<?phpnamespace App\Security\Voter\Tracking;use App\Entity\Tracking\UserTracking;use App\Entity\User;use App\Enum\MenuRolesManagerEnum;use App\Enum\UserRolesEnum;use App\Enum\VotersEnum;use LogicException;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;final class UserTrackingVoter extends Voter{ private Security $security; private array $voters; public function __construct(Security $security) { $this->security = $security; $this->voters = [ VotersEnum::LIST_USER_TRACKING, ]; } protected function supports(string $attribute, $subject): bool { // first check the $subject and last if the $attribute is supported, // because there are attributes (with subject) used as well by other voters (like UPDATE, ...) if ($subject && !$subject instanceof UserTracking) { // only vote on these objects return false; } if (in_array($attribute, $this->voters)) { // if the attribute is one we support return true; } return false; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } switch ($attribute) { case VotersEnum::LIST_USER_TRACKING: return $this->canList(); } throw new LogicException('This code should not be reached!'); } private function canList(): bool { return $this->isAdminUser() || $this->isAssociatedManagerUser(); } private function isAdminUser(): bool { return $this->security->isGranted(UserRolesEnum::ROLE_ADMIN_LONG); } private function isAssociatedManagerUser(): bool { return $this->security->isGranted(UserRolesEnum::ROLE_ASSOCIATED_MANAGER_LONG); }}