<?phpdeclare(strict_types=1);namespace App\Bundles\UserBundle\Security\Voter;use App\Bundles\OrganizationBundle\Exception\UserOrganizationNotFoundException;use App\Bundles\OrganizationBundle\Service\UserOrganization\UserOrganizationBinder;use App\Bundles\OrganizationBundle\Service\UserOrganization\UserOrganizationProvider;use App\Bundles\UserBundle\Entity\Permission;use App\Bundles\UserBundle\Enum\RolePermissionEnum;use App\Bundles\UserBundle\Repository\PermissionRepository;use App\Platform\Service\SessionProvider;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class RolePermissionsVoter extends Voter{ public function __construct( private readonly PermissionRepository $permissionRepository, private readonly SessionProvider $sessionProvider, private readonly UserOrganizationBinder $organizationBinder, private readonly UserOrganizationProvider $provider, ) { } protected function supports(string $attribute, $subject): bool { return (bool)RolePermissionEnum::tryFrom($attribute); } /** * @throws UserOrganizationNotFoundException */ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { if (!$token->getUser()) { return false; } // TODO: get organization from session $session = $this->sessionProvider->provide(); if (!$session->has($this->organizationBinder::SESSION_USER_ORGANIZATION_KEY)) { return false; } $userOrganization = $this->provider->provide( $session->get($this->organizationBinder::SESSION_USER_ORGANIZATION_KEY) ); $userPermissions = $this->permissionRepository->findForUserInOrganization( $userOrganization->getOrganization(), $token->getUser() ); $permissionNames = array_map(fn(Permission $permission) => $permission->getValue(), $userPermissions); return in_array($attribute, $permissionNames); }}