src/Security/Voters/Ledger/TransactionVoter.php line 11
<?phpnamespace App\Security\Voters\Ledger;use App\Entity\Ledger\Transaction;use App\Enums\Operation;use App\Enums\Roles;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\CacheableVoterInterface;class TransactionVoter implements CacheableVoterInterface{public function __construct(private readonly \Symfony\Bundle\SecurityBundle\Security $security,) {}public function supportsAttribute(string $attribute): bool{return Operation::match($attribute);}public function supportsType(string $subjectType): bool{return Transaction::class === $subjectType;}public function vote(TokenInterface $token, mixed $subject, array $attributes): int{return match ($attributes) {[Operation::READ->value] => $this->checkRead($token, $subject),[Operation::CREATE->value] => $this->checkCreate($token, $subject, $attributes),default => self::ACCESS_DENIED,};}private function checkCreate(TokenInterface $token, Transaction $subject, array $attributes): int{$currentUser = $token->getUser();if ($subject->getAccountFrom()->getOwner()->getUserIdentifier() === $currentUser->getUserIdentifier()) {return self::ACCESS_GRANTED;}return self::ACCESS_DENIED;}private function checkRead(TokenInterface $token, Transaction $subject): int{if ($this->security->isGranted(Roles::ROLE_ADMIN)) {return self::ACCESS_GRANTED;}if ($token->getUserIdentifier() === $subject->getAccountFrom()->getOwner()->getUserIdentifier()) {return self::ACCESS_GRANTED;}if ($token->getUserIdentifier() === $subject->getAccountTo()->getOwner()->getUserIdentifier()) {return self::ACCESS_GRANTED;}return self::ACCESS_DENIED;}}