<?phpnamespace App\Security\Voter;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;class UserVoter extends Voter{ public const EDIT = 'POST_EDIT'; public const VIEW = 'POST_VIEW'; public const ADD = 'POST_ADD'; public const DELETE = 'POST_DELETE'; public function __construct( private readonly Security $security ) {} protected function supports(string $attribute, $subject): bool { // replace with your own logic // https://symfony.com/doc/current/security/voters.html return in_array($attribute, [self::EDIT, self::VIEW, self::ADD, self::DELETE]) && $subject instanceof \App\Entity\User; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $this->security->getUser(); $itsMe = ( $user == $subject ); $isMyOrganization = ( $user->getOrganization() == $subject->getOrganization() ); if ($this->security->isGranted('ROLE_ADMIN')) { return true; } else if ($this->security->isGranted('ROLE_MANAGER')) { switch ( $attribute ) { case self::ADD: return true; case self::VIEW: case self::EDIT: return $isMyOrganization; default: return false; } } else if ($this->security->isGranted('ROLE_USER')) { switch ( $attribute ) { case self::VIEW: case self::EDIT: return $itsMe; default: return false; } } return false; }}