src/Security/Voter/OrderAuthorization.php line 12

Open in your IDE?
  1. <?php
  4. namespace App\Security\Voter;
  6. use App\Entity\Order;
  7. use App\Entity\User;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  10. use Symfony\Bundle\SecurityBundle\Security;
  12. class OrderAuthorization implements VoterInterface
  13. {
  14.     /**
  15.      * @var Security
  16.      */
  17.     private $security;
  19.     public function __construct(Security $security)
  20.     {
  21.         $this->security $security;
  22.     }
  24.     public function vote(TokenInterface $token$subject, array $attributes): int
  25.     {
  26.         if (!$subject instanceof Order) {
  27.             return self::ACCESS_ABSTAIN;
  28.         }
  30.         if (!in_array('OrderAuthorization'$attributes)) {
  31.             return self::ACCESS_ABSTAIN;
  32.         }
  34.         $user $token->getUser();
  36.         if (!$user instanceof User) {
  37.             return self::ACCESS_DENIED;
  38.         }
  40.         if ($user !== $subject->getUser()) {
  41.             return self::ACCESS_DENIED;
  42.         }
  44.         return self::ACCESS_GRANTED;
  45.     }
  46. }