/** * @dataProvider dataProvider */ public function testCanUserBeSetAsOwner($currentUser, $newUser, $accessLevel, $organizationContext, $isCanBeSet) { $tree = new OwnerTree(); $this->addUserInfoToTree($tree, $currentUser); $this->addUserInfoToTree($tree, $newUser); $treeProvider = $this->getMockBuilder('Oro\\Bundle\\SecurityBundle\\Owner\\OwnerTreeProvider')->disableOriginalConstructor()->getMock(); $treeProvider->expects($this->any())->method('getTree')->will($this->returnValue($tree)); $result = $this->businessUnitManager->canUserBeSetAsOwner($currentUser, $newUser, $accessLevel, $treeProvider, $organizationContext); $this->assertEquals($isCanBeSet, $result); }
/** * Validate owner * * @param FormEvent $event */ public function postSubmit(FormEvent $event) { $form = $event->getForm(); if ($form->getParent() || !$form->has($this->fieldName)) { return; } $entity = $event->getData(); // Check if we have owner in data. // In case Business unit entity, owner(parent) is not required. // For other entities, form without owner will not be valid because owner is required. if (!is_object($event->getData()->getOwner())) { return; } $newOwner = $entity->getOwner(); //validate only if owner was changed or then we are on create page if (is_null($event->getData()->getId()) || $this->oldOwner && $newOwner->getId() && $this->oldOwner !== $newOwner->getId()) { $metadata = $this->getMetadata($form->getNormData()); if ($metadata) { $isCorrect = true; if ($metadata->isUserOwned()) { $isCorrect = $this->businessUnitManager->canUserBeSetAsOwner($this->getCurrentUser(), $newOwner, $this->accessLevel, $this->treeProvider, $this->getOrganization()); } elseif ($metadata->isBusinessUnitOwned()) { $isCorrect = in_array($newOwner->getId(), $this->getBusinessUnitIds()); } if (!$isCorrect) { $form->get($this->fieldName)->addError(new FormError('You have no permission to set this owner')); } } } }