<?phpnamespace App\Security;use App\Entity\Insurance;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class InsuranceVoter extends Voter{ const VIEW = 'view'; const EDIT = 'edit'; const DELETE = 'delete'; protected function supports(string $attribute, $subject): bool { // if the attribute isn't one we support, return false if (!in_array($attribute, [self::VIEW, self::EDIT, self::DELETE])) { return false; } if (!$subject instanceof Insurance) { return false; } return true; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } /** @var Insurance $insurance */ $insurance = $subject; switch ($attribute) { case self::VIEW: return $this->canView($insurance, $user); case self::EDIT: return $this->canEdit($insurance, $user); case self::DELETE: return $this->canDelete($insurance, $user); } throw new \LogicException('This code should not be reached!'); } // * @Security("insurance.getUser().getId() == user.getId() or (user.getPartnerLead() == user.getPartnerLead().getId() and insurance.getUser().getId() == user.getPartnerLead().getId()) or (user.getPartner() == user.getPartner().getId() and insurance.getUser().getId() == user.getPartner().getId())") private function canView(Insurance $insurance, User $user): bool { return $insurance->getUser() === $user || ($user->getPartnerLead() && $insurance->getUser() === $user->getPartnerLead()) || ($user->getPartner() && $insurance->getUser() === $user->getPartner()); } private function canEdit(Insurance $insurance, User $user): bool { return null === $insurance->getId() || $this->canView($insurance, $user); } private function canDelete(Insurance $insurance, User $user): bool { return $insurance->getUser() === $user; }}