<?php
namespace App\Security\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
use App\Entity\Billing\Invoice;
use Symfony\Component\Security\Core\Security;
class InvoiceVoter extends Voter
{
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports(string $attribute, $subject): bool
{
// replace with your own logic
// https://symfony.com/doc/current/security/voters.html
return in_array($attribute, ['INVOICE_EDIT', 'INVOICE_VIEW'])&& $subject instanceof Invoice;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return false;
}
if ($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
// ... (check conditions and return true to grant permission) ...
switch ($attribute) {
case 'INVOICE_EDIT':
// logic to determine if the user can EDIT
// return true or false
break;
case 'INVOICE_VIEW':
// logic to determine if the user can VIEW
// return true or false
return $user === $subject->getOwner();
break;
}
return false;
}
}