<?phpnamespace App\Security\Voter;use App\Entity\User;use App\Enum\UserEnum;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;use Symfony\Component\Security\Core\User\UserInterface;class UserVoter extends Voter{ public const READ = "READ"; public const EDIT = "EDIT"; public const DELETE = "DELETE"; /** * @var Security */ private $security; public function __construct(Security $security) { $this->security = $security; } protected function supports($attribute, $subject) { if (!in_array($attribute, [self::READ, self::EDIT, self::DELETE])) { return false; } if (!$subject instanceof User) { return false; } return true; } protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { /** @var User $user */ $user = $token->getUser(); if (!$user instanceof UserInterface) { return false; } if ($this->security->isGranted(UserEnum::SUPER_ADMIN)) { return true; } switch ($attribute) { case self::READ: return $this->canRead($user, $subject); break; case self::EDIT: return $this->canEdit($user, $subject); break; case self::DELETE: return $this->canDelete($user, $subject); break; } return false; } private function canRead(User $currentUser, User $subject): bool { return $this->isOwnerSubject($currentUser, $subject); } private function canDelete(User $currentUser, User $subject): bool { return false; } private function canEdit(User $currentUser, User $subject): bool { return $this->isOwnerSubject($currentUser, $subject); } private function isOwnerSubject(User $currentUser, User $subject): bool { return $currentUser === $subject; }}