From 8c92d117225b77a9cd5951ddd721311ad3ebd022 Mon Sep 17 00:00:00 2001
From: Julie Lenaerts <julielenaerts@gmail.com>
Date: Mon, 1 Jul 2024 15:23:07 +0200
Subject: [PATCH] Implement permissions for WOPI

---
 .../src/Service/Wopi/AuthorizationManager.php       | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php b/src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php
index c54f187ca..9ed421461 100644
--- a/src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php
+++ b/src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php
@@ -65,7 +65,11 @@ class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\Authori
 
     public function userCanRead(string $accessToken, Document $document, RequestInterface $request): bool
     {
-        return $this->isTokenValid($accessToken, $document, $request);
+        if ($this->security->isGranted('SEE', $document)) {
+            return $this->isTokenValid($accessToken, $document, $request);
+        }
+
+        return false;
     }
 
     public function userCanRename(string $accessToken, Document $document, RequestInterface $request): bool
@@ -75,6 +79,11 @@ class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\Authori
 
     public function userCanWrite(string $accessToken, Document $document, RequestInterface $request): bool
     {
-        return $this->isTokenValid($accessToken, $document, $request);
+        if ($this->security->isGranted('EDIT', $document)) {
+            return $this->isTokenValid($accessToken, $document, $request);
+        }
+
+        return false;
     }
+
 }