From fe6e4b44e5eccd316ba5cfc55c09267bfa051c1f Mon Sep 17 00:00:00 2001
From: Charles <ce.marguerite@sudalys.fr>
Date: Wed, 11 Feb 2026 13:58:37 +0100
Subject: [PATCH] correct role logic

---
 src/Controller/UserController.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index 0eeeb75..0619640 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -678,15 +678,15 @@ class UserController extends AbstractController
     #[Route(path: '/organization/resend-invitation/{userId}', name: 'resend_invitation', methods: ['POST'])]
     public function resendInvitation(int $userId, Request $request): JsonResponse
     {
-        $this->denyAccessUnlessGranted("ROLE_ADMIN");
+        $this->denyAccessUnlessGranted("ROLE_USER");
         $actingUser = $this->getUser();
-        if ($this->userService->hasAccessTo($actingUser, true)) {
-            $orgId = $request->get('organizationId');
-            $org = $this->organizationRepository->find($orgId);
-            if (!$org) {
-                $this->loggerService->logEntityNotFound('Organization', ['id' => $orgId], $actingUser->getUserIdentifier());
-                throw $this->createNotFoundException(self::NOT_FOUND);
-            }
+        $orgId = $request->request->get('organizationId');
+        $org = $this->organizationRepository->find($orgId);
+        if (!$org) {
+            $this->loggerService->logEntityNotFound('Organization', ['id' => $orgId], $actingUser->getUserIdentifier());
+            throw $this->createNotFoundException(self::NOT_FOUND);
+        }
+        if ($this->userService->isAdminOfOrganization($org)) {
             $user = $this->userRepository->find($userId);
             if (!$user) {
                 $this->loggerService->logEntityNotFound('User', ['id' => $user->getId()], $actingUser->getUserIdentifier());
@@ -729,8 +729,8 @@ class UserController extends AbstractController
     #[Route(path: '/accept-invitation', name: 'accept', methods: ['GET'])]
     public function acceptInvitation(Request $request): Response
     {
-        $token = $request->get('token');
-        $userId = $request->get('id');
+        $token = $request->query->get('token');
+        $userId = $request->query->get('id');
 
         if (!$token || !$userId) {
             $this->loggerService->logEntityNotFound('Token or UserId missing in accept invitation', [