<?php/* @author <storageprocedure@gmail.com> */declare(strict_types=1);namespace App\Security\Voter\Voter;use App\Entity\Organization;use App\Entity\User;use App\Security\Voter\AbstractVoter;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;class OrganizationVoter extends AbstractVoter{ /** * @param string $attribute * @param $subject * @return bool */ protected function supports(string $attribute, $subject): bool { $cond1 = $subject instanceof Organization; $cond2 = in_array($attribute, [self::VIEW, self::EDIT]); return $cond1 && $cond2; } /** * @param string $attribute * @param $subject * @param TokenInterface $token * @return bool|void */ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { return false; } if ($user->hasRole(User::ROLE_ADMIN)) { return true; } switch ($attribute) { case self::EDIT: return $this->canEdit($subject, $user); } return false; } /** * @param Organization $organization * @param User $user * @return bool */ private function canEdit(Organization $organization, User $user): bool { $cond1 = $user->hasRole(User::ROLE_ORGANIZATION_REDACTOR); $cond2 = $user->getOrganization()->getId() === $organization->getId(); return $cond1 && $cond2; }}