*/ class OrganizationsRepository extends ServiceEntityRepository { public function __construct(ManagerRegistry $registry) { parent::__construct($registry, Organizations::class); } public function findAdmissibleOrganizations(User $user, bool $isSuperAdmin, int $page, int $size, array $filters = []): Paginator { $qb = $this->createQueryBuilder('o') ->where('o.isDeleted = :del') ->setParameter('del', false); // 1. Security Logic: If not Super Admin, join UsersOrganizations to filter if (!$isSuperAdmin) { $qb->innerJoin(UsersOrganizations::class, 'uo', 'WITH', 'uo.organization = o') ->andWhere('uo.users = :user') ->andWhere('uo.role = :roleAdmin') ->andWhere('uo.isActive = true') ->setParameter('user', $user) // You can pass the actual Role entity or the string name depending on your mapping ->setParameter('roleAdmin', $this->_em->getRepository(\App\Entity\Roles::class)->findOneBy(['name' => 'ADMIN'])); } // 2. Filters if (!empty($filters['name'])) { $qb->andWhere('o.name LIKE :name') ->setParameter('name', '%' . $filters['name'] . '%'); } if (!empty($filters['email'])) { $qb->andWhere('o.email LIKE :email') ->setParameter('email', '%' . $filters['email'] . '%'); } // 3. Pagination $qb->setFirstResult(($page - 1) * $size) ->setMaxResults($size); return new Paginator($qb); } }