accessDecisionManager = $accessDecisionManager; $this->authorizationHelper = $authorizationHelper; $this->logger = $logger; } public function getRoles(): array { return self::ROLES; } public function getRolesWithHierarchy(): array { return [ 'Event' => self::ROLES, ]; } public function getRolesWithoutScope(): array { return []; } public function supports($attribute, $subject) { return ($subject instanceof Event && in_array($attribute, self::ROLES, true)) || ($subject instanceof Person && in_array($attribute, [self::CREATE, self::SEE], true)) || (null === $subject && self::SEE === $attribute); } /** * @param string $attribute * @param Event $subject * * @return bool */ protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $this->logger->debug(sprintf('Voting from %s class', self::class)); if (!$token->getUser() instanceof User) { return false; } if ($subject instanceof Event) { return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute); } if ($subject instanceof Person) { return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute); } // subject is null. We check that at least one center is reachable $centers = $this->authorizationHelper ->getReachableCenters($token->getUser(), new Role($attribute)); return count($centers) > 0; if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) { return false; } return $this->authorizationHelper->userHasAccess( $token->getUser(), $subject, $attribute ); } }