<?phpnamespace App\Security\Voter;use App\Entity\MemberBlocked;use App\Security\ApiUser;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class MemberBlockedVoter extends Voter{ public const READ = 'read'; public const DELETE = 'delete'; protected function supports(string $attribute, $subject): bool { if (!$subject instanceof MemberBlocked) { return false; } return in_array($attribute, [self::READ, self::DELETE], true); } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof ApiUser) { return false; } // admin should be able to do anything if ($user->getIsAdmin()) { return true; } /* * @var $subject MemberBlocked */ return $user->getMember()->getId() == $subject->getOwner()->getId(); }}