wholehogsoftware/gist:4e4ec02a8c3752789e2de6c247b148d5

## gistfile1.txt
<?php
namespace Hero\AgentBundle\Security\Authorization\Voter;

use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * Class LeadVoter
 * @package Hero\AgentBundle\Security\Authorization\Voter
 */
class LeadVoter implements VoterInterface
{
    const VIEW      = 'view';
    const EDIT      = 'edit';
    const ACCEPT    = 'accept';
    const REJECT    = 'reject';

    /**
     * @param array $attribute
     * @return bool
     */
    public function supportsAttribute($attribute)
    {
        return in_array($attribute, [
            self::VIEW,
            self::EDIT,
            self::ACCEPT,
            self::REJECT,
        ]);
    }

    /**
     * @param string $class
     * @return bool
     */
    public function supportsClass($class)
    {
        $supportedClass = 'Hero\BackendBundle\Entity\Lead';

        return $supportedClass === $class || is_subclass_of($class, $supportedClass);
    }

    /**
     * @param TokenInterface $token
     * @param mixed          $lead
     * @param array          $attributes
     * @return int
     */
    public function vote(TokenInterface $token, $lead, array $attributes)
    {
        if (!$this->supportsClass(get_class($lead))) {
            return VoterInterface::ACCESS_ABSTAIN;
        }

        $attribute = $attributes[0];

        if (!$this->supportsAttribute($attribute)) {
            return VoterInterface::ACCESS_ABSTAIN;
        }

        $user = $token->getUser();

        if (!$user instanceof UserInterface) {
            return VoterInterface::ACCESS_DENIED;
        }

        switch ($attribute) {
            case self::VIEW:
                if ($lead->getAgent() && $user->getId() === $lead->getAgent()->getId()) {
                    return VoterInterface::ACCESS_GRANTED;
                }
                break;

            case self::EDIT:
                if ($lead->getAgent() && $user->getId() === $lead->getAgent()->getId()) {
                    return VoterInterface::ACCESS_GRANTED;
                }
                break;

            case self::ACCEPT:
            case self::REJECT:
                if ($lead->getAgent() === $user) {
                    return VoterInterface::ACCESS_GRANTED;
                }
                break;
        }

        return VoterInterface::ACCESS_DENIED;
    }
}
	<?php
	namespace Hero\AgentBundle\Security\Authorization\Voter;

	use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
	use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
	use Symfony\Component\Security\Core\User\UserInterface;

	/**
	* Class LeadVoter
	* @package Hero\AgentBundle\Security\Authorization\Voter
	*/
	class LeadVoter implements VoterInterface
	{
	const VIEW = 'view';
	const EDIT = 'edit';
	const ACCEPT = 'accept';
	const REJECT = 'reject';

	/**
	* @param array $attribute
	* @return bool
	*/
	public function supportsAttribute($attribute)
	{
	return in_array($attribute, [
	self::VIEW,
	self::EDIT,
	self::ACCEPT,
	self::REJECT,
	]);
	}

	/**
	* @param string $class
	* @return bool
	*/
	public function supportsClass($class)
	{
	$supportedClass = 'Hero\BackendBundle\Entity\Lead';

	return $supportedClass === $class \|\| is_subclass_of($class, $supportedClass);
	}

	/**
	* @param TokenInterface $token
	* @param mixed $lead
	* @param array $attributes
	* @return int
	*/
	public function vote(TokenInterface $token, $lead, array $attributes)
	{
	if (!$this->supportsClass(get_class($lead))) {
	return VoterInterface::ACCESS_ABSTAIN;
	}

	$attribute = $attributes[0];

	if (!$this->supportsAttribute($attribute)) {
	return VoterInterface::ACCESS_ABSTAIN;
	}

	$user = $token->getUser();

	if (!$user instanceof UserInterface) {
	return VoterInterface::ACCESS_DENIED;
	}

	switch ($attribute) {
	case self::VIEW:
	if ($lead->getAgent() && $user->getId() === $lead->getAgent()->getId()) {
	return VoterInterface::ACCESS_GRANTED;
	}
	break;

	case self::EDIT:
	if ($lead->getAgent() && $user->getId() === $lead->getAgent()->getId()) {
	return VoterInterface::ACCESS_GRANTED;
	}
	break;

	case self::ACCEPT:
	case self::REJECT:
	if ($lead->getAgent() === $user) {
	return VoterInterface::ACCESS_GRANTED;
	}
	break;
	}

	return VoterInterface::ACCESS_DENIED;
	}
	}