<?phpnamespace App\Security;use App\Entity\Board;use App\Entity\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class BoardVoter extends Voter { // these strings are just invented: you can use anything const VIEW = 'view'; const EDIT = 'edit'; protected function supports($attribute, $subject) { // if the attribute isn't one we support, return false if (!in_array($attribute, [self::VIEW, self::EDIT])) { return false; } // only vote on `Board` objects if (!$subject instanceof Board) { return false; } return true; } protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } // you know $subject is a Board object, thanks to `supports()` /** @var Board $board */ $board = $subject; switch ($attribute) { case self::VIEW: return $this->canView($board, $user); case self::EDIT: return $this->canEdit($board, $user); } throw new \LogicException('This code should not be reached!'); } private function canView(Board $board, User $user) { $teams = $board->getTeams(); $can = false; if ($board->getOwner()->getId() == $user->getId()) { return true; } foreach ($teams as $key => $value) { $users = $value->getUsers(); foreach ($users as $keyB => $valueB) { if ($valueB->getId() == $user->getId()) { $can = true; } } } return $can; } private function canEdit(Board $board, User $user) { return $board->getOwner()->getId() == $user->getId(); }}