From f64409e5e63988b3ba11d7af9c67b8f3de99916a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Thu, 7 Apr 2022 16:06:26 +0200
Subject: [PATCH] allow every person which has part for a workflow  to see the
 workflow page

---
 .../Security/Authorization/EntityWorkflowVoter.php   | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/EntityWorkflowVoter.php b/src/Bundle/ChillMainBundle/Security/Authorization/EntityWorkflowVoter.php
index d8d74fbb9..82dfc7681 100644
--- a/src/Bundle/ChillMainBundle/Security/Authorization/EntityWorkflowVoter.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/EntityWorkflowVoter.php
@@ -65,7 +65,17 @@ class EntityWorkflowVoter extends Voter
                     return true;
                 }
 
-                return $this->security->isGranted($entityAttribute, $relatedEntity);
+                if ($this->security->isGranted($entityAttribute, $relatedEntity)) {
+                    return true;
+                }
+
+                foreach ($subject->getSteps() as $step) {
+                    if ($step->getAllDestUser()->contains($token->getUser())) {
+                        return true;
+                    }
+                }
+
+                return false;
 
             case self::DELETE:
                 return $subject->getStep() === 'initial';