<?phpnamespace Platform\SecurityBundle\Security\Voter;use Platform\SecurityBundle\Entity\Identity\Account;use Platform\SecurityBundle\Model\PlatformSubject;use Platform\SecurityBundle\Security\PlatformVoter;use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;final class InternalUserVoter extends PlatformVoter{ /** * {@inheritDoc} */ protected function supports( Account $account, string $attribute, ?PlatformSubject $subject = null ): bool { // for this to be an internal vote, the permission should be prefixed a certain way if ( ! $this->sentry->isInternalPermission($attribute)) { return false; } return true; } /** * {@inheritdoc} */ protected function poll( Account $account, string $permission, ?PlatformSubject $subject = null ): int { // go ahead and double check that we are an internal user // since we have verified that we are checking an internal permission, we should deny access if the account is not internal itself // this is done to help prevent the superuser voter from allowing access if ( ! $account->isInternal()) { return VoterInterface::ACCESS_DENIED; } // just see if the permission being checked is in our account's internal set return in_array($permission, $account->getInternalPermissions(), true) ? VoterInterface::ACCESS_GRANTED : VoterInterface::ACCESS_ABSTAIN; } /** * {@inheritdoc} */ protected function try( Account $account, string $permission ): int { return $this->poll($account, $permission); }}