/**
* Do save changes to user type
*
* @PreAuthorize("hasAnyRole('SUPER_ADMIN')")
*/
public function saveAction()
{
$request = $this->getRequest();
$id = $request->get('id', 0);
$userType = $this->getDoctrine()->getRepository('UserBundle:AdminUserType')->find($id);
$isNew = false;
if ($id && !$userType) {
throw $this->createNotFoundException();
} elseif (!$id) {
$userType = new AdminUserType();
$userType->setStatus(AdminUserType::STATUS_ACTIVE);
$isNew = true;
}
$form = $this->createForm(new AdminUserTypeFormType(), $userType);
$form->bind($request);
if ($form->isValid()) {
//$userType = $form->getData();
$em = $this->getDoctrine()->getEntityManager();
$em->persist($userType);
$em->flush();
// dispatch event
$eventName = $isNew ? AdminBundleEvents::ON_ADD_ADMIN_USER_TYPE : AdminBundleEvents::ON_EDIT_ADMIN_USER_TYPE;
$this->get('event_dispatcher')->dispatch($eventName, $this->get('events.factory')->create($eventName, $userType));
$request->getSession()->setFlash("success", "{$userType->getName()} user type saved.");
return $this->redirect($this->generateUrl('admin_userType_index'));
} else {
return $this->render('AdminBundle:AdminUserType:form.html.twig', array('form' => $form->createView(), 'userType' => $userType));
}
}
public function testAddAndRemoveRoleToUserType()
{
$uri = '/admin/settings/user-roles/add-to-user-type';
$params = array('userRoleId' => $this->userRole->getId(), 'userTypeId' => $this->userType->getId());
// test that it will not accept a GET method
$client = $this->getBrowserWithActualLoggedInUser();
$crawler = $client->request('GET', $uri, $params);
$this->assertEquals(404, $client->getResponse()->getStatusCode(), 'Expecting method GET to be not accepted');
// test that this should not be acessed by non-authenticated users
$client = static::createClient();
$crawler = $client->request('POST', $uri, $params);
$this->assertEquals(302, $client->getResponse()->getStatusCode());
$this->assertTrue($client->getResponse()->headers->get('location') == '/admin/location' || $client->getResponse()->headers->get('location') == 'http://localhost/admin/login', 'Expecting redirect to login page and not to ' . $client->getResponse()->headers->get('location'));
// test that this should not be acessed by non-authorized users
$client = $this->getBrowserWithMockLoggedUser();
$crawler = $client->request('POST', $uri, $params);
$this->assertEquals(403, $client->getResponse()->getStatusCode(), "Expecting 403 Forbidden error after unauthorized access");
// test valid post
$client = $this->getBrowserWithActualLoggedInUser();
$crawler = $client->request('POST', $uri, $params);
$this->assertEquals(200, $client->getResponse()->getStatusCode());
// test that adding same role to user type will throw an error 500
$crawler = $client->request('POST', $uri, $params);
$this->assertEquals(500, $client->getResponse()->getStatusCode(), "Expecting error 500 after adding same role to same user type");
// test that adding invalid role to type will throw error 404
$crawler = $client->request('POST', $uri, array('userRoleId' => 99999, 'userTypeId' => $this->userType->getId()));
$this->assertEquals(404, $client->getResponse()->getStatusCode(), "Expecting error 404 after adding invalid role to user type");
// test that adding invalid type to role will throw error 404
$crawler = $client->request('POST', $uri, array('userRoleId' => $this->userRole->getId(), 'userTypeId' => 9999999));
$this->assertEquals(404, $client->getResponse()->getStatusCode(), "Expecting error 404 after adding role to invalid user type");
//---- end test for adding role to user type ---->
//---- test for removing role from user type ---->
$uri = '/admin/settings/user-roles/remove-role-from-user-type';
$params = array('userRoleId' => $this->userRole->getId(), 'userTypeId' => $this->userType->getId());
// test that it will not accept a GET method
$client = $this->getBrowserWithActualLoggedInUser();
$crawler = $client->request('GET', $uri, $params);
$this->assertEquals(404, $client->getResponse()->getStatusCode(), 'Expecting method GET to be not accepted');
// test that this should not be acessed by non-authenticated users
$client = static::createClient();
$crawler = $client->request('POST', $uri, $params);
$this->assertEquals(302, $client->getResponse()->getStatusCode());
$this->assertTrue($client->getResponse()->headers->get('location') == '/admin/location' || $client->getResponse()->headers->get('location') == 'http://localhost/admin/login', 'Expecting redirect to login page and not to ' . $client->getResponse()->headers->get('location'));
// test that this should not be acessed by non-authorized users
$client = $this->getBrowserWithMockLoggedUser();
$crawler = $client->request('POST', $uri, $params);
$this->assertEquals(403, $client->getResponse()->getStatusCode(), "Expecting 403 Forbidden error after unauthorized access");
// test to remove invalid
$client = $this->getBrowserWithActualLoggedInUser();
$crawler = $client->request('POST', $uri, array('userRoleId' => 99999, 'userTypeId' => 21312388324242399));
$this->assertEquals(404, $client->getResponse()->getStatusCode(), "Expecting error 404 after passing invalid user type and user role");
// test valid data post
$crawler = $client->request('POST', $uri, $params);
$this->assertEquals(200, $client->getResponse()->getStatusCode());
// test that it has been added by requesting the add again and expecting a 200 response
$uri = '/admin/settings/user-roles/add-to-user-type';
$crawler = $client->request('POST', $uri, $params);
$this->assertEquals(200, $client->getResponse()->getStatusCode());
}
public function getAssignablePermissionsByUserType(AdminUserType $userType)
{
$currentUserRoles = $userType->getAdminUserRoles();
$ids = array();
foreach ($currentUserRoles as $each) {
$ids[] = $each->getId();
}
$idsNotIn = "'" . \implode("', '", $ids) . "'";
$dql = "SELECT a FROM UserBundle:AdminUserRole a WHERE a.status = :active AND a.id NOT IN ({$idsNotIn})";
$query = $this->getEntityManager()->createQuery($dql)->setParameter('active', AdminUserRole::STATUS_ACTIVE);
return $query->getResult();
}