<?phpnamespace App\Security\Voter;use App\Entity\Scan;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;/** * Class ScanVoter */class ScanVoter extends Voter{ const VIEW = 'view'; const EDIT = 'edit'; /** * @var Security */ private $security; /** * OfferVoter constructor. * @param Security $security */ public function __construct(Security $security) { $this->security = $security; } /** * @param string $attribute * @param mixed $subject * @return bool */ protected function supports($attribute, $subject): bool { // if the attribute isn't one we support, return false if (!in_array($attribute, [self::VIEW, self::EDIT])) { return false; } if (!$subject instanceof Scan) { return false; } return true; } protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); $granted = false; if ($user instanceof User) { /** @var Scan $order */ $scan = $subject; switch ($attribute) { case self::VIEW: $granted = $this->canView($scan, $user); break; case self::EDIT: $granted = $this->canEdit($scan, $user); break; } } return $granted; } private function canView(Scan $scan, $user): bool { if ($this->security->isGranted('ROLE_ADMIN')) { return true; } if ($this->canEdit($scan, $user)) { return true; } return false; } private function canEdit(Scan $scan, User $user): bool { $owners = $scan->getProject()->getOwners(); /** @var User $owner */ foreach ($owners as $owner) { if ($user->getId() === $owner->getId()) { return true; } } $members = $scan->getProject()->getMembers(); /** @var User $member */ foreach ($members as $member) { if ($user->getId() === $member->getId()) { return true; } } return false; }}