From 6446eb2ce1937dadb170a8e89a73d88d39f46e13 Mon Sep 17 00:00:00 2001
From: Charles <ce.marguerite@sudalys.fr>
Date: Mon, 28 Jul 2025 11:20:31 +0200
Subject: [PATCH] Handle permission

---
 src/Controller/UserController.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index 5655ac4..6315bcb 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -38,9 +38,16 @@ class UserController extends AbstractController
         if ($this->isGranted('ROLE_SUPER_ADMIN')) {
             $usersByOrganization = $entityManager->getRepository(UsersOrganizations::class)->getActiveUsersGroupedByOrganization();
 
-        } else {
+        } else{
             $userIdentifier = $this->getUser()->getUserIdentifier();
+            if (!$userIdentifier) {
+               return $this->redirectToRoute('app_login');
+            }
             $organizations = $this->entityManager->getRepository(UsersOrganizations::class)->findOrganizationsByUserEmailAndRoleName($userIdentifier, 'ADMIN');
+            if(!$organizations) {
+//                if user is not admin in any organization, throw access denied
+                throw $this->createNotFoundException(self::ACCESS_DENIED);
+            }
             $usersByOrganization = $this->entityManager->getRepository(UsersOrganizations::class)
                 ->findActiveUsersByOrganizations($organizations);
         }