confidential toggle rights

src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php

@@ -31,6 +31,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
         self::EDIT,
         self::DELETE,
         self::FULL,
+        self::TOGGLE_CONFIDENTIAL_ALL,
     ];
 
     public const CREATE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CREATE';
@@ -53,6 +54,13 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
      */
     public const SEE_DETAILS = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_DETAILS';
 
+    public const TOGGLE_CONFIDENTIAL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_TOGGLE_CONFIDENTIAL';
+
+    /**
+     * Right to toggle confidentiality.
+     */
+    public const TOGGLE_CONFIDENTIAL_ALL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_TOGGLE_CONFIDENTIAL_ALL';
+
     private Security $security;
 
     private VoterHelperInterface $voterHelper;
@@ -65,7 +73,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
         $this->voterHelper = $voterHelperFactory
             ->generate(self::class)
             ->addCheckFor(null, [self::CREATE])
-            ->addCheckFor(AccompanyingPeriod::class, self::ALL)
+            ->addCheckFor(AccompanyingPeriod::class, [self::TOGGLE_CONFIDENTIAL, ...self::ALL])
             ->addCheckFor(Person::class, [self::SEE])
             ->build();
     }
@@ -113,6 +121,14 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
                 return false;
             }
 
+            if (self::TOGGLE_CONFIDENTIAL === $attribute) {
+                if ($subject->getUser() === $token->getUser()) {
+                    return true;
+                }
+
+                return $this->voterHelper->voteOnAttribute(self::TOGGLE_CONFIDENTIAL_ALL, $subject, $token);
+            }
+
             // if confidential, only the referent can see it
             if ($subject->isConfidential()) {
                 return $token->getUser() === $subject->getUser();