src/Security/PostVoter.php line 27
<?php/** This file is part of the Symfony package.** (c) Fabien Potencier <fabien@symfony.com>** For the full copyright and license information, please view the LICENSE* file that was distributed with this source code.*/namespace App\Security;use App\Entity\defaults\Post;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;/*** It grants or denies permissions for actions related to blog posts (such as* showing, editing and deleting posts).** See https://symfony.com/doc/current/security/voters.html** @author Yonel Ceruto <yonelceruto@gmail.com>*/class PostVoter extends Voter{// Defining these constants is overkill for this simple application, but for real// applications, it's a recommended practice to avoid relying on "magic strings"public const DELETE = 'delete';public const EDIT = 'edit';public const SHOW = 'show';/*** {@inheritdoc}*/protected function supports(string $attribute, $subject): bool{// this voter is only executed on Post objects and for three specific permissionsreturn $subject instanceof Post && \in_array($attribute, [self::SHOW, self::EDIT, self::DELETE], true);}/*** {@inheritdoc}** @param Post $post*/protected function voteOnAttribute(string $attribute, $post, TokenInterface $token): bool{$user = $token->getUser();// the user must be logged in; if not, deny permissionif (!$user instanceof User) {return false;}// the logic of this voter is pretty simple: if the logged user is the// author of the given blog post, grant permission; otherwise, deny it.// (the supports() method guarantees that $post is a Post object)return $user === $post->getAuthor();}}