/** * @Rest\Post("/inventory_audit") * @Rest\View(template=":default:index.html.twig",serializerEnableMaxDepthChecks=true, serializerGroups={"Default"}) * @ParamConverter("inventoryAudit", converter="fos_rest.request_body") */ public function createInventoryAuditAction(\AppBundle\Entity\InventoryAudit $inventoryAudit) { $inventoryAudit->setByUser($this->getUser()); if ($this->get('security.authorization_checker')->isGranted('CREATE', $inventoryAudit) and $inventoryAudit->isOwnedByOrganization($this->getUser()->getOrganization())) { $em = $this->getDoctrine()->getManager(); $inventoryAudit->setStartedAt(new \DateTime()); $inventoryAudit->getForBin()->setIsLocked(true); $em->persist($inventoryAudit); $em->flush(); $this->updateAclByRoles($inventoryAudit, ['ROLE_USER' => 'view', 'ROLE_ADMIN' => 'operator']); return $inventoryAudit; } else { throw $this->createAccessDeniedException(); } }