From ac2f314395514328d8ddb5bdba7fbec9f291e581 Mon Sep 17 00:00:00 2001
From: Julie Lenaerts <julielenaerts@gmail.com>
Date: Mon, 1 Jul 2024 15:23:32 +0200
Subject: [PATCH] Implement permissions for download button group

---
 .../Templating/WopiEditTwigExtensionRuntime.php               | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Bundle/ChillDocStoreBundle/Templating/WopiEditTwigExtensionRuntime.php b/src/Bundle/ChillDocStoreBundle/Templating/WopiEditTwigExtensionRuntime.php
index 716cb422e..be45bd2d4 100644
--- a/src/Bundle/ChillDocStoreBundle/Templating/WopiEditTwigExtensionRuntime.php
+++ b/src/Bundle/ChillDocStoreBundle/Templating/WopiEditTwigExtensionRuntime.php
@@ -16,6 +16,7 @@ use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Guard\JWTDavTokenProviderInterface;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
 use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
 use Twig\Environment;
@@ -128,6 +129,7 @@ final readonly class WopiEditTwigExtensionRuntime implements RuntimeExtensionInt
         private NormalizerInterface $normalizer,
         private JWTDavTokenProviderInterface $davTokenProvider,
         private UrlGeneratorInterface $urlGenerator,
+        private Security $security,
     ) {}
 
     /**
@@ -150,6 +152,8 @@ final readonly class WopiEditTwigExtensionRuntime implements RuntimeExtensionInt
      */
     public function renderButtonGroup(Environment $environment, StoredObject $document, ?string $title = null, bool $canEdit = true, array $options = []): string
     {
+        $canEdit = $this->security->isGranted(StoredObjectRoleEnum::EDIT, $document);
+
         $accessToken = $this->davTokenProvider->createToken(
             $document,
             $canEdit ? StoredObjectRoleEnum::EDIT : StoredObjectRoleEnum::SEE