<?phpnamespace App\Security\Voter\OnlineShop;use App\Entity\OnlineShop\Supplier;use App\Entity\OnlineShop\SupplierDocument;use App\Entity\User;use App\Enum\MenuRolesManagerEnum;use App\Enum\UserRolesEnum;use App\Enum\VotersEnum;use LogicException;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;final class SupplierDocumentSecurityVoter extends Voter{ private Security $security; private array $voters; public function __construct(Security $security) { $this->security = $security; $this->voters = [ VotersEnum::LIST_SUPPLIER_DOCUMENT, VotersEnum::READ, ]; } protected function supports(string $attribute, $subject): bool { // first check the $subject and last if the $attribute is supported, // because there are attributes (with subject) used as well by other voters (like UPDATE, ...) if ($subject && !$subject instanceof SupplierDocument) { // only vote on these objects return false; } if (in_array($attribute, $this->voters)) { // if the attribute is one we support return true; } return false; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } switch ($attribute) { case VotersEnum::LIST_SUPPLIER_DOCUMENT: return $this->canList(); case VotersEnum::READ: return $this->canRead(); } throw new LogicException('This code should not be reached!'); } private function canList(): bool { return $this->isAdminUser(); } private function canRead(): bool { return $this->isAdminUser(); } private function isAdminUser(): bool { return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_ONLINE_SHOP); }}