Correction : tous les rôles héritent par défaut du rôle "user".

src/UnicaenAuth/Provider/Identity/Chain.php

@@ -2,8 +2,10 @@
 namespace UnicaenAuth\Provider\Identity;
 
 use BjyAuthorize\Provider\Identity\ProviderInterface;
+use BjyAuthorize\Service\Authorize;
 use Zend\EventManager\EventManagerAwareInterface;
 use Zend\EventManager\EventManagerAwareTrait;
+use Zend\Permissions\Acl\Role\Registry;
 use Zend\Permissions\Acl\Role\RoleInterface;
 use Zend\ServiceManager\ServiceLocatorAwareInterface;
 use Zend\ServiceManager\ServiceLocatorAwareTrait;
@@ -14,7 +16,7 @@ use Zend\ServiceManager\ServiceLocatorAwareTrait;
  *
  * @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
  * @see ChainEvent
- * @see \UnicaenAuth\Service\ChainIdentityProviderServiceFactory
+ * @see \UnicaenAuth\Provider\Identity\ChainServiceFactory
  */
 class Chain implements ProviderInterface, ServiceLocatorAwareInterface, EventManagerAwareInterface
 {
@@ -76,9 +78,9 @@ class Chain implements ProviderInterface, ServiceLocatorAwareInterface, EventMan
         $this->getEventManager()->trigger('getIdentityRoles', $e);
         $roles = $e->getRoles();
         
-        $authorizeService = $this->getServiceLocator()->get('BjyAuthorize\Service\Authorize'); /* @var $authorizeService \BjyAuthorize\Service\Authorize */
+        $authorizeService = $this->getServiceLocator()->get('BjyAuthorize\Service\Authorize'); /* @var $authorizeService Authorize */
         
-        $registry = new \Zend\Permissions\Acl\Role\Registry();
+        $registry = new Registry();
         foreach ($roles as $role) {
             // ne retient que les rôles déclarés dans les ACL
             if (!$authorizeService->getAcl()->hasRole($role)) {
@@ -92,10 +94,6 @@ class Chain implements ProviderInterface, ServiceLocatorAwareInterface, EventMan
             }
         }
         
-//        if (count($registry->getRoles()) > 1 && $registry->has('user')) {
-//            unset($this->roles['user']);
-//        }
-        
 //        var_dump($this->roles);
         
         return $this->roles;

src/UnicaenAuth/Provider/Role/Config.php

@@ -79,7 +79,7 @@ class Config extends \BjyAuthorize\Provider\Role\Config
         }
         
         $roles   = array();
-        $role    = new NamedRole($name, $parent, $roleName, $description, $selectable);
+        $role    = new NamedRole($name, $parent ?: 'user', $roleName, $description, $selectable);
         $roles[] = $role;
 
         foreach ($children as $key => $value) {

src/UnicaenAuth/Provider/Role/DbRole.php

@@ -25,6 +25,13 @@ class DbRole extends ObjectRepositoryProvider
         catch (PDOException $exc) {
             $roles = array();
         }
+
+        /* @var $roleObj \BjyAuthorize\Acl\Role */
+        foreach ($roles as $roleObj) {
+            if (!$roleObj->getParent()) {
+                $roleObj->setParent('user');
+            }
+        }
         
         return $roles;
     }