<?phpnamespace App\Security\Voter;use App\Entity\AbstractCollaborator;use Exception;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;use Symfony\Component\Security\Core\User\UserInterface;class ProfileVoter extends Voter{ public const PROFILE_UPDATE = 'PROFILE_UPDATE'; /** * @var Security */ private Security $security; /** * @param Security $security */ public function __construct(Security $security) { $this->security = $security; } /** * @param string $attribute * @param mixed $subject * @return bool */ protected function supports(string $attribute, $subject): bool { return $attribute === self::PROFILE_UPDATE && $subject instanceof AbstractCollaborator; } /** * @param string $attribute * @param $subject * @param TokenInterface $token * @return bool * @throws Exception */ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token) { /** @var UserInterface $user */ $user = $token->getUser(); // Deny anonymous users if (!$user instanceof UserInterface) { return false; } /** @var AbstractCollaborator $subject */ if ($attribute == self::PROFILE_UPDATE) { if ($subject->getUserIdentifier() === $user->getUserIdentifier() || $this->security->isGranted(AbstractCollaborator::ROLE_MANAGER)) { return true; } return false; } throw new Exception(sprintf('Unhandled attribute "%s"', $attribute)); }}