src/Security/Voter/ProjectDetailsVoter.php line 16
<?phpdeclare(strict_types=1);namespace App\Security\Voter;use App\Entity\Project;use App\Entity\Role;use App\Entity\User;use App\Entity\UserInstitutionRole;use App\Enum\RoleEnum;use App\Repository\ItemUserRepository;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;final class ProjectDetailsVoter extends Voter{public function __construct(private readonly ItemUserRepository $itemUserRepository){}protected function supports(string $attribute, $subject): bool{if ($attribute === 'project_details_voter') {return true;}return false;}protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool{if (!$subject instanceof Project) {return false;}/** @var ?User $loggedUser */$loggedUser = $token->getUser();if (!$loggedUser) {return false;}/** @var UserInstitutionRole $currentRoleInstitution */$currentRoleInstitution = $loggedUser->getCurrentRoleInstitution();// Every general manager can see details for each project on his current institutionif (RoleEnum::GENERAL_MANAGER === $currentRoleInstitution->getRole()->getKeyName()&&$subject->getInstitution()->getId() === $currentRoleInstitution->getUserInstitution()->getInstitution()->getId()) {return true;}// Project manager can see details only for project where he is assigneeif (RoleEnum::PROJECT_MANAGER === $currentRoleInstitution->getRole()->getKeyName()&&$subject->getProjectManager()->getId() === $loggedUser->getId()) {return true;}// Check if loggedUser is project employeereturn (bool) count($this->itemUserRepository->getAllForEmployeeOnProject($loggedUser, $subject));}}