<?phpdeclare(strict_types=1);namespace Xearts\Bundle\TaobaoDaikoBundle\Security\Voter;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Xearts\Bundle\TaobaoDaikoBundle\Entity\Admin;use Xearts\Bundle\TaobaoDaikoBundle\Entity\Estimate;use Xearts\Bundle\TaobaoDaikoBundle\Entity\EstimateStep;use Xearts\Bundle\TaobaoDaikoBundle\Entity\User;class ApiEstimatePutStepVoter extends Voter{ public const STEP_CANCEL = 'step_cancel'; public const STEP_APPROVE = 'step_approve'; public const STEP_PAYMENT = 'step_payment'; public const STEP_PAYMENT_POSTAGE = 'step_payment_postage'; protected function supports($attribute, $subject) { if (!$subject instanceof Estimate) { return false; } return in_array( $attribute, [self::STEP_CANCEL, self::STEP_APPROVE, self::STEP_PAYMENT, self::STEP_PAYMENT_POSTAGE] ); } protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { assert($subject instanceof Estimate); $user = $token->getUser(); if ($user instanceof Admin) { return true; } if (!$user instanceof User) { return false; } if ($subject->getUser() !== $user) { return false; } $estimateStep = $subject->getEstimateStep(); if (!$estimateStep) { return false; } switch ($attribute) { case self::STEP_APPROVE: case self::STEP_CANCEL: return EstimateStep::CODE_ESTIMATE_CONFIRM === $estimateStep->getCode(); case self::STEP_PAYMENT: return EstimateStep::CODE_PAYMENT_WAITING === $estimateStep->getCode(); case self::STEP_PAYMENT_POSTAGE: return EstimateStep::CODE_POSTAGE_WAITING === $estimateStep->getCode(); } return false; }}