<?phpnamespace App\Security\Voters;use App\Entity\Ticket;use App\Entity\User;use App\Entity\Manufacturer;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;class TicketVoter extends Voter{ private Security $security; public const CAN_ADD_UPLOAD = 'ticket.can.add.upload'; public const CAN_EDIT = 'ticket.can.be.edited'; public const CAN_RESOLVE = 'ticket.can_resolve'; private const ATTRIBUTES = [ self::CAN_ADD_UPLOAD, self::CAN_EDIT, self::CAN_RESOLVE, ]; public function __construct(Security $security) { $this->security = $security; } protected function supports($attribute, $subject): bool { return in_array($attribute, self::ATTRIBUTES); } protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); switch ($attribute) { case self::CAN_ADD_UPLOAD: return $this->canAddUpload($subject); case self::CAN_EDIT: return $this->canEdit($subject); case self::CAN_RESOLVE: return $this->canResolve($subject); } throw new \LogicException('Invalid attribute: ' . $attribute); } private function canEdit(Ticket $ticket): bool { if ($this->security->isGranted('ROLE_IT_SUPPORT')) { return true; } if ( in_array($ticket->getStatus(), [Ticket::STATUS_NEW]) && $ticket->getCreatedBy() === $this->security->getUser()) { return true; } return false; } private function canAddUpload(Ticket $ticket): bool { if ($this->security->isGranted('ROLE_IT_SUPPORT')) { return true; } if ( in_array($ticket->getStatus(), [Ticket::STATUS_NEW]) && $ticket->getCreatedBy() === $this->security->getUser()) { return true; } return false; } private function canResolve($subject) : bool { if ( $this->security->isGranted('ROLE_IT_SUPPORT') ) { return true; } return false; }}