members"}
-        label={gettext("Members")}
+          icon="hero-users"
-      />
+          label={gettext("Members")}
-
-      <.menu_item
-        href={~p"/membership_fee_types"}
-        icon="hero-currency-euro"
-        label={gettext("Fee Types")}
-      />
-      
-    <!-- Nested Admin Menu -->
-      <.menu_group icon="hero-cog-6-tooth" label={gettext("Administration")}>
-        <.menu_subitem href={~p"/users"} label={gettext("Users")} />
-        <.menu_subitem href={~p"/groups"} label={gettext("Groups")} />
-        <.menu_subitem href={~p"/admin/roles"} label={gettext("Roles")} />
-        <.menu_subitem
-          href={~p"/membership_fee_settings"}
-          label={gettext("Fee Settings")}
         />
-        <.menu_subitem href={~p"/settings"} label={gettext("Settings")} />
+      <% end %>
-      </.menu_group>
+
+      <%= if can_access_page?(@current_user, "/membership_fee_types") do %>
+        <.menu_item
+          href={~p"/membership_fee_types"}
+          icon="hero-currency-euro"
+          label={gettext("Fee Types")}
+        />
+      <% end %>
+
+      <%= if admin_menu_visible?(@current_user) do %>
+        <.menu_group icon="hero-cog-6-tooth" label={gettext("Administration")}>
+          <%= if can_access_page?(@current_user, "/users") do %>
+            <.menu_subitem href={~p"/users"} label={gettext("Users")} />
+          <% end %>
+          <%= if can_access_page?(@current_user, "/groups") do %>
+            <.menu_subitem href={~p"/groups"} label={gettext("Groups")} />
+          <% end %>
+          <%= if can_access_page?(@current_user, "/admin/roles") do %>
+            <.menu_subitem href={~p"/admin/roles"} label={gettext("Roles")} />
+          <% end %>
+          <%= if can_access_page?(@current_user, "/membership_fee_settings") do %>
+            <.menu_subitem
+              href={~p"/membership_fee_settings"}
+              label={gettext("Fee Settings")}
+            />
+          <% end %>
+          <%= if can_access_page?(@current_user, "/settings") do %>
+            <.menu_subitem href={~p"/settings"} label={gettext("Settings")} />
+          <% end %>
+        </.menu_group>
+      <% end %>
     </ul>
     """
   end
 
+  defp admin_menu_visible?(user) do
+    Enum.any?(admin_page_paths(), &can_access_page?(user, &1))
+  end
+
+  defp admin_page_paths do
+    ["/users", "/groups", "/admin/roles", "/membership_fee_settings", "/settings"]
+  end
+
   attr :href, :string, required: true, doc: "Navigation path"
   attr :icon, :string, required: true, doc: "Heroicon name"
   attr :label, :string, required: true, doc: "Menu item label"

test/mv_web/components/layouts/sidebar_test.exs

@@ -22,9 +22,14 @@ defmodule MvWeb.Layouts.SidebarTest do
   # =============================================================================
 
   # Returns assigns for an authenticated user with all required attributes.
+  # User has admin role so can_access_page? returns true for all sidebar links.
   defp authenticated_assigns(mobile \\ false) do
     %{
-      current_user: %{id: "user-123", email: "test@example.com"},
+      current_user: %{
+        id: "user-123",
+        email: "test@example.com",
+        role: %{permission_set_name: "admin"}
+      },
       club_name: "Test Club",
       mobile: mobile
     }