<?phpnamespace App\Security\Voter;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\User\UserInterface;use App\Entity\User;class EnterpriseVoter extends Voter{ protected function supports($attribute, $subject) { return in_array($attribute, ['create', 'edit','view']) && $subject instanceof \App\Entity\Enterprise; } protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $user = $token->getUser(); // if the user is anonymous, do not grant access if (!$user instanceof UserInterface) { return false; } $enterprise = $user->getEnterprise(); if ($user->getRoles()[0] == User::ROLE_ADMIN) { return true; } if ($user->getRoles()[0] == User::ROLE_CUSTOMER){ return ($enterprise == $subject); } if ($user->getRoles()[0] == User::ROLE_BUSINESSLINEMANAGER){ foreach($subject->getComboCustomers() as $combo){ if (in_array($combo->getProduct()->getFiliere()->getId(),$user->getAllowedFiliere())) return true; } foreach($subject->getComboProviders() as $combo){ if (in_array($combo->getProduct()->getFiliere()->getId(),$user->getAllowedFiliere())) return true; } return false; } if ($user->getRoles()[0] == User::ROLE_GROUPMANAGER){ return in_array($subject->getGroupEnterprise()->getId(),$user->getAllowedFiliere()); } if ($user->getRoles()[0] == User::ROLE_REGIONMANAGER){ return in_array(substr($subject->getLocations()[0]->getZipCode(),0,2),$user->getAllowedFiliere()); return in_array(substr($subject->getLocations()[1]->getZipCode(),0,2),$user->getAllowedFiliere()); return false; } return false; }}