src/Security/Voter/BassinVoter.php line 12
<?phpnamespace App\Security\Voter;use App\Entity\Bassin;use App\Entity\Utilisateur;use Symfony\Bundle\SecurityBundle\Security;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\User\UserInterface;class BassinVoter extends Voter{private $security;public const EDIT = 'BASSIN_EDIT';public const VIEW = 'BASSIN_VIEW';public function __construct(Security $security){$this->security = $security;}protected function supports(string $attribute, mixed $subject): bool{// replace with your own logic// https://symfony.com/doc/current/security/voters.htmlreturn in_array($attribute, [self::EDIT, self::VIEW])&& $subject instanceof \App\Entity\Bassin;}protected function voteOnAttribute(string $attribute, mixed $bassin, TokenInterface $token): bool{/** @var Utilisateur $user */$user = $token->getUser();// if the user is anonymous, do not grant accessif (!$user instanceof UserInterface) {return false;}// ROLE_SUPERADMIN > ROLE_ADMINif ($this->security->isGranted('ROLE_ADMIN')) {return true;}/** @var Bassin $bassin */// ... (check conditions and return true to grant permission) ...switch ($attribute) {case self::EDIT:case self::VIEW:// logic to determine if the user can EDIT or VIEW// return true or falseif ($this->security->isGranted('ROLE_GROUPE') &&$bassin->getEtablissement()->getOrganisme()->getGroupe() &&$bassin->getEtablissement()->getOrganisme()->getGroupe()->getRepresentantLegal() === $user) {return true;}if ($this->security->isGranted('ROLE_ORGANISME') &&$bassin->getEtablissement()->getOrganisme()->getRepresentantLegal() === $user) {return true;}if ($this->security->isGranted('ROLE_ETABLISSEMENT') &&$bassin->getEtablissement()->getResponsables()->contains($user)) {return true;}break;}return false;}}