/**
  * Verify permissions through Oro Platform security bundle
  *
  * @param string $operation
  * @param Comment|string $entity
  * @throws ForbiddenException
  */
 private function isGranted($operation, $entity)
 {
     // User should have ability to view all comments (except private)
     // if he is an owner of a ticket
     if ($operation === 'VIEW' && is_object($entity)) {
         if ($this->authorizationService->getLoggedUser()) {
             $loggedUser = $this->authorizationService->getLoggedUser();
             if ($loggedUser instanceof ApiUser) {
                 $loggedUser = $this->userService->getUserFromApiUser($loggedUser);
             }
             /** @var User $reporter */
             $reporter = $entity->getTicket()->getReporter();
             if ($loggedUser && $reporter && $loggedUser->getId() == $reporter->getId()) {
                 return;
             }
         }
     }
     if (!$this->authorizationService->isActionPermitted($operation, $entity)) {
         throw new ForbiddenException("Not enough permissions.");
     }
 }
 /**
  * Verify permissions through Oro Platform security bundle
  *
  * @param string $operation
  * @param $entity
  * @throws \Oro\Bundle\SecurityBundle\Exception\ForbiddenException
  */
 private function isGranted($operation, $entity)
 {
     if (!$this->authorizationService->isActionPermitted($operation, $entity)) {
         throw new ForbiddenException("Not enough permissions.");
     }
 }