<?phpdeclare(strict_types=1);namespace App\Security;use App\Entity\System\Employee;use App\Entity\System\Role;use App\Manager\System\AdminAclManager;use Symfony\Component\HttpFoundation\Request;use Symfony\Component\HttpFoundation\RequestStack;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;class AdminAclVoter extends Voter{ public const ALLOW_ADMIN_ACCESS = 'ALLOW_ADMIN_ACCESS'; private AdminAclManager $ACLManager; private Security $security; private RequestStack $requestStack; public function __construct( AdminAclManager $ACLManager, Security $security, RequestStack $requestStack ) { $this->ACLManager = $ACLManager; $this->security = $security; $this->requestStack = $requestStack; } protected function supports($attribute, $subject): bool { return $attribute === self::ALLOW_ADMIN_ACCESS; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof Employee) { return false; } if ($this->security->isGranted(Role::ROLE_EMPLOYEE_DEVELOPER)) { return true; } if (is_string($subject)) { $route = $subject; } elseif ($subject instanceof Request) { $route = $this->requestStack->getMainRequest()->get('_route'); } else { return false; } $adminACL = $this->ACLManager->findOneBy(['route' => $route]); if (!$adminACL) { return false; } foreach ($adminACL->getRoles() as $role) { if ($this->security->isGranted($role->getName())) { return true; } } return false; }}