Added voter reason explaination to the other voters

jbtronics · jbtronics · commit eb4258053e33 · 2025-09-06T00:24:55.000+02:00
diff --git a/src/Security/Voter/AttachmentVoter.php b/src/Security/Voter/AttachmentVoter.php
@@ -41,6 +41,7 @@
 use RuntimeException;
 
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 use function in_array;
@@ -56,7 +57,7 @@ public function __construct(private readonly Security $security, private readonl
     {
     }
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
 
         //This voter only works for attachments
@@ -65,7 +66,8 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
         }
 
         if ($attribute === 'show_private') {
-            return $this->helper->isGranted($token, 'attachments', 'show_private');
+            $vote?->addReason('User is not allowed to view private attachments.');
+            return $this->helper->isGranted($token, 'attachments', 'show_private', $vote);
         }
 
 
@@ -111,7 +113,8 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
                 throw new RuntimeException('Encountered unknown Parameter type: ' . $subject);
             }
 
-            return $this->helper->isGranted($token, $param, $this->mapOperation($attribute));
+            $vote?->addReason('User is not allowed to '.$this->mapOperation($attribute).' attachments of type '.$param.'.');
+            return $this->helper->isGranted($token, $param, $this->mapOperation($attribute), $vote);
         }
 
         return false;
diff --git a/src/Security/Voter/GroupVoter.php b/src/Security/Voter/GroupVoter.php
@@ -25,6 +25,7 @@
 use App\Entity\UserSystem\Group;
 use App\Services\UserSystem\VoterHelper;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -43,9 +44,9 @@ public function __construct(private readonly VoterHelper $helper)
      *
      * @param  string  $attribute
      */
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
-        return $this->helper->isGranted($token, 'groups', $attribute);
+        return $this->helper->isGranted($token, 'groups', $attribute, $vote);
     }
 
     /**
diff --git a/src/Security/Voter/ImpersonateUserVoter.php b/src/Security/Voter/ImpersonateUserVoter.php
@@ -26,6 +26,7 @@
 use App\Entity\UserSystem\User;
 use App\Services\UserSystem\VoterHelper;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 use Symfony\Component\Security\Core\User\UserInterface;
 
@@ -47,9 +48,16 @@ protected function supports(string $attribute, mixed $subject): bool
             && $subject instanceof UserInterface;
     }
 
-    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
-        return $this->helper->isGranted($token, 'users', 'impersonate');
+        $result = $this->helper->isGranted($token, 'users', 'impersonate');
+
+        if ($result === false) {
+            $vote?->addReason('User is not allowed to impersonate other users.');
+            $this->helper->addReason($vote, 'users', 'impersonate');
+        }
+
+        return $result;
     }
 
     public function supportsAttribute(string $attribute): bool
@@ -61,4 +69,4 @@ public function supportsType(string $subjectType): bool
     {
         return is_a($subjectType, User::class, true);
     }
-}
+}
diff --git a/src/Security/Voter/LabelProfileVoter.php b/src/Security/Voter/LabelProfileVoter.php
@@ -44,6 +44,7 @@
 use App\Entity\LabelSystem\LabelProfile;
 use App\Services\UserSystem\VoterHelper;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -63,9 +64,9 @@ final class LabelProfileVoter extends Voter
     public function __construct(private readonly VoterHelper $helper)
     {}
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
-        return $this->helper->isGranted($token, 'labels', self::MAPPING[$attribute]);
+        return $this->helper->isGranted($token, 'labels', self::MAPPING[$attribute], $vote);
     }
 
     protected function supports($attribute, $subject): bool
diff --git a/src/Security/Voter/LogEntryVoter.php b/src/Security/Voter/LogEntryVoter.php
@@ -26,6 +26,7 @@
 use Symfony\Bundle\SecurityBundle\Security;
 use App\Entity\LogSystem\AbstractLogEntry;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -39,7 +40,7 @@ public function __construct(private readonly Security $security, private readonl
     {
     }
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
         $user = $this->helper->resolveUser($token);
 
@@ -48,19 +49,19 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
         }
 
         if ('delete' === $attribute) {
-            return $this->helper->isGranted($token, 'system', 'delete_logs');
+            return $this->helper->isGranted($token, 'system', 'delete_logs', $vote);
         }
 
         if ('read' === $attribute) {
             //Allow read of the users own log entries
             if (
                 $subject->getUser() === $user
-                && $this->helper->isGranted($token, 'self', 'show_logs')
+                && $this->helper->isGranted($token, 'self', 'show_logs', $vote)
             ) {
                 return true;
             }
 
-            return $this->helper->isGranted($token, 'system', 'show_logs');
+            return $this->helper->isGranted($token, 'system', 'show_logs', $vote);
         }
 
         if ('show_details' === $attribute) {
diff --git a/src/Security/Voter/OrderdetailVoter.php b/src/Security/Voter/OrderdetailVoter.php
@@ -46,6 +46,7 @@
 use App\Entity\Parts\Part;
 use App\Entity\PriceInformations\Orderdetail;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -59,7 +60,7 @@ public function __construct(private readonly Security $security, private readonl
 
     protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element'];
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
         if (! is_a($subject, Orderdetail::class, true)) {
             throw new \RuntimeException('This voter can only handle Orderdetail objects!');
@@ -75,7 +76,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
 
         //If we have no part associated use the generic part permission
         if (is_string($subject) || !$subject->getPart() instanceof Part) {
-            return $this->helper->isGranted($token, 'parts', $operation);
+            return $this->helper->isGranted($token, 'parts', $operation, $vote);
         }
 
         //Otherwise vote on the part
diff --git a/src/Security/Voter/ParameterVoter.php b/src/Security/Voter/ParameterVoter.php
@@ -39,6 +39,7 @@
 use App\Entity\Parameters\SupplierParameter;
 use RuntimeException;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -53,7 +54,7 @@ public function __construct(private readonly Security $security, private readonl
     {
     }
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
         //return $this->resolver->inherit($user, 'attachments', $attribute) ?? false;
 
@@ -108,7 +109,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
             throw new RuntimeException('Encountered unknown Parameter type: ' . (is_object($subject) ? $subject::class : $subject));
         }
 
-        return $this->helper->isGranted($token, $param, $attribute);
+        return $this->helper->isGranted($token, $param, $attribute, $vote);
     }
 
     protected function supports(string $attribute, $subject): bool
diff --git a/src/Security/Voter/PartAssociationVoter.php b/src/Security/Voter/PartAssociationVoter.php
@@ -46,6 +46,7 @@
 use Symfony\Bundle\SecurityBundle\Security;
 use App\Entity\Parts\Part;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -61,7 +62,7 @@ public function __construct(private readonly Security $security, private readonl
 
     protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element'];
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
         if (!is_string($subject) && !$subject instanceof PartAssociation) {
             throw new \RuntimeException('Invalid subject type!');
@@ -77,7 +78,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
 
         //If we have no part associated use the generic part permission
         if (is_string($subject) ||  !$subject->getOwner() instanceof Part) {
-            return $this->helper->isGranted($token, 'parts', $operation);
+            return $this->helper->isGranted($token, 'parts', $operation, $vote);
         }
 
         //Otherwise vote on the part
diff --git a/src/Security/Voter/PartLotVoter.php b/src/Security/Voter/PartLotVoter.php
@@ -46,6 +46,7 @@
 use App\Entity\Parts\Part;
 use App\Entity\Parts\PartLot;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -59,20 +60,24 @@ public function __construct(private readonly Security $security, private readonl
 
     protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element', 'withdraw', 'add', 'move'];
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
         $user = $this->helper->resolveUser($token);
 
         if (in_array($attribute, ['withdraw', 'add', 'move'], true))
         {
-            $base_permission = $this->helper->isGranted($token, 'parts_stock', $attribute);
+            $base_permission = $this->helper->isGranted($token, 'parts_stock', $attribute, $vote);
 
             $lot_permission = true;
             //If the lot has an owner, we need to check if the user is the owner of the lot to be allowed to withdraw it.
             if ($subject instanceof PartLot && $subject->getOwner()) {
                 $lot_permission = $subject->getOwner() === $user || $subject->getOwner()->getID() === $user->getID();
             }
 
+            if (!$lot_permission) {
+                $vote->addReason('User is not the owner of the lot.');
+            }
+
             return $base_permission && $lot_permission;
         }
 
@@ -86,7 +91,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
 
         //If we have no part associated use the generic part permission
         if (is_string($subject) || !$subject->getPart() instanceof Part) {
-            return $this->helper->isGranted($token, 'parts', $operation);
+            return $this->helper->isGranted($token, 'parts', $operation, $vote);
         }
 
         //Otherwise vote on the part
diff --git a/src/Security/Voter/PartVoter.php b/src/Security/Voter/PartVoter.php
@@ -25,6 +25,7 @@
 use App\Entity\Parts\Part;
 use App\Services\UserSystem\VoterHelper;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -52,10 +53,9 @@ protected function supports($attribute, $subject): bool
         return false;
     }
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
-        //Null concealing operator means, that no
-        return $this->helper->isGranted($token, 'parts', $attribute);
+        return $this->helper->isGranted($token, 'parts', $attribute, $vote);
     }
 
     public function supportsAttribute(string $attribute): bool
diff --git a/src/Security/Voter/PricedetailVoter.php b/src/Security/Voter/PricedetailVoter.php
@@ -47,6 +47,7 @@
 use App\Entity\Parts\Part;
 use App\Entity\PriceInformations\Pricedetail;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 /**
@@ -60,7 +61,7 @@ public function __construct(private readonly Security $security, private readonl
 
     protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element'];
 
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
         $operation = match ($attribute) {
             'read' => 'read',
@@ -72,7 +73,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
 
         //If we have no part associated use the generic part permission
         if (is_string($subject) || !$subject->getOrderdetail() instanceof Orderdetail || !$subject->getOrderdetail()->getPart() instanceof Part) {
-            return $this->helper->isGranted($token, 'parts', $operation);
+            return $this->helper->isGranted($token, 'parts', $operation, $vote);
         }
 
         //Otherwise vote on the part
diff --git a/src/Security/Voter/StructureVoter.php b/src/Security/Voter/StructureVoter.php
@@ -33,6 +33,7 @@
 use App\Entity\PriceInformations\Currency;
 use App\Services\UserSystem\VoterHelper;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 use function is_object;
@@ -113,10 +114,10 @@ protected function instanceToPermissionName(object|string $subject): ?string
      *
      * @param  string  $attribute
      */
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
         $permission_name = $this->instanceToPermissionName($subject);
         //Just resolve the permission
-        return $this->helper->isGranted($token, $permission_name, $attribute);
+        return $this->helper->isGranted($token, $permission_name, $attribute, $vote);
     }
 }
diff --git a/src/Security/Voter/UserVoter.php b/src/Security/Voter/UserVoter.php
@@ -26,6 +26,7 @@
 use App\Services\UserSystem\PermissionManager;
 use App\Services\UserSystem\VoterHelper;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
 use function in_array;
@@ -79,7 +80,7 @@ public function supportsType(string $subjectType): bool
      *
      * @param  string  $attribute
      */
-    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool
     {
         $user = $this->helper->resolveUser($token);
 
@@ -97,7 +98,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
         if (($subject instanceof User) && $subject->getID() === $user->getID() &&
             $this->helper->isValidOperation('self', $attribute)) {
             //Then we also need to check the self permission
-            $tmp = $this->helper->isGranted($token, 'self', $attribute);
+            $tmp = $this->helper->isGranted($token, 'self', $attribute, $vote);
             //But if the self value is not allowed then use just the user value:
             if ($tmp) {
                 return $tmp;
@@ -106,7 +107,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
 
         //Else just check user permission:
         if ($this->helper->isValidOperation('users', $attribute)) {
-            return $this->helper->isGranted($token, 'users', $attribute);
+            return $this->helper->isGranted($token, 'users', $attribute, $vote);
         }
 
         return false;
diff --git a/src/Services/UserSystem/VoterHelper.php b/src/Services/UserSystem/VoterHelper.php
@@ -54,11 +54,16 @@ public function __construct(private readonly PermissionManager $permissionManage
      * @param  TokenInterface  $token  The token to check
      * @param  string  $permission  The permission to check
      * @param  string  $operation  The operation to check
+     * @param  Vote|null $vote  The vote object to add reasons to (optional). If null, no reasons are added.
      * @return bool
      */
-    public function isGranted(TokenInterface $token, string $permission, string $operation): bool
+    public function isGranted(TokenInterface $token, string $permission, string $operation, ?Vote $vote = null): bool
     {
-        return $this->isGrantedTrinary($token, $permission, $operation) ?? false;
+        $tmp = $this->isGrantedTrinary($token, $permission, $operation) ?? false;
+        if ($tmp === false) {
+            $this->addReason($vote, $permission, $operation);
+        }
+        return $tmp;
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@`
`41`	`41`	`use RuntimeException;`
`42`	`42`
`43`	`43`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
	`44`	`+use Symfony\Component\Security\Core\Authorization\Voter\Vote;`
`44`	`45`	`use Symfony\Component\Security\Core\Authorization\Voter\Voter;`
`45`	`46`
`46`	`47`	`use function in_array;`
`@@ -56,7 +57,7 @@ public function __construct(private readonly Security $security, private readonl`
`56`	`57`	`{`
`57`	`58`	`}`
`58`	`59`
`59`		`- protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool`
	`60`	`+ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool`
`60`	`61`	`{`
`61`	`62`
`62`	`63`	`//This voter only works for attachments`
`@@ -65,7 +66,8 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $`
`65`	`66`	`}`
`66`	`67`
`67`	`68`	`if ($attribute === 'show_private') {`
`68`		`- return $this->helper->isGranted($token, 'attachments', 'show_private');`
	`69`	`+ $vote?->addReason('User is not allowed to view private attachments.');`
	`70`	`+ return $this->helper->isGranted($token, 'attachments', 'show_private', $vote);`
`69`	`71`	`}`
`70`	`72`
`71`	`73`
`@@ -111,7 +113,8 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $`
`111`	`113`	`throw new RuntimeException('Encountered unknown Parameter type: ' . $subject);`
`112`	`114`	`}`
`113`	`115`
`114`		`- return $this->helper->isGranted($token, $param, $this->mapOperation($attribute));`
	`116`	`+ $vote?->addReason('User is not allowed to '.$this->mapOperation($attribute).' attachments of type '.$param.'.');`
	`117`	`+ return $this->helper->isGranted($token, $param, $this->mapOperation($attribute), $vote);`
`115`	`118`	`}`
`116`	`119`
`117`	`120`	`return false;`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@`
`25`	`25`	`use App\Entity\UserSystem\Group;`
`26`	`26`	`use App\Services\UserSystem\VoterHelper;`
`27`	`27`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
	`28`	`+use Symfony\Component\Security\Core\Authorization\Voter\Vote;`
`28`	`29`	`use Symfony\Component\Security\Core\Authorization\Voter\Voter;`
`29`	`30`
`30`	`31`	`/**`
`@@ -43,9 +44,9 @@ public function __construct(private readonly VoterHelper $helper)`
`43`	`44`	`*`
`44`	`45`	`* @param string $attribute`
`45`	`46`	`*/`
`46`		`- protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool`
	`47`	`+ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool`
`47`	`48`	`{`
`48`		`- return $this->helper->isGranted($token, 'groups', $attribute);`
	`49`	`+ return $this->helper->isGranted($token, 'groups', $attribute, $vote);`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@`
`26`	`26`	`use App\Entity\UserSystem\User;`
`27`	`27`	`use App\Services\UserSystem\VoterHelper;`
`28`	`28`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
	`29`	`+use Symfony\Component\Security\Core\Authorization\Voter\Vote;`
`29`	`30`	`use Symfony\Component\Security\Core\Authorization\Voter\Voter;`
`30`	`31`	`use Symfony\Component\Security\Core\User\UserInterface;`
`31`	`32`
`@@ -47,9 +48,16 @@ protected function supports(string $attribute, mixed $subject): bool`
`47`	`48`	`&& $subject instanceof UserInterface;`
`48`	`49`	`}`
`49`	`50`
`50`		`- protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool`
	`51`	`+ protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool`
`51`	`52`	`{`
`52`		`- return $this->helper->isGranted($token, 'users', 'impersonate');`
	`53`	`+ $result = $this->helper->isGranted($token, 'users', 'impersonate');`
	`54`	`+`
	`55`	`+ if ($result === false) {`
	`56`	`+ $vote?->addReason('User is not allowed to impersonate other users.');`
	`57`	`+ $this->helper->addReason($vote, 'users', 'impersonate');`
	`58`	`+ }`
	`59`	`+`
	`60`	`+ return $result;`
`53`	`61`	`}`
`54`	`62`
`55`	`63`	`public function supportsAttribute(string $attribute): bool`
`@@ -61,4 +69,4 @@ public function supportsType(string $subjectType): bool`
`61`	`69`	`{`
`62`	`70`	`return is_a($subjectType, User::class, true);`
`63`	`71`	`}`
`64`		`-}`
	`72`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@`
`39`	`39`	`use App\Entity\Parameters\SupplierParameter;`
`40`	`40`	`use RuntimeException;`
`41`	`41`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
	`42`	`+use Symfony\Component\Security\Core\Authorization\Voter\Vote;`
`42`	`43`	`use Symfony\Component\Security\Core\Authorization\Voter\Voter;`
`43`	`44`
`44`	`45`	`/**`
`@@ -53,7 +54,7 @@ public function __construct(private readonly Security $security, private readonl`
`53`	`54`	`{`
`54`	`55`	`}`
`55`	`56`
`56`		`- protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool`
	`57`	`+ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token, ?Vote $vote = null): bool`
`57`	`58`	`{`
`58`	`59`	`//return $this->resolver->inherit($user, 'attachments', $attribute) ?? false;`
`59`	`60`
`@@ -108,7 +109,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $`
`108`	`109`	`throw new RuntimeException('Encountered unknown Parameter type: ' . (is_object($subject) ? $subject::class : $subject));`
`109`	`110`	`}`
`110`	`111`
`111`		`- return $this->helper->isGranted($token, $param, $attribute);`
	`112`	`+ return $this->helper->isGranted($token, $param, $attribute, $vote);`
`112`	`113`	`}`
`113`	`114`
`114`	`115`	`protected function supports(string $attribute, $subject): bool`