Escapepage/src/Game/Security/Voter/SessionVoter.php

<?php

namespace App\Game\Security\Voter;

use App\Game\Entity\Session;
use App\Tech\Entity\User;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;

class SessionVoter extends Voter
{
    public const VIEW = 'SESSION_VIEW';

    public function __construct(
        private readonly Security $security,
    ) {
    }

    protected function supports(string $attribute, mixed $subject): bool
    {
        return $attribute === self::VIEW && $subject instanceof Session;
    }

    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
    {
        $user = $token->getUser();

        if (!$user instanceof User) {
            return false;
        }

        if ($this->security->isGranted('ROLE_ADMIN')) {
            return true;
        }

        /** @var Session $session */
        $session = $subject;

        foreach ($session->getPlayers() as $player) {
            if ($player->getUser() === $user) {
                return true;
            }
        }

        return false;
    }
}