<?phpdeclare(strict_types=1);/* * docustack * * @copyright Copyright (c) 2014-2022, 47GradNord - Agentur für Internetlösungen * @author Holger Neuner <neuner@47gradnord.de> */namespace App\Security;use App\Entity\DocumentationProject;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class ProjectViewVoter extends Voter{ const VIEW = 'view'; protected function supports(string $attribute, $subject) { // if the attribute isn't one we support, return false if (!\in_array($attribute, [self::VIEW], true)) { return false; } // only vote on `DocumentationProject` objects if (!$subject instanceof DocumentationProject) { return false; } return true; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token) { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } /** @var DocumentationProject $projectView */ $projectView = $subject; switch ($attribute) { case self::VIEW: return $this->canView($projectView, $user); } throw new \LogicException('This code should not be reached!'); } protected function canView(DocumentationProject $project, User $user) { // Lets look if User has same Organisation as the DocumentationProject if ($user->getOrganisation() === $project->getOrganisation()) { return true; } return false; }}