Merge pull request #522 from mkurzeja/mkurzeja/master

Fixing hidden roles support in SecurityRolesType

Form/Transformer/RestoreRolesTransformer.php

@@ -64,7 +64,7 @@ public function reverseTransform($selectedRoles)
 
         list($availableRoles, ) = $this->rolesBuilder->getRoles();
 
-        $hiddenRoles = array_diff($this->originalRoles, $availableRoles);
+        $hiddenRoles = array_diff($this->originalRoles, array_keys($availableRoles));
 
         return array_merge($selectedRoles, $hiddenRoles);
     }

Form/Type/SecurityRolesType.php

@@ -58,7 +58,7 @@ public function buildForm(FormBuilderInterface $formBuilder, array $options)
 
         // POST METHOD
         $formBuilder->addEventListener(FormEvents::PRE_BIND, function(FormEvent $event) use ($transformer) {
-            $transformer->setOriginalRoles($event->getData());
+            $transformer->setOriginalRoles($event->getForm()->getData());
         });
 
         $formBuilder->addModelTransformer($transformer);

Tests/Form/Transformer/RestoreRolesTransformerTest.php

@@ -100,4 +100,57 @@ public function testReverseTransformAllowEmptyOriginalRoles()
 
         $this->assertEquals(array('ROLE_FOO'), $transformer->reverseTransform($data));
     }
+
+    public function testReverseTransformRevokedHierarchicalRole()
+    {
+        $roleBuilder = $this->getMockBuilder('Sonata\UserBundle\Security\EditableRolesBuilder')
+                            ->disableOriginalConstructor()
+                            ->getMock();
+
+        $availableRoles = array(
+            'ROLE_SONATA_ADMIN'  => 'ROLE_SONATA_ADMIN',
+            'ROLE_COMPANY_PERSONAL_MODERATOR' => 'ROLE_COMPANY_PERSONAL_MODERATOR: ROLE_COMPANY_USER',
+            'ROLE_COMPANY_NEWS_MODERATOR' => 'ROLE_COMPANY_NEWS_MODERATOR: ROLE_COMPANY_USER',
+            'ROLE_COMPANY_BOOKKEEPER' => 'ROLE_COMPANY_BOOKKEEPER: ROLE_COMPANY_USER',
+            'ROLE_USER' => 'ROLE_USER',
+        );
+        $roleBuilder->expects($this->once())->method('getRoles')->will($this->returnValue(array($availableRoles, array())));
+
+        // user roles
+        $userRoles = array('ROLE_COMPANY_PERSONAL_MODERATOR', 'ROLE_COMPANY_NEWS_MODERATOR', 'ROLE_COMPANY_BOOKKEEPER');
+        $transformer = new RestoreRolesTransformer($roleBuilder);
+        $transformer->setOriginalRoles($userRoles);
+
+        // now we want to revoke role ROLE_COMPANY_PERSONAL_MODERATOR
+        $revokedRole = array_shift($userRoles);
+        $processedRoles = $transformer->reverseTransform($userRoles);
+
+        $this->assertNotContains($revokedRole, $processedRoles);
+    }
+
+    public function testReverseTransformHiddenRole()
+    {
+        $roleBuilder = $this->getMockBuilder('Sonata\UserBundle\Security\EditableRolesBuilder')
+                            ->disableOriginalConstructor()
+                            ->getMock();
+
+        $availableRoles = array(
+            'ROLE_SONATA_ADMIN'  => 'ROLE_SONATA_ADMIN',
+            'ROLE_ADMIN' => 'ROLE_ADMIN: ROLE_USER ROLE_COMPANY_ADMIN',
+        );
+        $roleBuilder->expects($this->once())->method('getRoles')->will($this->returnValue(array($availableRoles, array())));
+
+        // user roles
+        $userRoles = array('ROLE_USER', 'ROLE_SUPER_ADMIN');
+        $transformer = new RestoreRolesTransformer($roleBuilder);
+        $transformer->setOriginalRoles($userRoles);
+
+        // add a new role
+        array_push($userRoles, 'ROLE_SONATA_ADMIN');
+        // remove existing user role that is not availableRoles
+        unset($userRoles[array_search('ROLE_SUPER_ADMIN', $userRoles)]);
+        $processedRoles = $transformer->reverseTransform($userRoles);
+
+        $this->assertContains('ROLE_SUPER_ADMIN', $processedRoles);
+    }
 }

Tests/Form/Type/SecurityRolesTypeTest.php

@@ -99,4 +99,22 @@ public function testSubmitInvalidData()
         $this->assertFalse($form->isSynchronized());
         $this->assertNull($form->getData());
     }
+
+    public function testSubmitWithHiddenRoleData()
+    {
+        $originalRoles = array('ROLE_SUPER_ADMIN', 'ROLE_USER');
+
+        $form = $this->factory->create('sonata_security_roles', $originalRoles, array(
+            'multiple' => true,
+            'expanded' => true,
+            'required' => false
+        ));
+
+        // we keep hidden ROLE_SUPER_ADMIN and delete available ROLE_USER
+        $form->submit(array(0 => 'ROLE_ADMIN'));
+
+        $this->assertTrue($form->isSynchronized());
+        $this->assertCount(2, $form->getData());
+        $this->assertContains('ROLE_SUPER_ADMIN', $form->getData());
+    }
 }