From c2bebda0c5a3c4d1b7411037de1989e0c7a1d96f Mon Sep 17 00:00:00 2001
From: Adam Franco <afranco@middlebury.edu>
Date: Tue, 3 Dec 2024 15:40:14 -0500
Subject: [PATCH] #47: Port admin antirequisites screen and add tests.

---
 .../views/scripts/admin/antirequisites.phtml  | 132 ------------------
 src/Controller/AdminAntirequisites.php        | 119 +++++++++-------
 templates/admin/antirequisites.html.twig      | 126 +++++++++++++++++
 templates/admin/index.html.twig               |   2 +-
 tests/Controller/AdminAntirequisitesTest.php  |  89 ++++++++++++
 5 files changed, 288 insertions(+), 180 deletions(-)
 delete mode 100644 application/views/scripts/admin/antirequisites.phtml
 create mode 100644 templates/admin/antirequisites.html.twig
 create mode 100644 tests/Controller/AdminAntirequisitesTest.php

diff --git a/application/views/scripts/admin/antirequisites.phtml b/application/views/scripts/admin/antirequisites.phtml
deleted file mode 100644
index 23e2cd63..00000000
--- a/application/views/scripts/admin/antirequisites.phtml
+++ /dev/null
@@ -1,132 +0,0 @@
-<h1>Manage Anti-Requisites</h1>
-<p><a href="<?php print $this->url(array('action' => 'index')); ?>">&laquo; Back to Administration</a></p>
-
-<p>Anti-requisites are course-equivalency entries that indicate that a course can't be taken if another already has been. This is in contrast to most usage of equivalency which indicates that courses are the same thing. Anti-requisites listed below will be filtered out of cross-list entries for courses.</p>
-<p>Please Note: Any changes made here will affect views for authenticated users immediately, but will not affect catalog archives or anonymous views until the next nightly sync.</p>
-
-
-
-<table class='section_admin'>
-<thead>
-	<tr>
-		<th>Subject Code</th>
-		<th>Course Number</th>
-		<th>Subject Code Equivalent</th>
-		<th>Course Number Equivalent</th>
-		<th>Date Added</th>
-		<th>Added By</th>
-		<th>Comments</th>
-		<th>Actions</th>
-	</tr>
-</thead>
-<tbody>
-
-<?php
-foreach ($this->antirequisites as $antirequisite) {
-	print "\n\t<tr>";
-	print "\n\t\t<td class='subj_code'>".$antirequisite['subj_code']."</td>";
-	print "\n\t\t<td class='crse_numb'>".$antirequisite['crse_numb']."</td>";
-	print "\n\t\t<td class='subj_code_eqiv'>".$antirequisite['subj_code_eqiv']."</td>";
-	print "\n\t\t<td class='crse_numb_eqiv'>".$antirequisite['crse_numb_eqiv']."</td>";
-	print "\n\t\t<td class='added_date'>".$antirequisite['added_date']."</td>";
-	print "\n\t\t<td class='added_by'>".$antirequisite['added_by']."</td>";
-	print "\n\t\t<td class='comments'>".$antirequisite['comments']."</td>";
-
-	print "\n\t\t<td class='actions'>";
-	print "\n\t\t\t<form action='".$this->url()."' method='post'>";
-	print "\n\t\t\t<input type='hidden' name='delete' value='delete' />";
-	print "\n\t\t\t<input type='hidden' name='subj_code' value='".$antirequisite['subj_code']."' />";
-	print "\n\t\t\t<input type='hidden' name='crse_numb' value='".$antirequisite['crse_numb']."' />";
-	print "\n\t\t\t<input type='hidden' name='subj_code_eqiv' value='".$antirequisite['subj_code_eqiv']."' />";
-	print "\n\t\t\t<input type='hidden' name='crse_numb_eqiv' value='".$antirequisite['crse_numb_eqiv']."' />";
-	print "\n\t\t\t<input type='hidden' name='csrf_key' value='".$this->csrf_key."' />";
-	print "\n\t\t\t<input type='hidden' name='search_subj_code' value='".$this->search_subj_code."' />";
-	print "\n\t\t\t<input type='hidden' name='search_crse_numb' value='".$this->search_crse_numb."' />";
-	print "<input type='button' value='Delete'";
-	print " onclick='if (confirm(\"Delete ".$antirequisite['subj_code']." ".$antirequisite['crse_numb']." &raquo; ".$antirequisite['subj_code_eqiv']." ".$antirequisite['crse_numb_eqiv']."?\")) {this.form.submit();}'";
-	print '/>';
-	print "\n\t\t\t</form>";
-	print "\n\t\t</td>";
-	print "\n\t</tr>";
-}
-?>
-</tbody>
-</table>
-
-<a name="add_new"></a>
-<h4>Add a new anti-requisite</h4>
-
-<p>Search for a subject code and course number to find related equivalencies.</p>
-<form action="<?php echo $this->url(); ?>#add_new" method='post'>
-	<label for="search_subj_code">Subject Code: <input type='text' name='search_subj_code' value='<?php echo $this->search_subj_code; ?>' size="4"></label>
-	<label for="search_crse_numb">Course Number: <input type='text' name='search_crse_numb' value='<?php echo $this->search_crse_numb; ?>' size="5"></label>
-	<input type="submit" name="search" value="Search">
-</form>
-
-<?php if (!empty($this->searchResults)): ?>
-<form action="<?php echo $this->url(); ?>#add_new" method='post'>
-	<table class='section_admin'>
-	<thead>
-		<tr>
-			<th>Add?</th>
-			<th>Subject Code</th>
-			<th>Course Number</th>
-			<th>Subject Code Equivalent</th>
-			<th>Course Number Equivalent</th>
-			<th>Date Added</th>
-			<th>Added By</th>
-			<th>Comments</th>
-		</tr>
-	</thead>
-	<tbody>
-	<?php
-	// var_dump($this->searchResults);
-	foreach ($this->searchResults as $eqiv) {
-		print "\n\t\t<tr>";
-		print "\n\t\t\t<td>";
-		if ($eqiv->antirequisite) {
-			print "<input type='checkbox' name='already_added' value='".$eqiv->SCREQIV_SUBJ_CODE."/".$eqiv->SCREQIV_CRSE_NUMB."/".$eqiv->SCREQIV_SUBJ_CODE_EQIV."/".$eqiv->SCREQIV_CRSE_NUMB_EQIV."' disabled='disabled' checked='checked'>";
-		} else {
-			print "<input type='checkbox' name='equivalents_to_add[]' value='".$eqiv->SCREQIV_SUBJ_CODE."/".$eqiv->SCREQIV_CRSE_NUMB."/".$eqiv->SCREQIV_SUBJ_CODE_EQIV."/".$eqiv->SCREQIV_CRSE_NUMB_EQIV."'>";
-		}
-		print "\n\t\t\t</td>";
-		print "\n\t\t\t<td>";
-		print $eqiv->SCREQIV_SUBJ_CODE;
-		print "\n\t\t\t</td>";
-		print "\n\t\t\t<td>";
-		print $eqiv->SCREQIV_CRSE_NUMB;
-		print "\n\t\t\t</td>";
-		print "\n\t\t\t<td>";
-		print $eqiv->SCREQIV_SUBJ_CODE_EQIV;
-		print "\n\t\t\t</td>";
-		print "\n\t\t\t<td>";
-		print $eqiv->SCREQIV_CRSE_NUMB_EQIV;
-		print "\n\t\t\t</td>";
-		print "\n\t\t\t<td>";
-		if ($eqiv->antirequisite) {
-			print $eqiv->added_date;
-		}
-		print "\n\t\t\t</td>";
-		print "\n\t\t\t<td>";
-		if ($eqiv->antirequisite) {
-			print $eqiv->added_by;
-		}
-		print "\n\t\t\t</td>";
-		print "\n\t\t\t<td>";
-		if ($eqiv->antirequisite) {
-			print $this->escape($eqiv->comments);
-		} else {
-			print "<textarea name='".$eqiv->SCREQIV_SUBJ_CODE."/".$eqiv->SCREQIV_CRSE_NUMB."/".$eqiv->SCREQIV_SUBJ_CODE_EQIV."/".$eqiv->SCREQIV_CRSE_NUMB_EQIV."-comments'></textarea>";
-		}
-		print "\n\t\t\t</td>";
-		print "\n\t\t<tr>";
-	}
-	?>
-	</tbody>
-	</table>
-	<input type='hidden' name='csrf_key' value='<?php echo $this->csrf_key; ?>' />
-	<input type='hidden' name='search_subj_code' value='<?php echo $this->search_subj_code; ?>'>
-	<input type='hidden' name='search_crse_numb' value='<?php echo $this->search_crse_numb; ?>'>
-	<input type='submit' name='add' value='Mark checked as anti-requisites' />
-</form>
-<?php endif; ?>
diff --git a/src/Controller/AdminAntirequisites.php b/src/Controller/AdminAntirequisites.php
index 64e9f9c9..e6d426ba 100644
--- a/src/Controller/AdminAntirequisites.php
+++ b/src/Controller/AdminAntirequisites.php
@@ -4,7 +4,9 @@
 
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
 class AdminAntirequisites extends AbstractController
 {
@@ -16,52 +18,21 @@ public function __construct(
     /**
      * Manage antirequisites.
      */
-    #[Route('/admin/antirequisites', name: 'admin_antirequisites')]
-    public function antirequisitesAction()
+    #[Route('/admin/antirequisites', name: 'list_antirequisites', methods: ['GET'])]
+    public function antirequisitesAction(Request $request)
     {
-        $db = Zend_Registry::get('db');
-
-        // Delete any requested item.
-        if ($this->_getParam('delete')) {
-            // Verify our CSRF key
-            if (!$this->_getParam('csrf_key') == $this->_helper->csrfKey()) {
-                throw new PermissionDeniedException('Invalid CSRF Key. Please log in again.');
-            }
-
-            // Verify that this is a valid term.
-            $deleteStmt = $db->prepare('DELETE FROM antirequisites WHERE subj_code = ? AND crse_numb = ? AND subj_code_eqiv = ? AND crse_numb_eqiv = ?');
-            $deleteStmt->execute([
-                $this->_getParam('subj_code'),
-                $this->_getParam('crse_numb'),
-                $this->_getParam('subj_code_eqiv'),
-                $this->_getParam('crse_numb_eqiv'),
-            ]);
-        }
-
-        // Add any chosen items.
-        if ($this->_getParam('add')) {
-            // Verify our CSRF key
-            if (!$this->_getParam('csrf_key') == $this->_helper->csrfKey()) {
-                throw new PermissionDeniedException('Invalid CSRF Key. Please log in again.');
-            }
-
-            // Verify that this is a valid term.
-            $insertStmt = $db->prepare('INSERT INTO antirequisites (subj_code, crse_numb, subj_code_eqiv, crse_numb_eqiv, added_by, comments) VALUES (?, ?, ?, ?, ?, ?)');
-            foreach ($this->_getParam('equivalents_to_add') as $toAdd) {
-                $params = explode('/', $toAdd);
-                $params[] = $this->view->getUserDisplayName();
-                $params[] = $this->_getParam($toAdd.'-comments');
-                $insertStmt->execute($params);
-            }
-        }
+        $data = [
+            'searchResults' => [],
+        ];
+        $db = $this->entityManager->getConnection();
 
         // Select our already-created antirequisites
         $data['antirequisites'] = $db->query('SELECT * FROM antirequisites ORDER BY subj_code, crse_numb, subj_code_eqiv, crse_numb_eqiv')->fetchAllAssociative();
 
         // Supply search results.
-        $this->view->search_subj_code = $this->_getParam('search_subj_code');
-        $this->view->search_crse_numb = $this->_getParam('search_crse_numb');
-        if ($this->_getParam('search_subj_code') && $this->_getParam('search_crse_numb')) {
+        $data['search_subj_code'] = $request->get('search_subj_code');
+        $data['search_crse_numb'] = $request->get('search_crse_numb');
+        if ($request->get('search_subj_code') && $request->get('search_crse_numb')) {
             $searchStmt = $db->prepare(
                 'SELECT
                     *,
@@ -79,13 +50,67 @@ public function antirequisitesAction()
                 ORDER BY
                     SCREQIV_SUBJ_CODE, SCREQIV_CRSE_NUMB, SCREQIV_SUBJ_CODE_EQIV, SCREQIV_CRSE_NUMB_EQIV
                 ');
-            $searchStmt->execute([
-                $this->_getParam('search_subj_code'),
-                $this->_getParam('search_crse_numb'),
-                $this->_getParam('search_subj_code'),
-                $this->_getParam('search_crse_numb'),
-            ]);
-            $this->view->searchResults = $searchStmt->fetchAll(PDO::FETCH_OBJ);
+            $searchStmt->bindValue(1, $request->get('search_subj_code'));
+            $searchStmt->bindValue(2, $request->get('search_crse_numb'));
+            $searchStmt->bindValue(3, $request->get('search_subj_code'));
+            $searchStmt->bindValue(4, $request->get('search_crse_numb'));
+            $result = $searchStmt->executeQuery();
+            $data['searchResults'] = $result->fetchAllAssociative();
+        }
+
+        return $this->render('admin/antirequisites.html.twig', $data);
+    }
+
+    /**
+     * Manage antirequisites.
+     */
+    #[Route('/admin/antirequisites/delete', name: 'delete_antirequisite', methods: ['POST'])]
+    public function deleteAntirequisiteAction(Request $request)
+    {
+        $db = $this->entityManager->getConnection();
+
+        // Verify our CSRF key
+        if (!$this->isCsrfTokenValid('admin-antirequisites-delete', $request->get('csrf_key'))) {
+            throw new AccessDeniedException('Invalid CSRF key.');
+        }
+
+        // Delete any requested item.
+        $deleteStmt = $db->prepare('DELETE FROM antirequisites WHERE subj_code = ? AND crse_numb = ? AND subj_code_eqiv = ? AND crse_numb_eqiv = ?');
+        $deleteStmt->bindValue(1, $request->get('subj_code'));
+        $deleteStmt->bindValue(2, $request->get('crse_numb'));
+        $deleteStmt->bindValue(3, $request->get('subj_code_eqiv'));
+        $deleteStmt->bindValue(4, $request->get('crse_numb_eqiv'));
+        $deleteStmt->executeQuery();
+
+        return $this->redirect($this->generateUrl('list_antirequisites'));
+    }
+
+    /**
+     * Manage antirequisites.
+     */
+    #[Route('/admin/antirequisites', name: 'add_antirequisites', methods: ['POST'])]
+    public function addAntirequisitesAction(Request $request)
+    {
+        $db = $this->entityManager->getConnection();
+
+        // Verify our CSRF key
+        if (!$this->isCsrfTokenValid('admin-antirequisites-add', $request->get('csrf_key'))) {
+            throw new AccessDeniedException('Invalid CSRF key.');
         }
+
+        // Add any chosen items.
+        $insertStmt = $db->prepare('INSERT INTO antirequisites (subj_code, crse_numb, subj_code_eqiv, crse_numb_eqiv, added_by, comments) VALUES (?, ?, ?, ?, ?, ?)');
+        foreach ($request->get('equivalents_to_add') as $toAdd) {
+            $params = explode('/', $toAdd);
+            $insertStmt->bindValue(1, $params[0]);
+            $insertStmt->bindValue(2, $params[1]);
+            $insertStmt->bindValue(3, $params[2]);
+            $insertStmt->bindValue(4, $params[3]);
+            $insertStmt->bindValue(5, $this->getUser()->getName());
+            $insertStmt->bindValue(6, $request->get($toAdd.'-comments'));
+            $insertStmt->executeQuery();
+        }
+
+        return $this->redirect($this->generateUrl('list_antirequisites'));
     }
 }
diff --git a/templates/admin/antirequisites.html.twig b/templates/admin/antirequisites.html.twig
new file mode 100644
index 00000000..cbae78c1
--- /dev/null
+++ b/templates/admin/antirequisites.html.twig
@@ -0,0 +1,126 @@
+{% extends 'base.html.twig' %}
+
+{% block body %}
+<h1>Manage Anti-Requisites</h1>
+<p><a href="{{ url('admin_index') }}">&laquo; Back to Administration</a></p>
+
+<p>Anti-requisites are course-equivalency entries that indicate that a course can't be taken if another already has been. This is in contrast to most usage of equivalency which indicates that courses are the same thing. Anti-requisites listed below will be filtered out of cross-list entries for courses.</p>
+<p>Please Note: Any changes made here will affect views for authenticated users immediately, but will not affect catalog archives or anonymous views until the next nightly sync.</p>
+
+
+
+<table class='section_admin'>
+<thead>
+    <tr>
+        <th>Subject Code</th>
+        <th>Course Number</th>
+        <th>Subject Code Equivalent</th>
+        <th>Course Number Equivalent</th>
+        <th>Date Added</th>
+        <th>Added By</th>
+        <th>Comments</th>
+        <th>Actions</th>
+    </tr>
+</thead>
+<tbody>
+
+{% for antirequisite in antirequisites %}
+    <tr>
+        <td class='subj_code'>{{ antirequisite.subj_code }}</td>
+        <td class='crse_numb'>{{ antirequisite.crse_numb }}</td>
+        <td class='subj_code_eqiv'>{{ antirequisite.subj_code_eqiv }}</td>
+        <td class='crse_numb_eqiv'>{{ antirequisite.crse_numb_eqiv }}</td>
+        <td class='added_date'>{{ antirequisite.added_date }}</td>
+        <td class='added_by'>{{ antirequisite.added_by }}</td>
+        <td class='comments'>{{ antirequisite.comments }}</td>
+
+        <td class='actions'>
+            <form class="delete-antirequisite-form" action='{{ url('delete_antirequisite') }}' method='post'>
+                <input type='hidden' name='delete' value='delete' />
+                <input type='hidden' name='subj_code' value='{{ antirequisite.subj_code }}' />
+                <input type='hidden' name='crse_numb' value='{{ antirequisite.crse_numb }}' />
+                <input type='hidden' name='subj_code_eqiv' value='{{ antirequisite.subj_code_eqiv }}' />
+                <input type='hidden' name='crse_numb_eqiv' value='{{ antirequisite.crse_numb_eqiv }}' />
+                <input type='hidden' name='csrf_key' value='{{ csrf_token('admin-antirequisites-delete') }}' />
+                <input type='hidden' name='search_subj_code' value='{{ search_subj_code }}' />
+                <input type='hidden' name='search_crse_numb' value='{{ search_crse_numb }}' />
+                <input type='button' value='Delete'
+                    onclick='if (confirm("Delete {{ antirequisite.subj_code }} {{ antirequisite.crse_numb }} &raquo; {{ antirequisite.subj_code_eqiv }} {{ antirequisite.crse_numb_eqiv }}?")) {this.form.submit();}' />
+            </form>
+        </td>
+    </tr>
+{% endfor %}
+</tbody>
+</table>
+
+<a name="add_new"></a>
+<h4>Add a new anti-requisite</h4>
+
+<p>Search for a subject code and course number to find related equivalencies.</p>
+<form id="search-antirequisites-form" action="{{ url('add_antirequisites') }}#add_new" method='get'>
+    <label for="search_subj_code">Subject Code: <input type='text' name='search_subj_code' value='{{ search_subj_code }}' size="4"></label>
+    <label for="search_crse_numb">Course Number: <input type='text' name='search_crse_numb' value='{{ search_crse_numb }}' size="5"></label>
+    <input type="submit" name="search" value="Search">
+</form>
+
+{% if searchResults is not empty %}
+<form id="add-antirequisites-form" action="{{ url('add_antirequisites') }}#add_new" method='post'>
+    <table class='section_admin'>
+    <thead>
+        <tr>
+            <th>Add?</th>
+            <th>Subject Code</th>
+            <th>Course Number</th>
+            <th>Subject Code Equivalent</th>
+            <th>Course Number Equivalent</th>
+            <th>Date Added</th>
+            <th>Added By</th>
+            <th>Comments</th>
+        </tr>
+    </thead>
+    <tbody>
+{% for eqiv in searchResults %}
+        <tr>
+        <td>
+{% if eqiv.antirequisite %}
+            <input type='checkbox' name='already_added' value='{{ eqiv.SCREQIV_SUBJ_CODE }}/{{ eqiv.SCREQIV_CRSE_NUMB }}/{{ eqiv.SCREQIV_SUBJ_CODE_EQIV }}/{{ eqiv.SCREQIV_CRSE_NUMB_EQIV }}' disabled='disabled' checked='checked'>
+{% else %}
+            <input type='checkbox' name='equivalents_to_add[]' value='{{ eqiv.SCREQIV_SUBJ_CODE }}/{{ eqiv.SCREQIV_CRSE_NUMB }}/{{ eqiv.SCREQIV_SUBJ_CODE_EQIV }}/{{ eqiv.SCREQIV_CRSE_NUMB_EQIV }}'>
+{% endif %}
+        </td>
+        <td>
+        {{ eqiv.SCREQIV_SUBJ_CODE }}
+        </td>
+        <td>
+        {{ eqiv.SCREQIV_CRSE_NUMB }}
+        </td>
+        <td>
+        {{ eqiv.SCREQIV_SUBJ_CODE_EQIV }}
+        </td>
+        <td>
+        {{ eqiv.SCREQIV_CRSE_NUMB_EQIV }}
+        </td>
+        <td>
+            {{ eqiv.antirequisite ? eqiv.added_date }}
+        </td>
+        <td>
+            {{ eqiv.antirequisite ? eqiv.added_by }}
+        </td>
+        <td>
+{% if eqiv.antirequisite %}
+            {{ eqiv.comments }}
+{% else %}
+            <textarea name='{{ eqiv.SCREQIV_SUBJ_CODE }}/{{ eqiv.SCREQIV_CRSE_NUMB }}/{{ eqiv.SCREQIV_SUBJ_CODE_EQIV }}/{{ eqiv.SCREQIV_CRSE_NUMB_EQIV }}-comments'></textarea>
+{% endif %}
+        </td>
+    </tr>
+{% endfor %}
+    </tbody>
+    </table>
+    <input type='hidden' name='csrf_key' value='{{ csrf_token('admin-antirequisites-add') }}' />
+    <input type='hidden' name='search_subj_code' value='{{ search_subj_code }}'>
+    <input type='hidden' name='search_crse_numb' value='{{ search_crse_numb }}'>
+    <input type='submit' name='add' value='Mark checked as anti-requisites' />
+</form>
+{% endif %}
+{% endblock %}
diff --git a/templates/admin/index.html.twig b/templates/admin/index.html.twig
index 4a237d1b..b1f32946 100755
--- a/templates/admin/index.html.twig
+++ b/templates/admin/index.html.twig
@@ -4,7 +4,7 @@
 <h1>Course Catalog Administration</h1>
 <ul>
     <li><a href="{{ url("admin_terms_list") }}">Manage Term Visibility</a></li>
-    <li><a href="{{ url("admin_antirequisites") }}">Manage Anti-Requisites</a></li>
+    <li><a href="{{ url("list_antirequisites") }}">Manage Anti-Requisites</a></li>
     <li><a href="{{ url("admin_archive_config") }}">Manage Catalog Archive Configurations</a></li>
     <li><a href="{{ url("admin_archive_schedule") }}">Manage Catalog Archive Scheduling</a></li>
     <li><a href="{{ url("masquerade") }}">Masquerade</a></li>
diff --git a/tests/Controller/AdminAntirequisitesTest.php b/tests/Controller/AdminAntirequisitesTest.php
new file mode 100644
index 00000000..bc4e8bb8
--- /dev/null
+++ b/tests/Controller/AdminAntirequisitesTest.php
@@ -0,0 +1,89 @@
+<?php
+
+namespace App\Tests\Controller;
+
+use App\Security\SamlUser;
+use App\Tests\AppDatabaseTestTrait;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+
+class AdminAntirequisitesTest extends WebTestCase
+{
+    use AppDatabaseTestTrait;
+
+    private function setUpUser(): SamlUser
+    {
+        $user = new SamlUser('WEBID99999990');
+        $user->setSamlAttributes([
+            'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' => ['honeybear@middlebury.edu'],
+            'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname' => ['Winnie'],
+            'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname' => ['The-Pooh'],
+            'AssignedRoles' => ['App.EmailSendAllowed', 'App.Manager'],
+        ]);
+
+        return $user;
+    }
+
+    public function testAntirequisiteList(): void
+    {
+        $client = static::createClient();
+        $client->loginUser($this->setUpUser());
+
+        $crawler = $client->request('GET', '/admin/antirequisites');
+        $this->assertResponseIsSuccessful();
+    }
+
+    public function testAntirequisiteListNonManager(): void
+    {
+        $client = static::createClient();
+
+        $user = new SamlUser('WEBID99999990');
+        $user->setSamlAttributes([
+            'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' => ['honeybear@middlebury.edu'],
+            'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname' => ['Winnie'],
+            'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname' => ['The-Pooh'],
+            'AssignedRoles' => ['App.EmailSendAllowed'],
+        ]);
+        $client->loginUser($user);
+
+        $client->request('GET', '/admin/antirequisites');
+
+        $this->assertEquals(403, $client->getResponse()->getStatusCode());
+    }
+
+    public function testAntirequisiteAddListDelete(): void
+    {
+        $client = static::createClient();
+        $client->followRedirects();
+        $client->loginUser($this->setUpUser());
+
+        $crawler = $client->request('GET', '/admin/antirequisites');
+        $this->assertResponseIsSuccessful();
+
+        // Search for an antirequisite to add.
+        $form = $crawler->filter('#search-antirequisites-form')->form();
+        $form['search_subj_code'] = 'GEOG';
+        $form['search_crse_numb'] = '0250';
+        $crawler = $client->submit($form);
+        $this->assertResponseIsSuccessful();
+
+        // Check the first match and add it.
+        $form = $crawler->filter('#add-antirequisites-form')->form();
+        $form['equivalents_to_add'][0]->tick();
+        $first = $form['equivalents_to_add'][0]->getValue();
+        $form[$first.'-comments'] = 'This is a test equivalency.';
+        $crawler = $client->submit($form);
+        $this->assertResponseIsSuccessful();
+
+        // Make sure that it is in our list now.
+        $this->assertSelectorTextContains('.section_admin .subj_code', 'GEOG');
+
+        // Delete this antirequisite.
+        // print $crawler->outerHtml();
+        $form = $crawler->filter('.delete-antirequisite-form')->form();
+        $crawler = $client->submit($form);
+        $this->assertResponseIsSuccessful();
+
+        // Confirm that the antirequisite is gone.
+        $this->assertSelectorNotExists('.section_admin .subj_code');
+    }
+}