From 7df70cab98075f8f4d2b5a9a52311ece1ddab467 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Thu, 24 Mar 2022 10:58:43 +0100
Subject: [PATCH] allow a user/referrer to see his own courses, even if the
 scope is not his own

---
 .../Security/Authorization/AccompanyingPeriodVoter.php    | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
index bf6e6c287..a1166da25 100644
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
@@ -130,6 +130,14 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
                 return false;
             }
 
+            if (in_array($attribute, [
+                self::SEE, self::SEE_DETAILS, self::EDIT
+            ])) {
+                if ($subject->getUser() === $token->getUser()) {
+                    return true;
+                }
+            }
+
             if (self::TOGGLE_CONFIDENTIAL === $attribute) {
                 if (null !== $subject->getUser() && ($subject->getUser() === $token->getUser())) {
                     return true;