src/Security/Voter/UserVoter.php line 12

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Security\Voter;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\Security;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  12. class UserVoter extends Voter
  13. {
  14. public function __construct(private readonly Security $security)
  15. {
  16. }
  18. protected function supports($attribute, $subject): bool
  19. {
  20. // only vote on `User` objects
  21. if (!$subject instanceof UserInterface) {
  22. return false;
  23. }
  25. // if the attribute isn't one we support, return false
  26. return $attribute == 'edit';
  27. }
  29. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  30. {
  31. $user = $token->getUser();
  32. // if the user is anonymous, do not grant access
  33. if (!$user instanceof UserInterface) {
  34. return false;
  35. }
  37. // ROLE_CHIEF can do anything! The power!
  38. if ($this->security->isGranted('ROLE_CHIEF')) {
  39. return true;
  40. }
  42. return match ($attribute) {
  43. // Users may edit themself
  44. 'edit' => $user === $subject,
  45. default => false,
  46. };
  47. }
  48. }