diff --git a/src/Bundle/ChillWopiBundle/src/Controller/ConvertController.php b/src/Bundle/ChillWopiBundle/src/Controller/ConvertController.php
index 86a624e4b..3b97dc6fe 100644
--- a/src/Bundle/ChillWopiBundle/src/Controller/ConvertController.php
+++ b/src/Bundle/ChillWopiBundle/src/Controller/ConvertController.php
@@ -12,6 +12,7 @@ declare(strict_types=1);
 namespace Chill\WopiBundle\Controller;
 
 use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Service\StoredObjectManager;
 use Chill\DocStoreBundle\Service\StoredObjectManagerInterface;
 use Chill\WopiBundle\Service\WopiConverter;
@@ -41,7 +42,16 @@ class ConvertController
             throw new AccessDeniedHttpException('User must be authenticated');
         }
 
+        if (!$this->security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject)) {
+            throw new AccessDeniedHttpException('not allowed to see this document');
+        }
+
         $content = $this->storedObjectManager->read($storedObject);
+
+        if ('application/pdf' === $storedObject->getType()) {
+            return new Response($content, Response::HTTP_OK, ['Content-Type' => 'application/pdf']);
+        }
+
         $lang = $request->getLocale();
 
         try {
diff --git a/src/Bundle/ChillWopiBundle/tests/Controller/ConvertControllerTest.php b/src/Bundle/ChillWopiBundle/tests/Controller/ConvertControllerTest.php
index 9a529df6b..5f99f0fd2 100644
--- a/src/Bundle/ChillWopiBundle/tests/Controller/ConvertControllerTest.php
+++ b/src/Bundle/ChillWopiBundle/tests/Controller/ConvertControllerTest.php
@@ -12,6 +12,7 @@ declare(strict_types=1);
 namespace Chill\WopiBundle\Tests\Controller;
 
 use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Service\StoredObjectManagerInterface;
 use Chill\WopiBundle\Controller\ConvertController;
 use Chill\WopiBundle\Service\WopiConverter;
@@ -37,6 +38,7 @@ final class ConvertControllerTest extends TestCase
 
         $security = $this->prophesize(Security::class);
         $security->isGranted('ROLE_USER')->willReturn(true);
+        $security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject)->willReturn(true);
 
         $storeManager = $this->prophesize(StoredObjectManagerInterface::class);
         $storeManager->read($storedObject)->willReturn('content');
@@ -67,6 +69,7 @@ final class ConvertControllerTest extends TestCase
 
         $security = $this->prophesize(Security::class);
         $security->isGranted('ROLE_USER')->willReturn(true);
+        $security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject)->willReturn(true);
 
         $storeManager = $this->prophesize(StoredObjectManagerInterface::class);
         $storeManager->read($storedObject)->willReturn('content');