<?phpdeclare(strict_types=1);namespace App\Security\Voter\Procedure;use App\Model\Work\Procedure\Entity\Lot\Bid\Status;use App\ReadModel\Procedure\Bid\BidFetcher;use App\ReadModel\Procedure\DetailView;use App\Security\UserIdentity;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Exception\AccessDeniedException;use Symfony\Component\Security\Core\Security;class AuctionVoter extends Voter{ public const AUCTION_SHOW = 'auction_show'; private Security $security; private BidFetcher $bidFetcher; public function __construct( Security $security, BidFetcher $bidFetcher ) { $this->security = $security; $this->bidFetcher = $bidFetcher; } protected function supports(string $attribute, $subject): bool { return in_array($attribute, [ self::AUCTION_SHOW ], true); } /** * @param string $attribute * @param DetailView $subject * @param TokenInterface $token * @return bool * @throws \Doctrine\DBAL\Exception */ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { // Moderators have full access if ($this->security->isGranted('ROLE_MODERATOR')) { return true; } $user = $token->getUser(); if (!$user instanceof UserIdentity) { return false; } /*** Список разрешенных профиль ид*/ $accessProfileIds = []; $accessProfileIds[] = $subject->profile_id; $findBids = $this->bidFetcher->findAllBidsByLot( $subject->lot_id, [ Status::approved()->getName() ] ); $participantIds = array_map(function ($bid) { return $bid->getParticipantId(); }, $findBids); $accessProfileIds = array_merge($accessProfileIds, $participantIds); if (in_array($user->getProfileId(), $accessProfileIds) === false) { throw new AccessDeniedException('Доступ запрещен. У вас недостаточно прав для совершения этого действия.'); } return true; }}