src/Security/Voter/ItemDocumentOwnerVoter.php line 15
<?phpdeclare(strict_types=1);namespace App\Security\Voter;use App\Entity\ItemDocument;use App\Entity\User;use App\Entity\UserInstitutionRole;use App\Enum\RoleEnum;use App\Repository\ItemUserRepository;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;final class ItemDocumentOwnerVoter extends Voter{public function __construct(private readonly ItemUserRepository $itemUserRepository){}protected function supports(string $attribute, $subject): bool{if ($attribute === 'item_document_owner_voter') {return true;}return false;}protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool{if (!$subject instanceof ItemDocument) {return false;}/** @var User $loggedUser */$loggedUser = $token->getUser();if (!$loggedUser) {return false;}/** @var UserInstitutionRole $currentRoleInstitution */$currentRoleInstitution = $loggedUser->getCurrentRoleInstitution();// Every general manager can see details for each project on his current institutionif (RoleEnum::GENERAL_MANAGER === $currentRoleInstitution->getRole()->getKeyName()&&$subject->getItem()->getProject()->getInstitution()->getId()===$currentRoleInstitution->getUserInstitution()->getInstitution()->getId()) {return true;}// Project manager can see details only for project where he is assigneeif (RoleEnum::PROJECT_MANAGER === $currentRoleInstitution->getRole()->getKeyName()&&$loggedUser->getId() === $subject->getItem()->getProject()->getProjectManager()->getId()) {return true;}// Check if loggedUser is project employeereturn (bool) $this->itemUserRepository->findOneBy(['item' => $subject->getItem(), 'user' => $loggedUser]);}}