<?phpnamespace App\Security\Voter;use App\Entity\User;use App\Utils\Commons;use LogicException;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;use Symfony\Component\Security\Core\User\UserInterface;class SupportVoter extends Voter{ const SUPPORT_VIEW = 'SUPPORT_VIEW'; /** * @var Security */ private $security; /** * @var Commons */ private $commons; /** * @var array */ private $permissions; /** * SupportVoter constructor. * @param Security $security * @param Commons $commons */ public function __construct(Security $security, Commons $commons) { $this->security = $security; $this->commons = $commons; $this->permissions = []; } /** * @param string $attribute * @param mixed $subject * @return bool */ protected function supports($attribute, $subject): bool { // if the attribute isn't one we support, return false if (!in_array($attribute, [self::SUPPORT_VIEW] )) { return false; } return true; } /** * @param string $attribute * @param mixed $subject * @param TokenInterface $token * @return bool */ protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool { /** @var User $user */ $user = $token->getUser(); // if the user is anonymous, do not grant access if (!$user instanceof UserInterface) { return false; } $this->permissions = $this->commons->getUserPermissions($user); // ... (check conditions and return true to grant permission) ... switch ($attribute) { case self::SUPPORT_VIEW: return $this->canView(); } throw new LogicException('Invalid attribute: ' . $attribute); } /** * Return True if have View Permission else return false * @return bool */ private function canView(): bool { if ($this->security->isGranted('ROLE_ADMIN')) { return true; } if (array_key_exists('support', $this->permissions)) { if (in_array('View', $this->permissions['support'])) { return true; } } return false; }}