We needed to decide whether a user loaded from FOSUserBundle is granted a specific role. Because of the role hierarchy, this is not as simple as doing
in_array($role, $user->getRoles()). The user model only knows about its roles, not about what other roles those roles grant it.
The only thing that handles this situation that i found is the SecurityContext::isGranted method. But the problem of that is that its a check about the role of the "current" user. We needed this information in a command that generates a file and needs to know which user has permission for a specific role.
The RoleHierarchy service can not do decisions but only explode roles into all roles granted through the tree. The RoleHiararchyVoter is part of the security manager. Both are private service and thus not intended to be reused in application code.
The simplest we could come up with is this code, which we use like this:
$roleHierarchy = $this->getContainer()->get('acme_demo.security.role_hierarchy_checker');