security->getUser(); if (!$user instanceof User) { return false; } if (!$subject instanceof WorkHour) { return false; } $employee = $subject->getEmployee(); if (null === $employee) { return false; } // Délégation de la règle au service de scope unique (évite la duplication). return $this->employeeScopeService->canAccessEmployee($user, $employee); } }