src/Security/Voter/Resource/AdminVoter.php line 14
<?phpnamespace App\Security\Voter\Resource;use Doctrine\ORM\EntityManagerInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter,Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface,Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use App\Entity\Admin,App\Lib\Actions,App\Lib\Roles;final class AdminVoter extends Voter{const VOTABLE_ATTRIBUTES = [Actions::CREATE,Actions::VIEW,Actions::EDIT,Actions::DELETE];private AuthorizationCheckerInterface $authorizationChecker;private EntityManagerInterface $em;public function __construct(AuthorizationCheckerInterface $authorizationChecker,EntityManagerInterface $em) {$this->authorizationChecker = $authorizationChecker;$this->em = $em;}protected function supports($attribute, $subject): bool{if (! $subject instanceof Admin|| ! in_array($attribute, self::VOTABLE_ATTRIBUTES)) {return false;}return true;}protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool{if ($this->isSubjectCurrentAdmin($subject, $token)) {return false;}if ($this->isSubjectAccessable($subject)) {return true;}return false;}private function isSubjectCurrentAdmin(Admin $subject, TokenInterface $token): bool{/** @var Admin */$current = $token->getUser();if ($current->getUuid() !== $subject->getUuid()) {return false;}return true;}private function isSubjectAccessable(Admin $subject): bool{if ($this->authorizationChecker->isGranted(Roles::ROLE_OPENFORM)) {return true;}$original = $this->em->getUnitOfWork()->getOriginalEntityData($subject);if (! ($original['group'] ?? null)?->getIsOpenform()&& ! $subject->getGroup()?->getIsOpenform()) {return false;}return true;}}