security = $security; $this->voterHelper = $voterHelperFactory ->generate(self::class) ->addCheckFor(null, [self::CREATE]) ->addCheckFor(AccompanyingPeriod::class, [self::TOGGLE_CONFIDENTIAL, ...self::ALL]) ->addCheckFor(Person::class, [self::SEE]) ->build(); } public function getRoles(): array { return self::ALL; } public function getRolesWithHierarchy(): array { return ['Accompanying period' => $this->getRoles()]; } public function getRolesWithoutScope(): array { return []; } protected function supports($attribute, $subject) { return $this->voterHelper->supports($attribute, $subject); } protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool { if (!$token->getUser() instanceof User) { return false; } if ($subject instanceof AccompanyingPeriod) { if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { if (in_array($attribute, [self::EDIT, self::DELETE], true)) { return false; } if (self::RE_OPEN_COURSE === $attribute) { return $this->voterHelper->voteOnAttribute(self::EDIT, $subject, $token); } } if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) { // only creator can see, edit, delete, etc. if ( $subject->getCreatedBy() === $token->getUser() || null === $subject->getCreatedBy() ) { return true; } return false; } if (in_array($attribute, [ self::SEE, self::SEE_DETAILS, self::EDIT, ], true)) { if ($subject->getUser() === $token->getUser()) { return true; } } if (self::TOGGLE_CONFIDENTIAL === $attribute) { if (null !== $subject->getUser() && ($subject->getUser() === $token->getUser())) { return true; } return false; // return $this->voterHelper->voteOnAttribute(self::TOGGLE_CONFIDENTIAL_ALL, $subject, $token); } if (self::TOGGLE_INTENSITY === $attribute) { if (null !== $subject->getUser() && ($subject->getUser() === $token->getUser())) { return true; } return false; } // if confidential, only the referent can see it if ($subject->isConfidential()) { return $token->getUser() === $subject->getUser(); } } return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); } }