private function validateOwner(\Club\ShopBundle\Entity\Order $order) { $user = $this->get('security.context')->getToken()->getUser(); // FIXME, does security not allowed exception exists if ($order->getUser()->getId() != $user->getId()) { throw new \Exception('You are not allowed to change this order.'); } }