<?phpnamespace App\Security\Voter;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\User\UserInterface;class UserVoter extends Voter{ public const VIEW = 'USER_VIEW'; public const EDIT = 'USER_EDIT'; /** * @inheritDoc */ protected function supports(string $attribute, mixed $subject): bool { // Only vote on User objects and supported attributes return in_array($attribute, [self::VIEW, self::EDIT]) && $subject instanceof User; } /** * @inheritDoc */ protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool { $currentUser = $token->getUser(); if (!$currentUser instanceof UserInterface) { return false; // not logged in } /** @var User $user */ $user = $subject; switch ($attribute) { case self::VIEW: return $this->canView($user, $currentUser); case self::EDIT: return $this->canEdit($user, $currentUser); } return false; } private function canView(User $user, UserInterface $currentUser): bool { // Admins can view everyone if (in_array('ROLE_ADMIN', $currentUser->getRoles(), true)) { return true; } // A user can view their own data return $currentUser === $user; } private function canEdit(User $user, UserInterface $currentUser): bool { // Admins can edit everyone if (in_array('ROLE_ADMIN', $currentUser->getRoles(), true)) { return true; } // A user can edit only their own profile return $currentUser === $user; }}