permissionService->userHas($actorUserId, self::PERMISSION_KEY)) { return AuthorizationDecision::deny(403, 'forbidden'); } return AuthorizationDecision::allow(); } }