Add attachments to workflow

src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoter.php

@@ -12,6 +12,8 @@ declare(strict_types=1);
 namespace Chill\DocStoreBundle\Security\Authorization;
 
 use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Repository\Workflow\EntityWorkflowAttachmentRepository;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
@@ -26,7 +28,12 @@ class StoredObjectVoter extends Voter
 {
     public const LOG_PREFIX = '[stored object voter] ';
 
-    public function __construct(private readonly Security $security, private readonly iterable $storedObjectVoters, private readonly LoggerInterface $logger) {}
+    public function __construct(
+        private readonly Security $security,
+        private readonly iterable $storedObjectVoters,
+        private readonly LoggerInterface $logger,
+        private readonly EntityWorkflowAttachmentRepository $entityWorkflowAttachmentRepository,
+    ) {}
 
     protected function supports($attribute, $subject): bool
     {
@@ -39,6 +46,16 @@ class StoredObjectVoter extends Voter
         /** @var StoredObject $subject */
         $attributeAsEnum = StoredObjectRoleEnum::from($attribute);
 
+        // check if the stored object is attached to any workflow
+        $user = $token->getUser();
+        if ($user instanceof User && StoredObjectRoleEnum::SEE === $attributeAsEnum) {
+            foreach ($this->entityWorkflowAttachmentRepository->findByStoredObject($subject) as $workflowAttachment) {
+                if ($workflowAttachment->getEntityWorkflow()->isUserInvolved($user)) {
+                    return true;
+                }
+            }
+        }
+
         // Loop through context-specific voters
         foreach ($this->storedObjectVoters as $storedObjectVoter) {
             if ($storedObjectVoter->supports($attributeAsEnum, $subject)) {