/** * @inheritdoc */ public function promote(Netizen $user, SecurityContextInterface $ctx) { // we only check the equality on author because, roles are just changing now if ($user->getAuthor()->isEqual($ctx->getToken()->getUser()->getAuthor())) { throw new AccessDeniedException("You can't promote yourself"); } if ($ctx->isGranted('ROLE_PROMOTE')) { $this->repository->persist($user); } else { throw new AccessDeniedException("You have no right to promote someone"); } }