UserVoter.php

<?php

namespace App\Security\Voter;

use App\Entity\User;
use App\Security\Voter\AbstractVoter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;

class UserVoter extends AbstractVoter
{
    protected function supports($attribute, $subject)
    {
        // Est-ce que l'action demandée existe
        if (!parent::supportsAttribute($attribute)) {
            return false;
        }

        // On ne vote que pour des objets de type User
        if (!$subject instanceof User) {
            return false;
        }

        return true;
    }

    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
    {
        $user = $token->getUser();

        if (!$user instanceof User) {
            // L'utilisateur doit être loggué
            return false;
        }

        // Les admins peuvent tout faire !
        if ($this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN', 'ROLE_ADMIN', 'ROLE_ADMIN_SIEGE'))) {
            return true;
        }

        switch ($attribute) {
            case 'add_tr_sie_grp':
                return true;
            case self::LIST:
                return $this->canList($subject, $user);
            case self::VIEW:
                return $this->canView($subject, $user);
            case self::CREATE:
                return $this->canCreate($subject, $user);
            case self::EDIT:
                return $this->canEdit($subject, $user);
            case self::DELETE:
                return $this->canDelete($subject, $user);
            case self::EXPORT:
                return $this->canExport($subject, $user);
            case self::ALL:
                return $this->canAll($subject, $user);
        }

        throw new \LogicException('This code should not be reached!');
    }

    private function canList(User $subject, User $user)
    {
        // Only ADMIN can list users so already return true before
        return false;
    }

    private function canView(User $subject, User $user)
    {
        // if ($this->decisionManager->decide($token, array('ROLE_ADHERENT'))) {
    }

    private function canCreate(User $subject, User $user)
    {
    }

    private function canEdit(User $subject, User $user)
    {
    }

    private function canDelete(User $subject, User $user)
    {
    }

    private function canExport(User $subject, User $user)
    {
    }

    private function canAll(User $subject, User $user)
    {
    }
}