From 95c91b502293a45ef65dadec10ec402731e5b3ee Mon Sep 17 00:00:00 2001
From: David Molineus <david.molineus@netzmacht.de>
Date: Mon, 23 Sep 2024 16:08:01 +0200
Subject: [PATCH] Fix permission check

---
 src/Security/PagePermissionGuard.php | 23 ++++++-----------------
 1 file changed, 6 insertions(+), 17 deletions(-)

diff --git a/src/Security/PagePermissionGuard.php b/src/Security/PagePermissionGuard.php
index f7dd605..2d5d67e 100644
--- a/src/Security/PagePermissionGuard.php
+++ b/src/Security/PagePermissionGuard.php
@@ -4,12 +4,10 @@
 
 namespace Hofff\Contao\Navigation\Security;
 
-use Contao\FrontendUser;
+use Contao\CoreBundle\Security\ContaoCorePermissions;
 use Contao\ModuleModel;
 use Contao\StringUtil;
-use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface AS Security;
-
-use function array_intersect;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface as Security;
 
 final class PagePermissionGuard
 {
@@ -74,18 +72,9 @@ public function isPermissionDenied(array $page): bool
             return false;
         }
 
-        $user = $this->security->getUser();
-        if (! $user instanceof FrontendUser) {
-            return true;
-        }
-
-        // the current user is not in any group
-        /** @psalm-suppress RiskyTruthyFalsyComparison */
-        if (! $user->groups) {
-            return true;
-        }
-
-        // check if the current user is not in any group, which is allowed to access the current page
-        return ! array_intersect((array) $user->groups, StringUtil::deserialize($page['groups'], true));
+        return ! $this->security->isGranted(
+            ContaoCorePermissions::MEMBER_IN_GROUPS,
+            StringUtil::deserialize($page['groups'], true),
+        );
     }
 }