[WebBundle] "GET" actions should not be able to modify any resource

src/Sylius/Bundle/ResourceBundle/Resources/views/Macros/buttons.html.twig

@@ -51,3 +51,12 @@
     </button>
 </form>
 {% endmacro %}
+
+{% macro patch(url, message, icon) %}
+<form action="{{ url }}" method="post" class="delete-action-form" novalidate>
+    <input type="hidden" name="_method" value="PATCH">
+    <button class="btn btn-success" type="submit">
+        <i class="glyphicon glyphicon-{{ icon|default('transfer') }}"></i> <span>{{ message }}</span>
+    </button>
+</form>
+{% endmacro %}

src/Sylius/Bundle/WebBundle/Controller/Frontend/Account/AddressController.php

@@ -13,7 +13,9 @@
 
 use Doctrine\Common\Persistence\ObjectManager;
 use Sylius\Component\Addressing\Model\AddressInterface;
+use Sylius\Component\Resource\Repository\RepositoryInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
+use Symfony\Component\Form\FormInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -109,47 +111,45 @@ public function deleteAction($id)
     }
 
     /**
-     * Set an address as default billing address for the current user.
+     * Set an address as default billing/shipping address for the current user.
+     *
+     * @param int    $id
+     * @param string $type
      *
      * @return RedirectResponse
+     *
+     * @throws NotFoundHttpException
      */
-    public function setAsBillingAction($id)
+    public function setAddressAsAction($id, $type)
     {
         $address = $this->findUserAddressOr404($id);
 
         $user = $this->getUser();
-        $user->setBillingAddress($address);
 
-        $manager = $this->getUserManager();
-        $manager->persist($user);
-        $manager->flush();
+        if ('billing' === $type) {
+            $user->setBillingAddress($address);
 
-        $this->addFlash('success', 'sylius.account.address.set_as_billing');
-
-        return $this->redirectToIndex();
-    }
-
-    /**
-     * Set an address as shipping billing address for the current user.
-     *
-     * @return RedirectResponse
-     */
-    public function setAsShippingAction($id)
-    {
-        $address = $this->findUserAddressOr404($id);
+            $this->addFlash('success', 'sylius.account.address.set_as_billing');
+        } elseif ('shipping' === $type) {
+            $user->setShippingAddress($address);
 
-        $user = $this->getUser();
-        $user->setShippingAddress($address);
+            $this->addFlash('success', 'sylius.account.address.set_as_shipping');
+        } else {
+            throw new NotFoundHttpException();
+        }
 
         $manager = $this->getUserManager();
         $manager->persist($user);
         $manager->flush();
 
-        $this->addFlash('success', 'sylius.account.address.set_as_shipping');
-
         return $this->redirectToIndex();
     }
 
+    /**
+     * @param AddressInterface $address
+     *
+     * @return FormInterface
+     */
     private function getAddressForm(AddressInterface $address)
     {
         return $this->get('form.factory')->create('sylius_address', $address);

src/Sylius/Bundle/WebBundle/Resources/config/routing/backend/product_variant.yml

@@ -36,7 +36,7 @@ sylius_backend_product_variant_delete:
 
 sylius_backend_product_variant_generate:
     pattern: /generate
-    methods: [GET]
+    methods: [PATCH]
     defaults:
         _controller: sylius.controller.product_variant:generateAction
         _sylius:

src/Sylius/Bundle/WebBundle/Resources/config/routing/frontend/account/address.yml

@@ -27,16 +27,18 @@ sylius_account_address_delete:
 
 sylius_account_address_set_default_billing:
     pattern: /{id}/default/billing
-    methods: [GET]
+    methods: [PATCH]
     defaults:
-        _controller: sylius.controller.frontend.account.address:setAsBillingAction
+        _controller: sylius.controller.frontend.account.address:setAddressAsAction
+        type: billing
     requirements:
         id:  \d+
 
 sylius_account_address_set_default_shipping:
     pattern: /{id}/default/shipping
-    methods: [GET]
+    methods: [PATCH]
     defaults:
-        _controller: sylius.controller.frontend.account.address:setAsShippingAction
+        _controller: sylius.controller.frontend.account.address:setAddressAsAction
+        type: shipping
     requirements:
         id:  \d+

src/Sylius/Bundle/WebBundle/Resources/views/Backend/Product/show.html.twig

@@ -187,7 +187,7 @@
 <div class="well well-sm">
     {{ buttons.create(path('sylius_backend_product_variant_create', {'productId': product.id}), 'sylius.variant.create'|trans) }}
     {% if product.hasOptions %}
-        {{ buttons.manage(path('sylius_backend_product_variant_generate', {'productId': product.id}), 'sylius.product.generate_variants'|trans) }}
+        {{ buttons.patch(path('sylius_backend_product_variant_generate', {'productId': product.id}), 'sylius.product.generate_variants'|trans) }}
     {% endif %}
     <div class="pull-right">
         <strong>{{ 'sylius.product.variant_selection_method'|trans }}</strong>: {{ product.variantSelectionMethodLabel }}

src/Sylius/Bundle/WebBundle/Resources/views/Frontend/Account/Address/index.html.twig

@@ -33,16 +33,15 @@
                             {% endif %}
 
                             {% if address != app.user.billingAddress %}
-                                {{ buttons.btn(
+                                {{ buttons.patch(
                                     path('sylius_account_address_set_default_billing', {'id': address.id}),
-                                    'sylius.account.address.action.billing', '', 'star-empty') }}
-                                <br>
+                                    'sylius.account.address.action.billing', 'star-empty') }}
                                 <br>
                             {% endif %}
                             {% if address != app.user.shippingAddress %}
-                                {{ buttons.btn(
+                                {{ buttons.patch(
                                     path('sylius_account_address_set_default_shipping', {'id': address.id}),
-                                    'sylius.account.address.action.shipping', '', 'star') }}
+                                    'sylius.account.address.action.shipping', 'star') }}
                             {% endif %}
                         </td>
                         <td>

src/Sylius/Bundle/WebBundle/Resources/views/Frontend/Macros/buttons.html.twig

@@ -53,3 +53,12 @@
 </form>
 {% endif %}
 {% endmacro %}
+
+{% macro patch(url, message, icon) %}
+<form action="{{ url }}" method="post" novalidate>
+    <input type="hidden" name="_method" value="PATCH">
+    <button class="btn btn-default" type="submit">
+        <i class="glyphicon glyphicon-{{ icon|default('transfer') }}"></i> <span>{{ message|trans  }}</span>
+    </button>
+</form>
+{% endmacro %}