add security to UserSearchItem ApiResource

src/Doctrine/Access/CurrentAccessExtension.php

@@ -7,6 +7,7 @@ namespace App\Doctrine\Access;
 use ApiPlatform\Metadata\Operation;
 use App\Doctrine\AbstractExtension;
 use App\Entity\Access\Access;
+use App\Entity\Custom\Search\UserSearchItem;
 use App\Service\ServiceIterator\CurrentAccessExtensionIterator;
 use Doctrine\ORM\QueryBuilder;
 use Symfony\Bundle\SecurityBundle\Security;
@@ -24,7 +25,7 @@ final class CurrentAccessExtension extends AbstractExtension
 
     public function supports(string $resourceClass, ?Operation $operation): bool
     {
-        return $resourceClass === Access::class;
+        return in_array($resourceClass, [Access::class, UserSearchItem::class]);
     }
 
     protected function addWhere(QueryBuilder $queryBuilder, string $resourceClass, ?Operation $operation): void

src/Entity/Custom/Search/UserSearchItem.php

@@ -16,14 +16,16 @@ use Doctrine\ORM\Mapping as ORM;
 /**
  * Données réduites d'identification d'un utilisateur (ids, noms)
  * Utilisées entre autres pour les listes déroulantes de recherche.
- * TODO: revoir sécurité
  *
  * Fichier source de la view : ./sql/schema-extensions/003-view_search_user.sql
+ *
+ * @see App\Doctrine\Access\CurrentAccessExtension
  */
 #[ApiResource(
     operations: [
         new Get(
-            uriTemplate: '/search/users/{id}'
+            uriTemplate: '/search/users/{id}',
+            security: 'object.getOrganizationId() == user.getOrganization().getId()'
         ),
         new GetCollection(
             uriTemplate: '/search/users',