<?phpnamespace App\Modules\User\Security;use App\Modules\User\Entity\UserContract;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;class UserVoter extends Voter{ const UPDATE_USER = 'update_user'; const DELETE_USER = 'delete_user'; static $access = [ self::UPDATE_USER, self::DELETE_USER, ]; private $security; public function __construct(Security $security) { $this->security = $security; } /** * Determines if the attribute and subject are supported by this voter. * * @param string $attribute An attribute * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type * * @return bool True if the attribute and subject are supported, false otherwise */ protected function supports($attribute, $subject) { if (!in_array($attribute, self::$access)) { return false; } return true; } /** * Perform a single access check operation on a given attribute, subject and token. * It is safe to assume that $attribute and $subject already passed the "supports()" method check. * * @param string $attribute * @param mixed $subject * * @param TokenInterface $token * * @return bool */ protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $loginedUser = $token->getUser(); if (!$loginedUser instanceof UserContract) { // the user must be logged in; if not, deny access return false; } $user = $subject; switch ($attribute) { case self::UPDATE_USER: return $this->canUpdate($user, $loginedUser); case self::DELETE_USER: return $this->canDelete($user, $loginedUser); } } private function canUpdate(UserContract $user, UserContract $loginedUser) { if ($this->security->isGranted('ROLE_ADMIN') || $user === $loginedUser ) { return true; } return false; } private function canDelete(UserContract $user, UserContract $loginedUser) { if ($this->security->isGranted('ROLE_ADMIN') || $user === $loginedUser ) { return true; } return false; }}