src/Security/Voter/User/AccountVoter.php line 10

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\User;
  5. use App\Entity\Account;
  6. use App\Security\ApiUser;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. class AccountVoter extends Voter
  11. {
  12.     public const PERMISSION_AUTHENTICATE 'authentication';
  13.     public const PERMISSION_READ_SENSITIVE 'read_sensitive';
  14.     public const PERMISSION_WRITE_SENSITIVE 'write_sensitive';
  16.     protected function supports(string $attribute$subject): bool
  17.     {
  18.         if (!$subject instanceof Account) {
  19.             return false;
  20.         }
  22.         return in_array($attribute, [
  23.             self::PERMISSION_AUTHENTICATE,
  24.             self::PERMISSION_READ_SENSITIVE,
  25.             self::PERMISSION_WRITE_SENSITIVE,
  26.         ], true);
  27.     }
  29.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  30.     {
  31.         $user $token->getUser();
  33.         if (!$user instanceof ApiUser) {
  34.             return false;
  35.         }
  37.         // admin should be able to do anything
  38.         if ($user->getIsAdmin()) {
  39.             return true;
  40.         }
  42.         /*
  43.          * @var $subject Account
  44.          */
  45.         return $user->getAccount()->getId() === $subject->getId();
  46.     }
  47. }