<?phpnamespace App\Security\Voter;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;use Symfony\Component\Security\Core\User\UserInterface;class Pratica231Voter extends Voter{ // group must be separated by single underline, multiple words could be separated by double underline // for example DASHBOARD_MEMO_VISUALIZZA__ASSEGNATARIO -> DASHBOARD -> MEMO -> VISUALIZZA ASSEGNATARIO // Don't use double underline in constant names // translate each expression separately at messages.it.yml // Add __disabled suffix to make permission disabled and checked by default const VISUALIZZA_ASSEGNATARIO = 'PRATICA__231_ASSEGNATARIO__DISABLED'; const ACCESSO_ALLA_SEZIONE = 'PRATICA__231_ACCESSO__ALLA__SEZIONE'; const VISUALIZZA_PRENDI_I_PERMESSI_DELL_ASSEGNATARIO = 'PRATICA__231_PRENDI__I__PERMESSI__DELL__ASSEGNATARIO'; const ORDER = 10; const PERMISSIONS_LIST = [ self::VISUALIZZA_PRENDI_I_PERMESSI_DELL_ASSEGNATARIO, self::ACCESSO_ALLA_SEZIONE, self::VISUALIZZA_ASSEGNATARIO, ]; private $security; public function __construct(Security $security) { $this->security = $security; } protected function supports($attribute, $subject) { // if the attribute isn't one we support, return false if (!in_array($attribute, self::PERMISSIONS_LIST)) { return false; } return true; } protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $user = $token->getUser(); // if the user is anonymous, do not grant access if (!$user instanceof UserInterface) { return false; } if($this->security->isGranted(User::ROLE_SUPER_ADMIN)) return true; return in_array($attribute, $user->getPermissions()); }}