From 9465f26f09b118b3a2965dec9e8a93dfbd88de7a Mon Sep 17 00:00:00 2001
From: Julie Lenaerts <julielenaerts@gmail.com>
Date: Mon, 13 Feb 2023 17:51:02 +0100
Subject: [PATCH] FIX [parcours][rights] user with only simple view rights
 cannot create new parcours.

---
 .../Controller/AccompanyingCourseController.php                 | 2 ++
 .../Resources/views/AccompanyingPeriod/list.html.twig           | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseController.php b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseController.php
index f7e3b3800..830f85e9a 100644
--- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseController.php
+++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseController.php
@@ -248,6 +248,8 @@ class AccompanyingCourseController extends Controller
      */
     public function newAction(Request $request): Response
     {
+        $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::CREATE);
+
         $period = new AccompanyingPeriod();
         $em = $this->getDoctrine()->getManager();
 
diff --git a/src/Bundle/ChillPersonBundle/Resources/views/AccompanyingPeriod/list.html.twig b/src/Bundle/ChillPersonBundle/Resources/views/AccompanyingPeriod/list.html.twig
index f30bfc45a..15b659ac4 100644
--- a/src/Bundle/ChillPersonBundle/Resources/views/AccompanyingPeriod/list.html.twig
+++ b/src/Bundle/ChillPersonBundle/Resources/views/AccompanyingPeriod/list.html.twig
@@ -17,12 +17,14 @@
                class="btn btn-cancel">{{ 'Person details'|trans }}
             </a>
         </li>
+        {% if is_granted('CHILL_PERSON_ACCOMPANYING_PERIOD_CREATE') %}
         <li>
             <a class="btn btn-create"
                href="{{ path ('chill_person_accompanying_course_new', {'person_id' : [ person.id ] } ) }}" role="button">
                 {{ 'Create an accompanying period'|trans }}
             </a>
         </li>
+        {% endif %}
 
         {#  Disabled dropdown
         <li class="dropdown">