Review of access logic

src/Controller/UserController.php

@@ -106,6 +106,7 @@ class UserController extends AbstractController
     #[Route('/new', name: 'new', methods: ['GET', 'POST'])]
     public function new(Request $request): Response
     {
+        $this->denyAccessUnlessGranted("ROLE_ADMIN");
         $form = $this->createForm(UserForm::class);
         $organizationId = $request->query->get('organizationId');