From 9da1edaa9266c6134ce23ce6884b00c647d0867d Mon Sep 17 00:00:00 2001
From: Charles <ce.marguerite@sudalys.fr>
Date: Thu, 7 Aug 2025 12:04:06 +0200
Subject: [PATCH] Review of access logic

---
 src/Controller/UserController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index f9a866c..5db81f3 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -106,6 +106,7 @@ class UserController extends AbstractController
     #[Route('/new', name: 'new', methods: ['GET', 'POST'])]
     public function new(Request $request): Response
     {
+        $this->denyAccessUnlessGranted("ROLE_ADMIN");
         $form = $this->createForm(UserForm::class);
         $organizationId = $request->query->get('organizationId');