src/Security/Voter/RecordVoter.php line 13

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Security\Voter;
  7. use App\Entity\Record;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  11. use Symfony\Component\Security\Core\Security;
  13. class RecordVoter extends Voter
  14. {
  15. public function __construct(private readonly Security $security)
  16. {
  17. }
  19. protected function supports($attribute, $subject): bool
  20. {
  21. // only vote on `Record` objects
  22. if (!$subject instanceof Record) {
  23. return false;
  24. }
  26. // if the attribute isn't one we support, return false
  27. return $attribute == 'view';
  28. }
  30. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  31. {
  32. /**@var Record $record */
  33. $record = $subject;
  34. $user = $token->getUser();
  35. // if the user is anonymous, do not grant access
  36. if (!$user instanceof UserInterface) {
  37. return false;
  38. }
  40. // ROLE_CHIEF can do anything! The power!
  41. if ($this->security->isGranted('ROLE_CHIEF')) {
  42. return true;
  43. }
  45. return match ($attribute) {
  46. // Users may view THEIR records
  47. 'view' => $user === $record->getUser(),
  48. default => false,
  49. };
  50. }
  51. }