<?phpnamespace DW\GingerBundle\Security;use DW\GingerBundle\Entity\AttributeInterface;use DW\GingerBundle\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;class AttributeVoter extends Voter{ const VIEW = 'view'; const EDIT = 'edit'; const CREATE = 'create'; const DELETE = 'delete'; private $decisionManager; public function __construct(AccessDecisionManagerInterface $decisionManager) { $this->decisionManager = $decisionManager; } protected function supports($attribute, $subject): bool { // if the attribute isn't one we support, return false if (!in_array($attribute, array(self::VIEW, self::EDIT, self::CREATE, self::DELETE))) { return false; } // only vote on attribute objects inside this voter if (!$subject instanceof AttributeInterface) { return false; } return true; } protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } switch ($attribute) { case self::VIEW: return $this->canView($subject, $token); case self::EDIT: return $this->canEdit($subject, $token); case self::CREATE: return $this->canCreate($subject, $token); case self::DELETE: return $this->canDelete($subject, $token); } throw new \LogicException('This code should not be reached!'); } private function canCreate(AttributeInterface $attribute, TokenInterface $token): bool { if ($this->decisionManager->decide($token, ['ROLE_GINGER_ATTRIBUTE_CREATE'])) { return true; } return false; } private function canView(AttributeInterface $attribute, TokenInterface $token): bool { if ($this->decisionManager->decide($token, ['ROLE_GINGER_ATTRIBUTE_LIST'])) { return true; } return false; } private function canEdit(AttributeInterface $attribute, TokenInterface $token): bool { if ($this->decisionManager->decide($token, ['ROLE_GINGER_ATTRIBUTE_EDIT'])) { return true; } return false; } private function canDelete(AttributeInterface $attribute, TokenInterface $token): bool { if ($this->decisionManager->decide($token, ['ROLE_GINGER_ATTRIBUTE_DELETE'])) { return true; } return false; }}