<?phpnamespace LiteDesk\CoreBundle\Security\Authorization;use LiteDesk\OfficeBundle\Entity\Team;use LiteDesk\UserBundle\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;use JMS\DiExtraBundle\Annotation\Service;use JMS\DiExtraBundle\Annotation\Tag;use Symfony\Component\Security\Core\Authorization\Voter\Voter;/** * @Service * @Tag("security.voter") */class GlobalSystemAdminVoter extends Voter{ protected function supports($attribute, $subject) { return true; } protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { foreach($token->getRoles() as $role) { if($role->getRole() == $attribute || ($role->getRole() == 'GLOBAL_SYSTEM_ADMINISTRATION' && $attribute != 'ROLE_PREVIOUS_ADMIN')) { return true; } } return false; } public function vote(TokenInterface $token, $subject, array $attributes) { // abstain vote by default in case none of the attributes are supported $vote = self::ACCESS_ABSTAIN; if(!$attributes) { return $this->voteOnAttribute(array(), $subject, $token); } foreach ($attributes as $attribute) { if (!$this->supports($attribute, $subject)) { continue; } // as soon as at least one attribute is supported, default is to deny access $vote = self::ACCESS_DENIED; if ($this->voteOnAttribute($attribute, $subject, $token)) { // grant access as soon as at least one attribute returns a positive response return self::ACCESS_GRANTED; } } return $vote; }}