security = $security; $this->handleAccessExtension = $handleAccessExtension; } public function applyToCollection(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, string $operationName = null): void { $this->addWhere($queryBuilder, $resourceClass, $operationName); } public function applyToItem(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, array $identifiers, string $operationName = null, array $context = []): void { $this->addWhere($queryBuilder, $resourceClass, $operationName); } private function addWhere(QueryBuilder $queryBuilder, string $resourceClass, string $operationName): void { if (Access::class !== $resourceClass) { return; } /** @var Access $currentUser */ $currentUser = $this->security->getUser(); $rootAlias = $queryBuilder->getRootAliases()[0]; $queryBuilder->andWhere(sprintf('%s.organization = :current_organization', $rootAlias)); $queryBuilder->setParameter('current_organization', $currentUser->getOrganization()); $this->handleAccessExtension->addWhere($queryBuilder, $operationName); } }