<?phpdeclare(strict_types=1);namespace App\Security;use App\Entity\System\Role;use App\Manager\System\AdminAclManager;use App\Service\SecurityService;use Symfony\Component\HttpFoundation\Request;use Symfony\Component\HttpFoundation\RequestStack;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class AdminAclVoter extends Voter{ public const ALLOW_ADMIN_ACCESS = 'ALLOW_ADMIN_ACCESS'; private AdminAclManager $ACLManager; private RequestStack $requestStack; private SecurityService $securityService; public function __construct( AdminAclManager $ACLManager, RequestStack $requestStack, SecurityService $securityService ) { $this->ACLManager = $ACLManager; $this->requestStack = $requestStack; $this->securityService = $securityService; } protected function supports($attribute, $subject): bool { return $attribute === self::ALLOW_ADMIN_ACCESS; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $employee = $this->securityService->findSessionEmployee(); if (!$employee) { return false; } if ($this->securityService->isGranted(Role::ROLE_EMPLOYEE_DEVELOPER)) { return true; } if (is_string($subject)) { $route = $subject; } elseif ($subject instanceof Request) { $route = $this->requestStack->getMainRequest()->get('_route'); } else { return false; } $adminACL = $this->ACLManager->findOneBy(['route' => $route]); if (!$adminACL) { return false; } foreach ($adminACL->getRoles() as $role) { if ($this->securityService->isGranted($role->getName(), $employee)) { return true; } } if ($adminACL->getEmployees()->contains($employee)) { return true; } return false; }}