<?phpnamespace DW\GingerBundle\Security;use DW\GingerBundle\Entity\User;use DW\GingerBundle\Import\Entity\FileImport;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class FileImportVoter extends Voter{ const CREATE = 'create'; const VIEW = 'view'; const EDIT = 'edit'; const DELETE = 'delete'; const LAUNCH = 'launch'; /** * @var AccessDecisionManagerInterface */ private AccessDecisionManagerInterface $decisionManager; public function __construct(AccessDecisionManagerInterface $decisionManager) { $this->decisionManager = $decisionManager; } /** * {@inheritDoc} */ protected function supports($attribute, $subject): bool { // if the attribute isn't one we support, return false if (!in_array($attribute, array(self::VIEW, self::EDIT, self::CREATE, self::DELETE, self::LAUNCH))) { return false; } // only vote on fileimport objects inside this voter if (!$subject instanceof FileImport) { return false; } return true; } /** * {@inheritDoc} */ protected function voteOnAttribute($attribute, $fileImport, TokenInterface $token): bool { /** * @var FileImport $fileImport */ $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } switch ($attribute) { case self::CREATE: return $this->decisionManager->decide($token, ['ROLE_GINGER_FILE_IMPORT_EDITOR']); case self::VIEW: case self::EDIT: case self::DELETE: case self::LAUNCH: return $this->decisionManager->decide($token, ['ROLE_GINGER_FILE_IMPORT_ADMIN']) || $user === $fileImport->getOwner(); } throw new \LogicException('This code should not be reached!'); }}