From 46b31ae1ea204dfc666037ad737c40fae49a478a Mon Sep 17 00:00:00 2001
From: Julie Lenaerts <julielenaerts@gmail.com>
Date: Fri, 30 Aug 2024 11:29:25 +0200
Subject: [PATCH] Adjust logic to only allow on hold if user is allowed to
 apply a transition

---
 .../Controller/WorkflowOnHoldController.php      | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/Bundle/ChillMainBundle/Controller/WorkflowOnHoldController.php b/src/Bundle/ChillMainBundle/Controller/WorkflowOnHoldController.php
index 5698fe799..a7831159c 100644
--- a/src/Bundle/ChillMainBundle/Controller/WorkflowOnHoldController.php
+++ b/src/Bundle/ChillMainBundle/Controller/WorkflowOnHoldController.php
@@ -32,11 +32,21 @@ class WorkflowOnHoldController extends AbstractController
         $workflow = $this->registry->get($entityWorkflow, $entityWorkflow->getWorkflowName());
 
         $enabledTransitions = $workflow->getEnabledTransitions($entityWorkflow);
-        $usersInvolved = $entityWorkflow->getUsersInvolved();
+        if (\count($enabledTransitions) === 0) {
+            throw $this->createAccessDeniedException('No transitions are available for the current workflow state.');
+        }
 
-        /*        if (count($enabledTransitions) > 0) {
+        $isTransitionAllowed = false;
+        foreach ($enabledTransitions as $transition) {
+            if ($workflow->can($entityWorkflow, $transition->getName())) {
+                $isTransitionAllowed = true;
+                break;
+            }
+        }
 
-                }*/
+        if (!$isTransitionAllowed) {
+            throw $this->createAccessDeniedException('You are not allowed to apply any transitions to this workflow, therefore you cannot put it on hold.');
+        }
 
         $stepHold = new EntityWorkflowStepHold($currentStep, $currentUser);