controller

```PHP
<?php
class Controller
{
    /**
     * @DI\Inject()
     */
    protected $validator;
    
    /**
     * @Route("/")
     * @Method({"POST"})
     */
    public function createAction(Request $request)
    {
        $userToken = $request->attributes->get('_authorizedToken');
        if ($userToken == null || $userToken['type'] != 'user'  ) {
            return $this->createJsonResponse('Unauthorized Token', Response::HTTP_UNAUTHORIZED);
        }

        $userId = $userToken['aud'];

        $parameters = json_decode($request->getContent(), true);
        
        if(count($err = $this->validator->validate($parameters)) > 0){
            return $this->createJsonResponse('Bad Parameters', Response::HTTP_BAD_REQUEST);
        }

        $obj = new SomeModel();
        $obj->fromArray($parameters);
        $obj->save();
        return $this->createJsonResponse();
    }
}



//tests
class ControllerTests extends WebTestCase
{
    
    public function test_createAction_ok()
    {
        // arrange
        $parameters = array();
        $validator = $this-getMockBuilder(Validator::class)
            ->setMethods('validate')
            ->disableOriginalConstructor()
            ->getMock();
        $validator
            ->expects($this->once)
            ->method('validate')
            ->willReturn(null);
        $this->client->getContainer()->set('validator', $validator);
        
        // act
        $this->client->request(
            'POST',
            '/'
            array(),
            array(),
            array(),
            json_encode($parameters)
        );
        $response = $this->client->getResponse();
        
        //assert
        $this->assertTrue($response->isOk());
    }
}
```