<?php/** * Created by PhpStorm. * User: albert * Date: 1/12/17 * Time: 17:52 */namespace AWCmsBundle\Voter;use AWEcommerceBundle\Entity\Order;use AWCmsBundle\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class UserVoter extends Voter{ const EDIT = 'edit'; /** * @var AccessDecisionManagerInterface */ protected $decisionManager; /** * AlbumVoter constructor. * @param AccessDecisionManagerInterface $decisionManager */ public function __construct(AccessDecisionManagerInterface $decisionManager) { $this->decisionManager = $decisionManager; } /** * Determines if the attribute and subject are supported by this voter. * * @param string $attribute An attribute * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type * * @return bool True if the attribute and subject are supported, false otherwise */ protected function supports($attribute, $subject) { if (!$subject instanceof User or !in_array($attribute, array(self::EDIT))) { return false; } return true; } /** * Perform a single access check operation on a given attribute, subject and token. * It is safe to assume that $attribute and $subject already passed the "supports()" method check. * * @param string $attribute * @param User $userSubject * @param TokenInterface $token * * @return bool */ protected function voteOnAttribute($attribute, $userSubject, TokenInterface $token) { // Current User is super admin, can do every thing if ($this->decisionManager->decide($token, [User::ROLE_SUPER_ADMIN])) { return true; } // Only super admin can edit super admin if ($userSubject->isSuperAdmin()) { return false; } // Admin can edit other users if ($this->decisionManager->decide($token, [User::ROLE_ADMIN])) { return true; } return false; }}