Update role logic for action display

src/Controller/ActionController.php

@@ -5,6 +5,7 @@ namespace App\Controller;
 use App\Entity\Actions;
 use App\Entity\Organizations;
 use App\Service\ActionService;
+use App\Service\UserService;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -15,14 +16,15 @@ class ActionController extends AbstractController
 {
     public function __construct(
         private EntityManagerInterface $entityManager,
-        private ActionService $actionService
+        private ActionService          $actionService, private readonly UserService $userService
     ) {
     }
 
     #[Route('/organization/{id}/activities-ajax', name: 'app_organization_activities_ajax', methods: ['GET'])]
     public function fetchActivitiesAjax(Organizations $organization): JsonResponse
     {
-        $this->denyAccessUnlessGranted('ROLE_ADMIN');
+        $this->denyAccessUnlessGranted('ROLE_USER');
+        if($this->userService->isAdminOfOrganization($organization)){
             $actions = $this->entityManager->getRepository(Actions::class)->findBy(
                 ['Organization' => $organization],
                 ['date' => 'DESC'],
@@ -32,4 +34,6 @@ class ActionController extends AbstractController
 
             return new JsonResponse($formattedActivities);
         }
+        return new JsonResponse(['error' => 'You are not authorized to access this page.'], 403);
+    }
 }