src/Security/Voter/PromptTemplateVoter.php line 20
<?phpnamespace App\Security\Voter;use App\Entity\CRM\Admin;use App\Entity\CRM\Branch;use App\Entity\CRM\PromptTemplate;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\User\UserInterface;/*** Reguły dostępu do PromptTemplate:* - prompty SYSTEM (każdy branch i globalny) - edycja tylko ROLE_SUPER,* - pozostałe prompty (SALES/SENTIMENT/OVERALL):* * globalne (tenant=null) - tylko ROLE_SUPER,* * branch-specific - ROLE_SUPER albo ROLE_ADMIN przypisany do tego branchu,* - VIEW dostępny dla ROLE_ADMIN i ROLE_SUPER.*/class PromptTemplateVoter extends Voter{public const VIEW = 'PROMPT_VIEW';public const EDIT = 'PROMPT_EDIT';protected function supports(string $attribute, mixed $subject): bool{if (!in_array($attribute, [self::VIEW, self::EDIT], true)) {return false;}return $subject instanceof PromptTemplate;}protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool{$user = $token->getUser();if (!$user instanceof Admin) {return false;}/** @var PromptTemplate $subject */return match ($attribute) {self::VIEW => $this->canView($user),self::EDIT => $this->canEdit($subject, $user),default => false,};}public function canView(UserInterface $user): bool{if (!$user instanceof Admin) {return false;}return $this->hasRole($user, 'ROLE_SUPER') || $this->hasRole($user, 'ROLE_ADMIN');}public function canEdit(PromptTemplate $template, UserInterface $user): bool{if (!$user instanceof Admin) {return false;}if ($this->hasRole($user, 'ROLE_SUPER')) {return true;}if (!$this->hasRole($user, 'ROLE_ADMIN')) {return false;}// Tylko ROLE_SUPER może dotykać SYSTEM-u albo promptów globalnych.if ($template->requiresSuperAdmin()) {return false;}if ($template->getTenant() === null) {return false;}return $this->adminHasBranch($user, $template->getTenant());}private function hasRole(UserInterface $user, string $role): bool{return in_array($role, $user->getRoles(), true);}private function adminHasBranch(Admin $admin, Branch $branch): bool{$branchId = $branch->getId();if ($branchId === null) {return false;}if (!method_exists($admin, 'getBranches')) {return false;}foreach ($admin->getBranches() as $assigned) {if ($assigned instanceof Branch && $assigned->getId() === $branchId) {return true;}}return false;}}