<?phpnamespace App\Security\Voter;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;use Symfony\Component\Security\Core\User\UserInterface;class ClienteVoter extends Voter{ // group must be separated by single underline, multiple words could be separated by double underline // for example DASHBOARD_MEMO_VISUALIZZA__ASSEGNATARIO -> DASHBOARD -> MEMO -> VISUALIZZA ASSEGNATARIO // Don't use double underline in constant names // translate each expression separately at messages.it.yml // Add __disabled suffix to make permission disabled and checked by default const VISUALIZZA_DASHBOARD_CLIENTE = 'CLIENTE_VISUALIZZA__DASHBOARD__CLIENTE'; const CANCELLA = 'CLIENTE_CANCELLA'; const VISUALIZZA = 'CLIENTE_VISUALIZZA__DISABLED'; const ACCESSO_ALLA_SEZIONE = 'CLIENTE_ACCESSO__ALLA__SEZIONE'; const ORDER = 1; const PERMISSIONS_LIST = [ self::VISUALIZZA_DASHBOARD_CLIENTE, self::CANCELLA, self::ACCESSO_ALLA_SEZIONE, self::VISUALIZZA, ]; private $security; public function __construct(Security $security) { $this->security = $security; } protected function supports($attribute, $subject) { // if the attribute isn't one we support, return false if (!in_array($attribute, self::PERMISSIONS_LIST)) { return false; } return true; } protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $user = $token->getUser(); // if the user is anonymous, do not grant access if (!$user instanceof UserInterface) { return false; } if($this->security->isGranted(User::ROLE_SUPER_ADMIN)) return true; return in_array($attribute, $user->getPermissions()); }}