<?phpnamespace App\Security\Voter;use App\Entity\Establishment;use App\Entity\Faq;use App\Entity\Message;use App\Entity\Program;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;use Symfony\Component\Security\Core\User\UserInterface;class IsOwnerOrGranted extends Voter{ public function __construct(private readonly Security $security) { } protected function supports(string $attribute, $subject): bool { return $attribute == 'IS_OWNER_OR_GRANTED'; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); // if the user is anonymous, do not grant access if (!$user instanceof UserInterface) { return false; } // Autorise l’équipe soignante d’un établissement à modifier les messages envoyés par l’un des membres de l’équipe if ($subject instanceof Message && $user->getEstablishment() instanceof Establishment && $this->security->isGranted('ROLE_DOCTOR')) { if ($subject->getSender()->getEstablishment() === $user->getEstablishment()) { return true; } } // Autorise un utilisateur à modifier un message qu’il a envoyé if ($subject instanceof Message) { return $subject->getSender() === $user; } // Autorise un utilisateur à consulter un ETP de son établissement if ($subject instanceof Faq && $subject->getEstablishment() === $user->getEstablishment()) { return true; } // Autorise un utilisateur à supprimer un program type qu'il a créé if ($subject instanceof Program && $user->getEstablishment() instanceof Establishment && $this->security->isGranted('ROLE_DOCTOR')) { return $subject->getEstablishment() === $user->getEstablishment(); } return false; }}