Symfony Profiler

<?php
namespace App\Security\Voter;
use App\Entity\Order;
use App\User\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
* Security voter to control access to Order entities based on client ownership.
*/
class OrderVoter extends Voter
{
public const VIEW = 'view';
public const EDIT = 'edit';
public const DELETE = 'delete';
protected function supports(string $attribute, $subject): bool
{
return in_array($attribute, [self::VIEW, self::EDIT, self::DELETE], true)
&& $subject instanceof Order;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
// User must be logged in
if (!$user instanceof User) {
return false;
}
// ROLE_SUPER_USER can access everything
if (in_array('ROLE_SUPER_USER', $user->getRoles(), true)) {
return true;
}
/** @var Order $order */
$order = $subject;
// Get the client of the current user
$userClient = $user->getClient();
if (!$userClient) {
return false;
}
// Get the client of the order
$orderClient = $order->getClient();
if (!$orderClient) {
return false;
}
// Check if both belong to the same client
if ($userClient->getId() !== $orderClient->getId()) {
return false;
}
// User needs at least ROLE_MANAGER or ROLE_ADMIN to access orders
return in_array('ROLE_MANAGER', $user->getRoles(), true)
|| in_array('ROLE_ADMIN', $user->getRoles(), true);
}
}

src/Security/Voter/OrderVoter.php line 13