employees->find(Uuid::fromString($id)); if (!$employee instanceof Employee) { throw new NotFoundHttpException('Mitarbeiter nicht gefunden.'); } $this->assertAccess($employee); $template = $this->templates->findCardForCompany($employee->getCompany()) ?? $this->factory->default(); $pdf = $this->renderer->render($employee, $template); return new Response($pdf, 200, [ 'Content-Type' => 'application/pdf', 'Content-Disposition' => sprintf('inline; filename="visitenkarte-%s.pdf"', $employee->getSlug()), ]); } private function assertAccess(Employee $employee): void { if ($this->tenant->isPlatformAdmin()) { return; } $reseller = $this->tenant->getReseller(); if (null === $reseller || $employee->getReseller()?->getId()->equals($reseller->getId()) !== true) { throw new AccessDeniedHttpException('Mitarbeiter gehört nicht zum eigenen Mandanten.'); } $own = $this->tenant->getCompany(); if (null !== $own && !$employee->getCompany()->getId()->equals($own->getId())) { throw new AccessDeniedHttpException('Nur Mitarbeiter der eigenen Firma.'); } } }