<?phpnamespace App\Security\Chat;use App\Modules\Chat\Entity\MessageFile;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;class MessageFileVoter extends Voter{ const DELETE_FILE = 'delete_file'; private $security; public function __construct(Security $security) { $this->security = $security; } /** * Determines if the attribute and subject are supported by this voter. * * @param string $attribute An attribute * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type * * @return bool True if the attribute and subject are supported, false otherwise */ protected function supports($attribute, $subject) { if (!in_array($attribute, [self::DELETE_FILE])) { return false; } return true; } /** * Perform a single access check operation on a given attribute, subject and token. * It is safe to assume that $attribute and $subject already passed the "supports()" method check. * * @param string $attribute * @param mixed $subject * * @param TokenInterface $token * * @return bool */ protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } switch ($attribute) { case self::DELETE_FILE: return $this->canDelete($subject, $user); } } private function canDelete(MessageFile $file, User $user) { if ($file->getMessage()->getAuthor() === $user) { return true; } return false; }}