src/Security/Voter/EventVoter.php line 13

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Security\Voter;
  7. use App\Entity\Event;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  11. use Symfony\Component\Security\Core\Security;
  13. class EventVoter extends Voter
  14. {
  15. public function __construct(private readonly Security $security)
  16. {
  17. }
  19. protected function supports($attribute, $subject): bool
  20. {
  21. // only vote on `Event` objects
  22. if (!$subject instanceof Event) {
  23. return false;
  24. }
  26. // if the attribute isn't one we support, return false
  27. return in_array($attribute, ['edit', 'delete']);
  28. }
  30. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  31. {
  32. /**@var Event $event */
  33. $event = $subject;
  34. $user = $token->getUser();
  35. // if the user is anonymous, do not grant access
  36. if (!$user instanceof UserInterface) {
  37. return false;
  38. }
  40. // ROLE_CHIEF can do anything! The power!
  41. if ($this->security->isGranted('ROLE_CHIEF')) {
  42. return true;
  43. }
  45. return match ($attribute) {
  46. // Users may edit THEIR events
  47. 'edit' => $user === $event->getAssignedTo(),
  48. // Users may delete THEIR events
  49. 'delete' => $user === $event->getAssignedTo(),
  50. default => false,
  51. };
  52. }
  53. }