<?php/** * @license SILK SOFTWARE HOUSE SP Z O O */namespace App\Security;use App\Entity\Customer;use App\Entity\LineTypeGroup;use App\Entity\RecipeToSync;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;/** * Class LineTypeGroupVoter. */class RecipeToSyncVoter extends Voter{ const SHOW = 'show'; const NEW = 'new'; const EDIT = 'edit'; const DELETE = 'delete'; /** * Supports. * * @param string $attribute * @param object $subject * * @return bool */ protected function supports($attribute, $subject) { // if the attribute isn't one we support, return false if (!in_array($attribute, [self::SHOW, self::NEW, self::EDIT, self::DELETE])) { return false; } if (!$subject instanceof RecipeToSync) { return false; } return true; } /** * Vote on attribute. * * @param string $attribute * @param RecipeToSync $subject * @param TokenInterface $token * * @return bool */ protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } if ($user->hasRole('ROLE_ADMIN')) { return true; } if (!$subject->getId() && self::NEW === $attribute) { return true; } $device = $subject->getDevice(); if (!$device) { return false; } if ($customer = $device->getCustomer()) { return $device->getCustomer()->getId() === ($user->getActiveCustomer() ?? new Customer())->getId(); } return false; }}