App\Entity\Access\Access:
  collectionOperations:
    get: ~

    cget_students:
      method: GET
      path: '/students'
      security: 'is_granted("ROLE_USERS_VIEW")'

    cget_admin:
      method: GET
      path: '/admin'

    cget_access_person_ref:
      method: GET
      path: '/access_people'
      normalization_context:
        groups: ['access_people_ref']

  itemOperations:
    get:
      security: '(is_granted("ROLE_USERS_VIEW") and object.getOrganization().getId() == user.getOrganization().getId()) or (object.getId() == user.getId())'

    get_access_address:
      method: GET
      path: '/access_addresses/{id}'
      requirements:
        id : '\d+'
      normalization_context:
        groups: ['access_address', 'address']]
      security: 'object.getOrganization().getId() == user.getOrganization().getId()'

    put:
      security: 'is_granted("ROLE_USERS") or (object.getId() == user.getId())'

    delete: ~