<?phpnamespace App\ApiPlatform\Voter;use App\Entity\ActionPlanTasks;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;use Symfony\Component\Security\Core\Security;class ActionPlanTasksVoter extends Voter implements VoterInterface{ public const CREATE = 'CREATE'; public const EDIT = 'EDIT'; public const DELETE = 'DELETE'; public function __construct(private readonly Security $security) { } protected function supports(string $attribute, $subject): bool { if (!$subject instanceof ActionPlanTasks) { return false; } return in_array($attribute, [self::CREATE, self::EDIT, self::DELETE]); } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { return false; } if ($user->isMasterAdmin()) { return true; } switch ($attribute) { case self::CREATE: return $this->canCreate($user, $subject); case self::EDIT: case self::DELETE: return $this->canEditOrDelete($user, $subject); } return false; } private function canCreate(User $user, ActionPlanTasks $task): bool { if (!$task->getActionPlan() || !$task->getActionPlan()->getSite()) { return false; } $actionPlanSiteId = $task->getActionPlan()->getSite()->getId(); $userHasAccess = false; foreach ($user->getUserSites() as $userSite) { if ($userSite->getSite()->getId() === $actionPlanSiteId) { $userHasAccess = true; break; } } return $userHasAccess; } private function canEditOrDelete(User $user, ActionPlanTasks $task): bool { if (!$task->getActionPlan() || !$task->getActionPlan()->getSite()) { return false; } $actionPlanSiteId = $task->getActionPlan()->getSite()->getId(); $userHasAccess = false; // Check if user is associated with the action plan's site foreach ($user->getUserSites() as $userSite) { if ($userSite->getSite()->getId() === $actionPlanSiteId) { $userHasAccess = true; break; } } return $userHasAccess; }}