<?phpdeclare(strict_types=1);namespace App\Security\Blo;use App\Entity\Blo\Payout;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class PayoutVoter extends Voter{ public const VIEW = 'blo_payout_view'; public const APPROVE = 'blo_payout_approve'; protected function supports(string $attribute, mixed $subject): bool { return $subject instanceof Payout && \in_array($attribute, [self::VIEW, self::APPROVE], true); } protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { return false; } /** @var Payout $payout */ $payout = $subject; return match ($attribute) { self::VIEW => $this->canView($payout, $user), self::APPROVE => $this->canApprove($payout, $user), default => false, }; } private function canView(Payout $payout, User $user): bool { if (\in_array('ROLE_ADMIN', $user->getRoles(), true)) { return true; } return $payout->getShop()->getOwner() === $user; } private function canApprove(Payout $payout, User $user): bool { return \in_array('ROLE_ADMIN', $user->getRoles(), true); }}