<?phpnamespace App\Voter;use App\Voter\Supplier;use App\Voter\SupplierFactory;use App\Entity\Invitation;use App\Entity\User;use App\Model\InvitationFactory;use App\Model\User\UserFactory;use Exception;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class InvitationVoter extends Voter{ public const DELETE = 'delete'; private $userFactory; /** * @var SupplierFactory */ private $invitationFactory; public function __construct( UserFactory $userFactory, InvitationFactory $invitationFactory ) { $this->invitationFactory = $invitationFactory; $this->userFactory = $userFactory; } protected function supports($attribute, $subject): bool { // if the attribute isn't one we support, return false if (! in_array($attribute, [ self::DELETE ])) { return false; } if (! $subject instanceof Invitation) { return false; } return true; } /** * @param string $attribute * @param Supplier $entity * * @return bool * @throws Exception */ protected function voteOnAttribute($attribute, $entity, TokenInterface $token): bool { $userEntity = $token->getUser(); if (! $userEntity instanceof User) { // the user must be logged in; if not, deny access return false; } $user = $this->userFactory->createModel($userEntity); $invitation = $this->invitationFactory->createModel($entity); switch ($attribute) { case self::DELETE: return $user->canDeleteInvitation($invitation); } return false; }}