getUser(); // if the user is anonymous, do not grant access if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case 'BANK_ACCOUNT_READ': if($subject->getOrganization()->count() === 1){ return $this->security->isGranted('ROLE_ORGANIZATION_VIEW') && $subject->getOrganization()->current()->getId() === $user->getOrganization()->getId(); } break; case 'BANK_ACCOUNT_EDIT': case 'BANK_ACCOUNT_DELETE': if($subject->getOrganization()->count() === 1){ return $this->security->isGranted('ROLE_ORGANIZATION') && $subject->getOrganization()->current()->getId() === $user->getOrganization()->getId(); } break; } return false; } }