Restrict SHARE action in SavedExportVoter to require COMPOSE_EXPORT permission.

src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php

@@ -55,7 +55,8 @@ final class SavedExportVoter extends Voter
         }
 
         return match ($attribute) {
-            self::DELETE, self::EDIT, self::SHARE => $subject->getUser() === $token->getUser(),
+            self::DELETE, self::EDIT => $subject->getUser() === $token->getUser(),
+            self::SHARE => $subject->getUser() === $token->getUser() && $this->accessDecisionManager->decide($token, [ChillExportVoter::COMPOSE_EXPORT]),
             self::DUPLICATE => $this->accessDecisionManager->decide($token, [ChillExportVoter::COMPOSE_EXPORT]) && $this->accessDecisionManager->decide($token, [self::EDIT], $subject) ,
             self::GENERATE => $this->canUserGenerate($user, $subject),
             default => throw new \UnexpectedValueException('attribute not supported: '.$attribute),