<?phpdeclare(strict_types=1);namespace App\Security\Blo;use App\Entity\Blo\Order;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class OrderVoter extends Voter{ public const VIEW = 'blo_order_view'; public const MANAGE = 'blo_order_manage'; protected function supports(string $attribute, mixed $subject): bool { return $subject instanceof Order && \in_array($attribute, [self::VIEW, self::MANAGE], true); } protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { return false; } /** @var Order $order */ $order = $subject; return match ($attribute) { self::VIEW => $this->canView($order, $user), self::MANAGE => $this->canManage($order, $user), default => false, }; } private function canView(Order $order, User $user): bool { if (\in_array('ROLE_ADMIN', $user->getRoles(), true)) { return true; } if ($order->getCustomer() === $user) { return true; } foreach ($order->getVendorSubOrders() as $vso) { if ($vso->getShop()->getOwner() === $user) { return true; } } return false; } private function canManage(Order $order, User $user): bool { if (\in_array('ROLE_ADMIN', $user->getRoles(), true)) { return true; } foreach ($order->getVendorSubOrders() as $vso) { if ($vso->getShop()->getOwner() === $user) { return true; } } return false; }}