<?php declare(strict_types=1);namespace Sq\Service\Security\Voter\InWorkspace;use Sq\Entity\Schema\ORM as Entity;use Sq\Entity\Schema\ORM\UserOrganizationAssignment;use Sq\Service\Security\Voter\SecurityAttributes;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;class EditInWorkspaceVoter extends AbstractInWorkspaceVoter{ protected function getSupportedAttributeName(): string { return SecurityAttributes::EDIT; } protected function getValidRolesForAttribute(): array { return [ UserOrganizationAssignment::ROLE_OWNER, UserOrganizationAssignment::ROLE_ADMIN, UserOrganizationAssignment::ROLE_EDITOR, ]; } protected function voteSpecificToSubjectAndRole($subject, string $role, TokenInterface $token): ?bool { if ($subject instanceof Entity\PostFamilyComment) { if ($subject->getWorkspace()->getOrganization()->getLegacyMember()->wasLegacySignup()) { return false; } $allowedRoles = array_merge($this->getValidRolesForAttribute(), [UserOrganizationAssignment::ROLE_CLIENT]); if (!in_array($role, $allowedRoles, true)) { return false; } /** @var Entity\User $loggedInUser */ $loggedInUser = $token->getUser(); return $subject->getAuthor()->getId() === $loggedInUser->getId(); } return null; } protected function isAllowedWhenImpersonating(): bool { return false; }}