/** * Do save changes to user type * * @PreAuthorize("hasAnyRole('SUPER_ADMIN')") */ public function saveAction() { $request = $this->getRequest(); $id = $request->get('id', 0); $userType = $this->getDoctrine()->getRepository('UserBundle:AdminUserType')->find($id); $isNew = false; if ($id && !$userType) { throw $this->createNotFoundException(); } elseif (!$id) { $userType = new AdminUserType(); $userType->setStatus(AdminUserType::STATUS_ACTIVE); $isNew = true; } $form = $this->createForm(new AdminUserTypeFormType(), $userType); $form->bind($request); if ($form->isValid()) { //$userType = $form->getData(); $em = $this->getDoctrine()->getEntityManager(); $em->persist($userType); $em->flush(); // dispatch event $eventName = $isNew ? AdminBundleEvents::ON_ADD_ADMIN_USER_TYPE : AdminBundleEvents::ON_EDIT_ADMIN_USER_TYPE; $this->get('event_dispatcher')->dispatch($eventName, $this->get('events.factory')->create($eventName, $userType)); $request->getSession()->setFlash("success", "{$userType->getName()} user type saved."); return $this->redirect($this->generateUrl('admin_userType_index')); } else { return $this->render('AdminBundle:AdminUserType:form.html.twig', array('form' => $form->createView(), 'userType' => $userType)); } }
public function testAddAndRemoveRoleToUserType() { $uri = '/admin/settings/user-roles/add-to-user-type'; $params = array('userRoleId' => $this->userRole->getId(), 'userTypeId' => $this->userType->getId()); // test that it will not accept a GET method $client = $this->getBrowserWithActualLoggedInUser(); $crawler = $client->request('GET', $uri, $params); $this->assertEquals(404, $client->getResponse()->getStatusCode(), 'Expecting method GET to be not accepted'); // test that this should not be acessed by non-authenticated users $client = static::createClient(); $crawler = $client->request('POST', $uri, $params); $this->assertEquals(302, $client->getResponse()->getStatusCode()); $this->assertTrue($client->getResponse()->headers->get('location') == '/admin/location' || $client->getResponse()->headers->get('location') == 'http://localhost/admin/login', 'Expecting redirect to login page and not to ' . $client->getResponse()->headers->get('location')); // test that this should not be acessed by non-authorized users $client = $this->getBrowserWithMockLoggedUser(); $crawler = $client->request('POST', $uri, $params); $this->assertEquals(403, $client->getResponse()->getStatusCode(), "Expecting 403 Forbidden error after unauthorized access"); // test valid post $client = $this->getBrowserWithActualLoggedInUser(); $crawler = $client->request('POST', $uri, $params); $this->assertEquals(200, $client->getResponse()->getStatusCode()); // test that adding same role to user type will throw an error 500 $crawler = $client->request('POST', $uri, $params); $this->assertEquals(500, $client->getResponse()->getStatusCode(), "Expecting error 500 after adding same role to same user type"); // test that adding invalid role to type will throw error 404 $crawler = $client->request('POST', $uri, array('userRoleId' => 99999, 'userTypeId' => $this->userType->getId())); $this->assertEquals(404, $client->getResponse()->getStatusCode(), "Expecting error 404 after adding invalid role to user type"); // test that adding invalid type to role will throw error 404 $crawler = $client->request('POST', $uri, array('userRoleId' => $this->userRole->getId(), 'userTypeId' => 9999999)); $this->assertEquals(404, $client->getResponse()->getStatusCode(), "Expecting error 404 after adding role to invalid user type"); //---- end test for adding role to user type ----> //---- test for removing role from user type ----> $uri = '/admin/settings/user-roles/remove-role-from-user-type'; $params = array('userRoleId' => $this->userRole->getId(), 'userTypeId' => $this->userType->getId()); // test that it will not accept a GET method $client = $this->getBrowserWithActualLoggedInUser(); $crawler = $client->request('GET', $uri, $params); $this->assertEquals(404, $client->getResponse()->getStatusCode(), 'Expecting method GET to be not accepted'); // test that this should not be acessed by non-authenticated users $client = static::createClient(); $crawler = $client->request('POST', $uri, $params); $this->assertEquals(302, $client->getResponse()->getStatusCode()); $this->assertTrue($client->getResponse()->headers->get('location') == '/admin/location' || $client->getResponse()->headers->get('location') == 'http://localhost/admin/login', 'Expecting redirect to login page and not to ' . $client->getResponse()->headers->get('location')); // test that this should not be acessed by non-authorized users $client = $this->getBrowserWithMockLoggedUser(); $crawler = $client->request('POST', $uri, $params); $this->assertEquals(403, $client->getResponse()->getStatusCode(), "Expecting 403 Forbidden error after unauthorized access"); // test to remove invalid $client = $this->getBrowserWithActualLoggedInUser(); $crawler = $client->request('POST', $uri, array('userRoleId' => 99999, 'userTypeId' => 21312388324242399)); $this->assertEquals(404, $client->getResponse()->getStatusCode(), "Expecting error 404 after passing invalid user type and user role"); // test valid data post $crawler = $client->request('POST', $uri, $params); $this->assertEquals(200, $client->getResponse()->getStatusCode()); // test that it has been added by requesting the add again and expecting a 200 response $uri = '/admin/settings/user-roles/add-to-user-type'; $crawler = $client->request('POST', $uri, $params); $this->assertEquals(200, $client->getResponse()->getStatusCode()); }
public function getAssignablePermissionsByUserType(AdminUserType $userType) { $currentUserRoles = $userType->getAdminUserRoles(); $ids = array(); foreach ($currentUserRoles as $each) { $ids[] = $each->getId(); } $idsNotIn = "'" . \implode("', '", $ids) . "'"; $dql = "SELECT a FROM UserBundle:AdminUserRole a WHERE a.status = :active AND a.id NOT IN ({$idsNotIn})"; $query = $this->getEntityManager()->createQuery($dql)->setParameter('active', AdminUserRole::STATUS_ACTIVE); return $query->getResult(); }