diff --git a/src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php b/src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php
index 9ed421461..af78eb73c 100644
--- a/src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php
+++ b/src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php
@@ -12,6 +12,8 @@ declare(strict_types=1);
 namespace Chill\WopiBundle\Service\Wopi;
 
 use ChampsLibres\WopiLib\Contract\Entity\Document;
+use Chill\DocStoreBundle\Repository\StoredObjectRepository;
+use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\MainBundle\Entity\User;
 use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
 use Psr\Http\Message\RequestInterface;
@@ -19,13 +21,18 @@ use Symfony\Component\Security\Core\Security;
 
 class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\AuthorizationManagerInterface
 {
-    public function __construct(private readonly JWTTokenManagerInterface $tokenManager, private readonly Security $security) {}
+    public function __construct(private readonly JWTTokenManagerInterface $tokenManager, private readonly Security $security, private readonly StoredObjectRepository $storedObjectRepository) {}
 
     public function isRestrictedWebViewOnly(string $accessToken, Document $document, RequestInterface $request): bool
     {
         return false;
     }
 
+    public function getRelatedStoredObject(Document $document)
+    {
+        return $this->storedObjectRepository->findOneBy(['uuid' => $document->getWopiDocId()]);
+    }
+
     public function isTokenValid(string $accessToken, Document $document, RequestInterface $request): bool
     {
         $metadata = $this->tokenManager->parse($accessToken);
@@ -60,12 +67,21 @@ class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\Authori
 
     public function userCanPresent(string $accessToken, Document $document, RequestInterface $request): bool
     {
-        return $this->isTokenValid($accessToken, $document, $request);
+        $storedObject = $this->getRelatedStoredObject($document);
+
+        if ($this->security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject)) {
+
+            return $this->isTokenValid($accessToken, $document, $request);
+        }
+
+        return false;
     }
 
     public function userCanRead(string $accessToken, Document $document, RequestInterface $request): bool
     {
-        if ($this->security->isGranted('SEE', $document)) {
+        $storedObject = $this->getRelatedStoredObject($document);
+
+        if ($this->security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject)) {
             return $this->isTokenValid($accessToken, $document, $request);
         }
 
@@ -79,7 +95,9 @@ class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\Authori
 
     public function userCanWrite(string $accessToken, Document $document, RequestInterface $request): bool
     {
-        if ($this->security->isGranted('EDIT', $document)) {
+        $storedObject = $this->getRelatedStoredObject($document);
+
+        if ($this->security->isGranted(StoredObjectRoleEnum::EDIT->value, $storedObject)) {
             return $this->isTokenValid($accessToken, $document, $request);
         }