<?php declare(strict_types=1);namespace App\StartPlatz\Bundle\GruendungsstipendiumBundle\Security;use App\StartPlatz\Bundle\StartupBundle\Entity\Application;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;class GsApplicationVoter extends Voter{ public const APPROVE = 'GS_APPROVE'; public const REJECT = 'GS_REJECT'; public const ADMIT_JURY = 'GS_ADMIT_JURY'; public const START_FUNDING = 'GS_START_FUNDING'; public const CLOSE_PARTICIPATION = 'GS_CLOSE_PARTICIPATION'; public const FINALIZE = 'GS_FINALIZE'; public const LINK_MEMBER = 'GS_LINK_MEMBER'; public const LINK_TEAM = 'GS_LINK_TEAM'; public const RESET = 'GS_RESET'; public const DELETE = 'GS_DELETE'; private const SUPPORTED = [ self::APPROVE, self::REJECT, self::ADMIT_JURY, self::START_FUNDING, self::CLOSE_PARTICIPATION, self::FINALIZE, self::LINK_MEMBER, self::LINK_TEAM, self::RESET, self::DELETE, ]; public function __construct( private readonly Security $security ) {} protected function supports(string $attribute, $subject): bool { return in_array($attribute, self::SUPPORTED, true) && $subject instanceof Application; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { if (!$this->security->isGranted('ROLE_ADMIN')) { return false; } return match ($attribute) { self::RESET, self::DELETE => $this->security->isGranted('ROLE_MASTER'), default => true, }; }}