<?phpnamespace App\Security\Voter;use App\Entity\GuestbookEntry;use App\Security\ApiUser;use App\Service\User\MemberOperatorService;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class GuestbookEntryVoter extends Voter{ public const COMMENT = 'comment'; public const MANAGE = 'manage'; public const DELETE = 'delete'; protected function supports(string $attribute, $subject): bool { if (!$subject instanceof GuestbookEntry) { return false; } return in_array($attribute, [ self::COMMENT, self::MANAGE, self::DELETE, ], true); } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof ApiUser) { return false; } // admin should be able to do anything if ($user->getIsAdmin()) { return true; } /* * @var $subject GuestbookEntry */ if ($user->getIsOperator()) { return MemberOperatorService::isMemberOperatedByUser($subject->getRecipient(), $user); } return $user->getMember()->getId() == $subject->getRecipient()->getId(); }}