Symfony Profiler

<?php
namespace MedBrief\MSR\Security\Voter;
use MedBrief\MSR\Entity\ProjectClosure;
use MedBrief\MSR\Entity\User;
use Override;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
class ProjectClosureVoter extends Voter
{
public const READ = 'READ';
public function __construct(private readonly AuthorizationCheckerInterface $authorizationChecker)
{
}
#[Override]
protected function supports($attribute, $subject)
{
return $attribute == self::READ
&& ($subject instanceof ProjectClosure || is_subclass_of($subject, ProjectClosure::class));
}
/**
* Checks if a user can read a ProjectClosure.
*
* @param ProjectClosure $projectClosure
* @param User $user
*/
protected function canRead(ProjectClosure $projectClosure, User $user): bool
{
if ($projectClosure->getProject() && true === $user->isAccountAdministratorForAccount($projectClosure->getProject()->getAccount())) {
return self::ACCESS_GRANTED;
}
return self::ACCESS_DENIED;
}
#[Override]
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
// get current logged in user
/** @var User $user */
$user = $token->getUser();
/** @var ProjectClosure $projectClosure */
$projectClosure = $subject;
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return self::ACCESS_DENIED;
}
// SuperAdmin and Administrator for Medbrief users can do everything
if ($this->authorizationChecker->isGranted('ROLE_ADMIN')) {
return self::ACCESS_GRANTED;
}
if ($attribute === self::READ) {
return $this->canRead($projectClosure, $user);
}
return self::ACCESS_DENIED;
}
}

src/Security/Voter/ProjectClosureVoter.php line 13