Update chill bundles to version v3.4.0

Resolve "[admin] Improve admin for document categories"

Closes #314 and #313

See merge request Chill-Projet/chill-bundles!753

.changes/unreleased/Feature-20240614-153236.yaml

@@ -1,8 +0,0 @@
-kind: Feature
-body: |-
-  Electronic signature
-
-  Implementation of the electronic signature for documents within chill.
-time: 2024-06-14T15:32:36.875891692+02:00
-custom:
-  Issue: ""

.changes/unreleased/Feature-20240614-153537.yaml

@@ -1,7 +0,0 @@
-kind: Feature
-body: The behavoir of the voters for stored objects is adjusted so as to limit edit
-  and delete possibilities to users related to the activity, social action or workflow
-  entity.
-time: 2024-06-14T15:35:37.582159301+02:00
-custom:
-  Issue: "286"

.changes/unreleased/Feature-20240718-151233.yaml

@@ -1,5 +0,0 @@
-kind: Feature
-body: Metadata form added for person signatures
-time: 2024-07-18T15:12:33.8134266+02:00
-custom:
-  Issue: "288"

.changes/unreleased/Fixed-20240916-151843.yaml

@@ -1,6 +0,0 @@
-kind: Fixed
-body: Show only the current referrer in the page "show" for an accompanying period
-  workf
-time: 2024-09-16T15:18:43.017401122+02:00
-custom:
-  Issue: "308"

.changes/v3.1.1.md

@@ -0,0 +1,6 @@
+## v3.1.1 - 2024-10-01
+### Fixed
+* ([#308](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/308)) Show only the current referrer in the page "show" for an accompanying period workf 
+* ([#309](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/309)) Correctly compute the grouping by referrer aggregator
+ 
+* Fixed typing of custom field long choice and custom field group 

.changes/v3.2.0.md

@@ -0,0 +1,3 @@
+## v3.2.0 - 2024-10-30
+### Feature
+* Introduce a gender entity 

.changes/v3.2.1.md

@@ -0,0 +1,4 @@
+## v3.2.1 - 2024-10-31
+### Fixed
+* Add the possibility of unknown to the gender entity 
+* Fix the fusion of person doubles by excluding accompanyingPeriod work entities to be deleted. They are moved instead. 

.changes/v3.2.2.md

@@ -0,0 +1,3 @@
+## v3.2.2 - 2024-10-31
+### Fixed
+* Fix gender translation for unknown 

.changes/v3.2.3.md

@@ -0,0 +1,4 @@
+## v3.2.3 - 2024-11-05
+### Fixed
+* ([#315](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/315)) Fix display of accompanying period work referrers. Only current referrers should be displayed.
+Fix color of Chill footer 

.changes/v3.2.4.md

@@ -0,0 +1,3 @@
+## v3.2.4 - 2024-11-06
+### Fixed
+* Fix compilation of chill assets 

.changes/v3.3.0.md

@@ -0,0 +1,13 @@
+## v3.3.0 - 2024-11-20
+### Feature
+* Electronic signature
+
+Implementation of the electronic signature for documents within chill. 
+* ([#286](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/286)) The behavoir of the voters for stored objects is adjusted so as to limit edit and delete possibilities to users related to the activity, social action or workflow entity. 
+* ([#288](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/288)) Metadata form added for person signatures 
+* Add a signature step in workflow, which allow to apply an electronic signature on documents 
+* Keep an history of each version of a stored object. 
+* Add a "send external" step in workflow, which allow to send stored objects and other elements to remote people, by sending them a public url 
+### Fixed
+* Adjust household list export to include households even if their address is NULL 
+* Remove validation of date string on deathDate 

.changes/v3.4.0.md

@@ -0,0 +1,4 @@
+## v3.4.0 - 2024-11-20
+### Feature
+* ([#314](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/314)) Admin: improve document type admin form with a select field for related class.
+Admin: Allow administrator to assign multiple group centers in one go to a user. 

CHANGELOG.md

@@ -6,6 +6,54 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
 and is generated by [Changie](https://github.com/miniscruff/changie).
 
 
+## v3.4.0 - 2024-11-20
+### Feature
+* ([#314](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/314)) Admin: improve document type admin form with a select field for related class.
+Admin: Allow administrator to assign multiple group centers in one go to a user. 
+
+## v3.3.0 - 2024-11-20
+### Feature
+* Electronic signature
+
+Implementation of the electronic signature for documents within chill. 
+* ([#286](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/286)) The behavoir of the voters for stored objects is adjusted so as to limit edit and delete possibilities to users related to the activity, social action or workflow entity. 
+* ([#288](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/288)) Metadata form added for person signatures 
+* Add a signature step in workflow, which allow to apply an electronic signature on documents 
+* Keep an history of each version of a stored object. 
+* Add a "send external" step in workflow, which allow to send stored objects and other elements to remote people, by sending them a public url 
+### Fixed
+* Adjust household list export to include households even if their address is NULL 
+* Remove validation of date string on deathDate 
+
+## v3.2.4 - 2024-11-06
+### Fixed
+* Fix compilation of chill assets 
+
+## v3.2.3 - 2024-11-05
+### Fixed
+* ([#315](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/315)) Fix display of accompanying period work referrers. Only current referrers should be displayed.
+Fix color of Chill footer 
+
+## v3.2.2 - 2024-10-31
+### Fixed
+* Fix gender translation for unknown 
+
+## v3.2.1 - 2024-10-31
+### Fixed
+* Add the possibility of unknown to the gender entity 
+* Fix the fusion of person doubles by excluding accompanyingPeriod work entities to be deleted. They are moved instead. 
+
+## v3.2.0 - 2024-10-30
+### Feature
+* Introduce a gender entity 
+
+## v3.1.1 - 2024-10-01
+### Fixed
+* ([#308](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/308)) Show only the current referrer in the page "show" for an accompanying period workf 
+* ([#309](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/309)) Correctly compute the grouping by referrer aggregator
+ 
+* Fixed typing of custom field long choice and custom field group 
+
 ## v3.1.0 - 2024-08-30
 ### Feature
 * Add export aggregator to aggregate activities by household + filter persons that are not part of an accompanyingperiod during a certain timeframe. 
@@ -20,8 +68,14 @@ and is generated by [Changie](https://github.com/miniscruff/changie).
 ### Feature
 * ([#306](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/306)) When a document is converted or downloaded in the browser, this document is removed from the browser memory after 45s. Future click on the button re-download the document. 
 
-## v2.23.0 - 2024-07-19 & 2024-07-23
+## v2.23.0 - 2024-07-23 & 2024-07-19
 ### Feature
+* ([#221](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/221)) [DX] move async-upload-bundle features into chill-bundles
+* Add job bundle (module emploi)
+* Upgrade import of address list to the last version of compiled addresses of belgian-best-address
+
+* Upgrade CKEditor and refactor configuration with use of typescript
+
 * ([#123](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/123)) Add a button to duplicate calendar ranges from a week to another one
 * [admin] filter users by active / inactive in the admin user's list
 * ([#273](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/273)) Add the possibility to mark all notifications as read
@@ -31,6 +85,8 @@ and is generated by [Changie](https://github.com/miniscruff/changie).
 * Do not update the "createdAt" column when importing postal code which does not change
 * Display filename on file upload within the UI interface
 ### Fixed
+* Fix resolving of centers for an household, which will fix in turn the access control
+* Resolved type hinting error in activity list export
 * ([#271](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/271)) Take into account the acp closing date in the acp works date filter
 
 ### Traduction française des principaux changements
@@ -43,16 +99,6 @@ and is generated by [Changie](https://github.com/miniscruff/changie).
 - Agrandit l'icône du type de fichier dans l'interface de dépôt de fichier;
 - correction: tient compte de la date de fermeture du parcours dans les filtres sur les actions d'accompagnement.
 
-* ([#221](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/221)) [DX] move async-upload-bundle features into chill-bundles
-* Add job bundle (module emploi)
-* Upgrade import of address list to the last version of compiled addresses of belgian-best-address
-
-* Upgrade CKEditor and refactor configuration with use of typescript
-
-### Fixed
-* Fix resolving of centers for an household, which will fix in turn the access control
-* Resolved type hinting error in activity list export
-
 ## v2.22.2 - 2024-07-03
 ### Fixed
 * Remove scope required for event participation stats 

package.json

@@ -59,7 +59,8 @@
     "vue-i18n": "^9.1.6",
     "vue-multiselect": "3.0.0-alpha.2",
     "vue-toast-notification": "^3.1.2",
-    "vuex": "^4.0.0"
+    "vuex": "^4.0.0",
+    "bootstrap-icons": "^1.11.3"
   },
   "browserslist": [
     "Firefox ESR"

src/Bundle/ChillActivityBundle/Security/Authorization/ActivityStoredObjectVoter.php

@@ -16,7 +16,7 @@ use Chill\ActivityBundle\Repository\ActivityRepository;
 use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoter\AbstractStoredObjectVoter;
-use Chill\DocStoreBundle\Service\WorkflowStoredObjectPermissionHelper;
+use Chill\MainBundle\Workflow\Helper\WorkflowRelatedEntityPermissionHelper;
 use Symfony\Component\Security\Core\Security;
 
 class ActivityStoredObjectVoter extends AbstractStoredObjectVoter
@@ -24,7 +24,7 @@ class ActivityStoredObjectVoter extends AbstractStoredObjectVoter
     public function __construct(
         private readonly ActivityRepository $repository,
         Security $security,
-        WorkflowStoredObjectPermissionHelper $workflowDocumentService,
+        WorkflowRelatedEntityPermissionHelper $workflowDocumentService,
     ) {
         parent::__construct($security, $workflowDocumentService);
     }

src/Bundle/ChillCustomFieldsBundle/CustomFields/CustomFieldLongChoice.php

@@ -42,8 +42,8 @@ class CustomFieldLongChoice extends AbstractCustomField
         $translatableStringHelper = $this->translatableStringHelper;
         $builder->add($customField->getSlug(), Select2ChoiceType::class, [
             'choices' => $entries,
-            'choice_label' => static fn (Option $option) => $translatableStringHelper->localize($option->getText()),
-            'choice_value' => static fn (Option $key): ?int => null === $key ? null : $key->getId(),
+            'choice_label' => static fn (?Option $option) => $translatableStringHelper->localize($option->getText()),
+            'choice_value' => static fn (?Option $key): ?int => $key?->getId(),
             'multiple' => false,
             'expanded' => false,
             'required' => $customField->isRequired(),

src/Bundle/ChillCustomFieldsBundle/Entity/CustomFieldsGroup.php

@@ -46,11 +46,8 @@ class CustomFieldsGroup
     #[ORM\GeneratedValue(strategy: 'AUTO')]
     private ?int $id = null;
 
-    /**
-     * @var array
-     */
     #[ORM\Column(type: \Doctrine\DBAL\Types\Types::JSON)]
-    private $name;
+    private array|string $name;
 
     #[ORM\Column(type: \Doctrine\DBAL\Types\Types::JSON)]
     private array $options = [];
@@ -181,7 +178,7 @@ class CustomFieldsGroup
      *
      * @return CustomFieldsGroup
      */
-    public function setName($name)
+    public function setName(array|string $name)
     {
         $this->name = $name;
 

src/Bundle/ChillDocStoreBundle/Controller/SignatureRequestController.php

@@ -15,11 +15,14 @@ use Chill\DocStoreBundle\Service\Signature\Driver\BaseSigner\RequestPdfSignMessa
 use Chill\DocStoreBundle\Service\Signature\PDFPage;
 use Chill\DocStoreBundle\Service\Signature\PDFSignatureZone;
 use Chill\DocStoreBundle\Service\StoredObjectManagerInterface;
+use Chill\DocStoreBundle\Service\StoredObjectToPdfConverter;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflowSignatureStateEnum;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflowStepSignature;
 use Chill\MainBundle\Templating\Entity\ChillEntityRenderManagerInterface;
 use Chill\MainBundle\Security\Authorization\EntityWorkflowStepSignatureVoter;
+use Chill\MainBundle\Templating\Entity\UserRender;
 use Chill\MainBundle\Workflow\EntityWorkflowManager;
+use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -38,6 +41,8 @@ class SignatureRequestController
         private readonly ChillEntityRenderManagerInterface $entityRender,
         private readonly NormalizerInterface $normalizer,
         private readonly Security $security,
+        private readonly StoredObjectToPdfConverter $converter,
+        private readonly EntityManagerInterface $entityManager,
     ) {}
 
     #[Route('/api/1.0/document/workflow/{id}/signature-request', name: 'chill_docstore_signature_request')]
@@ -52,11 +57,17 @@ class SignatureRequestController
         if (EntityWorkflowSignatureStateEnum::PENDING !== $signature->getState()) {
             return new JsonResponse([], status: Response::HTTP_CONFLICT);
         }
-
         $storedObject = $this->entityWorkflowManager->getAssociatedStoredObject($entityWorkflow);
-        $content = $this->storedObjectManager->read($storedObject);
 
-        $data = \json_decode((string) $request->getContent(), true, 512, JSON_THROW_ON_ERROR); // TODO parse payload: json_decode ou, mieux, dataTransfertObject
+        if ('application/pdf' !== $storedObject->getType()) {
+            [$storedObject, $storedObjectVersion, $content] = $this->converter->addConvertedVersion($storedObject, $request->getLocale(), includeConvertedContent: true);
+            $this->entityManager->persist($storedObjectVersion);
+            $this->entityManager->flush();
+        } else {
+            $content = $this->storedObjectManager->read($storedObject);
+        }
+
+        $data = \json_decode((string) $request->getContent(), true, 512, JSON_THROW_ON_ERROR);
         $zone = new PDFSignatureZone(
             $data['zone']['index'],
             $data['zone']['x'],
@@ -75,6 +86,7 @@ class SignatureRequestController
                 // options for user render
                 'absence' => false,
                 'main_scope' => false,
+                UserRender::SPLIT_LINE_BEFORE_CHARACTER => 30,
                 // options for person render
                 'addAge' => false,
             ]),

src/Bundle/ChillDocStoreBundle/Entity/AccompanyingCourseDocument.php

@@ -18,6 +18,7 @@ use Doctrine\ORM\Mapping as ORM;
 
 #[ORM\Entity]
 #[ORM\Table('chill_doc.accompanyingcourse_document')]
+#[ORM\UniqueConstraint(name: 'acc_course_document_unique_stored_object', columns: ['object_id'])]
 class AccompanyingCourseDocument extends Document implements HasScopesInterface, HasCentersInterface
 {
     #[ORM\ManyToOne(targetEntity: AccompanyingPeriod::class)]

src/Bundle/ChillDocStoreBundle/Entity/Document.php

@@ -40,6 +40,7 @@ class Document implements TrackCreationInterface, TrackUpdateInterface
     #[Assert\Valid]
     #[Assert\NotNull(message: 'Upload a document')]
     #[ORM\ManyToOne(targetEntity: StoredObject::class, cascade: ['persist'])]
+    #[ORM\JoinColumn(name: 'object_id', referencedColumnName: 'id')]
     private ?StoredObject $object = null;
 
     #[ORM\ManyToOne(targetEntity: DocGeneratorTemplate::class)]

src/Bundle/ChillDocStoreBundle/Entity/PersonDocument.php

@@ -19,6 +19,7 @@ use Doctrine\ORM\Mapping as ORM;
 
 #[ORM\Entity]
 #[ORM\Table('chill_doc.person_document')]
+#[ORM\UniqueConstraint(name: 'person_document_unique_stored_object', columns: ['object_id'])]
 class PersonDocument extends Document implements HasCenterInterface, HasScopeInterface
 {
     #[ORM\Id]

src/Bundle/ChillDocStoreBundle/Entity/StoredObject.php

@@ -18,6 +18,8 @@ use Chill\MainBundle\Doctrine\Model\TrackCreationInterface;
 use Chill\MainBundle\Doctrine\Model\TrackCreationTrait;
 use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\Common\Collections\Collection;
+use Doctrine\Common\Collections\Order;
+use Doctrine\Common\Collections\ReadableCollection;
 use Doctrine\Common\Collections\Selectable;
 use Doctrine\ORM\Mapping as ORM;
 use Ramsey\Uuid\Uuid;
@@ -257,11 +259,33 @@ class StoredObject implements Document, TrackCreationInterface
         return $this->template;
     }
 
+    /**
+     * @return Selectable<int, StoredObjectVersion>&Collection<int, StoredObjectVersion>
+     */
     public function getVersions(): Collection&Selectable
     {
         return $this->versions;
     }
 
+    /**
+     * Retrieves versions sorted by a given order.
+     *
+     * @param 'ASC'|'DESC' $order the sorting order, default is Order::Ascending
+     *
+     * @return readableCollection&Selectable The ordered collection of versions
+     */
+    public function getVersionsOrdered(string $order = 'ASC'): ReadableCollection&Selectable
+    {
+        $versions = $this->getVersions()->toArray();
+
+        match ($order) {
+            'ASC' => usort($versions, static fn (StoredObjectVersion $a, StoredObjectVersion $b) => $a->getVersion() <=> $b->getVersion()),
+            'DESC' => usort($versions, static fn (StoredObjectVersion $a, StoredObjectVersion $b) => $b->getVersion() <=> $a->getVersion()),
+        };
+
+        return new ArrayCollection($versions);
+    }
+
     public function hasCurrentVersion(): bool
     {
         return null !== $this->getCurrentVersion();
@@ -272,6 +296,47 @@ class StoredObject implements Document, TrackCreationInterface
         return null !== $this->template;
     }
 
+    /**
+     * Checks if there is a version kept before conversion.
+     *
+     * @return bool true if a version is kept before conversion, false otherwise
+     */
+    public function hasKeptBeforeConversionVersion(): bool
+    {
+        foreach ($this->getVersions() as $version) {
+            foreach ($version->getPointInTimes() as $pointInTime) {
+                if (StoredObjectPointInTimeReasonEnum::KEEP_BEFORE_CONVERSION === $pointInTime->getReason()) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Retrieves the last version of the stored object that was kept before conversion.
+     *
+     * This method iterates through the ordered versions and their respective points
+     * in time to find the most recent version that has a point in time with the reason
+     * 'KEEP_BEFORE_CONVERSION'.
+     *
+     * @return StoredObjectVersion|null the version that was kept before conversion,
+     *                                  or null if not found
+     */
+    public function getLastKeptBeforeConversionVersion(): ?StoredObjectVersion
+    {
+        foreach ($this->getVersionsOrdered('DESC') as $version) {
+            foreach ($version->getPointInTimes() as $pointInTime) {
+                if (StoredObjectPointInTimeReasonEnum::KEEP_BEFORE_CONVERSION === $pointInTime->getReason()) {
+                    return $version;
+                }
+            }
+        }
+
+        return null;
+    }
+
     public function setTemplate(?DocGeneratorTemplate $template): StoredObject
     {
         $this->template = $template;

src/Bundle/ChillDocStoreBundle/Form/DocumentCategoryType.php

@@ -17,15 +17,23 @@ use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Contracts\Translation\TranslatorInterface;
 
 class DocumentCategoryType extends AbstractType
 {
+    public function __construct(private readonly TranslatorInterface $translator) {}
+
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
         $bundles = [
             'chill-doc-store' => 'chill-doc-store',
         ];
 
+        $documentClasses = [
+            $this->translator->trans('Accompanying period document') => \Chill\DocStoreBundle\Entity\AccompanyingCourseDocument::class,
+            $this->translator->trans('Person document') => \Chill\DocStoreBundle\Entity\PersonDocument::class,
+        ];
+
         $builder
             ->add('bundleId', ChoiceType::class, [
                 'choices' => $bundles,
@@ -34,7 +42,10 @@ class DocumentCategoryType extends AbstractType
             ->add('idInsideBundle', null, [
                 'disabled' => true,
             ])
-            ->add('documentClass', null, [
+            ->add('documentClass', ChoiceType::class, [
+                'choices' => $documentClasses,
+                'expanded' => false,
+                'required' => true,
                 'disabled' => false,
             ])
             ->add('name', TranslatableStringFormType::class);

src/Bundle/ChillDocStoreBundle/Resources/public/module/button_download/index.ts

@@ -0,0 +1,27 @@
+import {_createI18n} from "../../../../../ChillMainBundle/Resources/public/vuejs/_js/i18n";
+import {createApp} from "vue";
+import DocumentActionButtonsGroup from "../../vuejs/DocumentActionButtonsGroup.vue";
+import {StoredObject, StoredObjectStatusChange} from "../../types";
+import {defineComponent} from "vue";
+import DownloadButton from "../../vuejs/StoredObjectButton/DownloadButton.vue";
+import ToastPlugin from "vue-toast-notification";
+
+
+
+const i18n = _createI18n({});
+
+window.addEventListener('DOMContentLoaded', function (e) {
+    document.querySelectorAll<HTMLDivElement>('div[data-download-button-single]').forEach((el) => {
+        const storedObject = JSON.parse(el.dataset.storedObject as string) as StoredObject;
+        const title = el.dataset.title as string;
+        const app = createApp({
+            components: {DownloadButton},
+            data() {
+                return {storedObject, title, classes: {btn: true, "btn-outline-primary": true}};
+            },
+            template: '<download-button :stored-object="storedObject" :at-version="storedObject.currentVersion" :classes="classes" :filename="title" :direct-download="true"></download-button>',
+        });
+
+        app.use(i18n).use(ToastPlugin).mount(el);
+    });
+});

src/Bundle/ChillDocStoreBundle/Resources/public/types.ts

@@ -2,6 +2,7 @@ import {
     DateTime,
     User,
 } from "../../../ChillMainBundle/Resources/public/types";
+import {SignedUrlGet} from "./vuejs/StoredObjectButton/helpers";
 
 export type StoredObjectStatus = "empty" | "ready" | "failure" | "pending";
 
@@ -30,6 +31,7 @@ export interface StoredObject {
             href: string;
             expiration: number;
         };
+        downloadLink?: SignedUrlGet;
     };
 }
 
@@ -128,3 +130,12 @@ export interface CheckSignature {
 }
 
 export type CanvasEvent = "select" | "add";
+
+export interface ZoomLevel {
+    id: number;
+    zoom: number;
+    label: {
+        fr?: string,
+        nl?: string
+    };
+}

src/Bundle/ChillDocStoreBundle/Resources/public/vuejs/DocumentSignature/App.vue

@@ -28,9 +28,21 @@
   </teleport>
   <div class="col-12 m-auto">
     <div class="row justify-content-center border-bottom pdf-tools d-md-none">
-      <div v-if="pageCount > 1" class="col text-center turn-page">
+      <div class="col text-center turn-page">
+        <select
+          class="form-select form-select-sm"
+          id="zoomSelect"
+          v-model="zoomLevel"
+          @change="setZoomLevel(zoomLevel)"
+        >
+          <option value="" selected disabled>Zoom</option>
+          <option v-for="z in zoomLevels" :value="z.zoom" :key="z.id">
+            {{ z.label.fr }}
+          </option>
+        </select>
+          <template v-if="pageCount > 1">
             <button
-          class="btn btn-light btn-sm"
+                class="btn btn-light btn-xs p-1"
                 :disabled="page <= 1"
                 @click="turnPage(-1)"
             >
@@ -38,14 +50,18 @@
             </button>
             <span>{{ page }}/{{ pageCount }}</span>
             <button
-          class="btn btn-light btn-sm"
+                class="btn btn-light btn-xs p-1"
                 :disabled="page >= pageCount"
                 @click="turnPage(1)"
             >
                 ❯
             </button>
+          </template>
       </div>
-      <div v-if="signature.zones.length > 1" class="col-3 p-0">
+      <div
+        v-if="signature.zones.length > 1"
+        class="col-5 p-0 text-center turnSignature"
+      >
         <button
           :disabled="userSignatureZone === null || userSignatureZone?.index < 1"
           class="btn btn-light btn-sm"
@@ -53,8 +69,7 @@
         >
           {{ $t("last_zone") }}
         </button>
-      </div>
-      <div v-if="signature.zones.length > 1" class="col-3 p-0">
+        <span>|</span>
         <button
           :disabled="userSignatureZone?.index >= signature.zones.length - 1"
           class="btn btn-light btn-sm"
@@ -63,7 +78,7 @@
           {{ $t("next_zone") }}
         </button>
       </div>
-      <div class="col text-end p-0">
+      <div class="col text-end" v-if="signedState !== 'signed'">
         <button
           class="btn btn-misc btn-sm"
           :hidden="!userSignatureZone"
@@ -81,23 +96,38 @@
         >
           {{ $t("cancel") }}
         </button>
-      </div>
-      <div class="col-1" v-if="signedState !== 'signed'">
-        <button
-          class="btn btn-create btn-sm"
-          :class="{ active: canvasEvent === 'add' }"
+        <button v-if="userSignatureZone === null"
+          :class="{ btn: true, 'btn-sm': true, 'btn-create': canvasEvent !== 'add', 'btn-chill-green': canvasEvent === 'add', active: canvasEvent === 'add' }"
           @click="toggleAddZone()"
           :title="$t('add_sign_zone')"
-        ></button>
+        >
+            <template v-if="canvasEvent === 'add'">
+                <div class="spinner-border spinner-border-sm" role="status">
+                    <span class="visually-hidden">Loading...</span>
+                </div>
+            </template>
+        </button>
       </div>
     </div>
 
     <div
       class="row justify-content-center border-bottom pdf-tools d-none d-md-flex"
     >
-      <div v-if="pageCount > 1" class="col-2 text-center turn-page p-0">
+      <div class="col-3 text-center turn-page ps-3">
+        <select
+          class="form-select form-select-sm"
+          id="zoomSelect"
+          v-model="zoomLevel"
+          @change="setZoomLevel(zoomLevel)"
+        >
+          <option value="" selected disabled>Zoom</option>
+          <option v-for="z in zoomLevels" :value="z.zoom" :key="z.id">
+            {{ z.label.fr }}
+          </option>
+        </select>
+          <template v-if="pageCount > 1">
             <button
-          class="btn btn-light btn-sm"
+                class="btn btn-light btn-xs p-1"
                 :disabled="page <= 1"
                 @click="turnPage(-1)"
             >
@@ -105,16 +135,17 @@
             </button>
             <span>{{ page }} / {{ pageCount }}</span>
             <button
-          class="btn btn-light btn-sm"
+                class="btn btn-light btn-xs p-1"
                 :disabled="page >= pageCount"
                 @click="turnPage(1)"
             >
                 ❯
             </button>
+          </template>
       </div>
       <div
         v-if="signature.zones.length > 1 && signedState !== 'signed'"
-        class="col text-end d-xl-none"
+        class="col-4 d-xl-none text-center turnSignature p-0"
       >
         <button
           :disabled="userSignatureZone === null || userSignatureZone?.index < 1"
@@ -123,11 +154,7 @@
         >
           {{ $t("last_zone") }}
         </button>
-      </div>
-      <div
-        v-if="signature.zones.length > 1 && signedState !== 'signed'"
-        class="col text-start d-xl-none"
-      >
+        <span>|</span>
         <button
           :disabled="userSignatureZone?.index >= signature.zones.length - 1"
           class="btn btn-light btn-sm"
@@ -138,7 +165,7 @@
       </div>
       <div
         v-if="signature.zones.length > 1 && signedState !== 'signed'"
-        class="col text-end d-none d-xl-flex p-0"
+        class="col-4 d-none d-xl-flex p-0 text-center turnSignature"
       >
         <button
           :disabled="userSignatureZone === null || userSignatureZone?.index < 1"
@@ -147,11 +174,7 @@
         >
           {{ $t("last_sign_zone") }}
         </button>
-      </div>
-      <div
-        v-if="signature.zones.length > 1 && signedState !== 'signed'"
-        class="col text-start d-none d-xl-flex p-0"
-      >
+        <span>|</span>
         <button
           :disabled="userSignatureZone?.index >= signature.zones.length - 1"
           class="btn btn-light btn-sm"
@@ -160,7 +183,7 @@
           {{ $t("next_sign_zone") }}
         </button>
       </div>
-      <div class="col text-end p-0" v-if="signedState !== 'signed'">
+      <div class="col text-end" v-if="signedState !== 'signed'">
         <button
           class="btn btn-misc btn-sm"
           :hidden="!userSignatureZone"
@@ -177,29 +200,43 @@
         >
           {{ $t("cancel") }}
         </button>
-      </div>
-      <div
-        class="col text-end p-0 pe-2 pe-xxl-4"
-        v-if="signedState !== 'signed'"
-      >
-        <button
-          class="btn btn-create btn-sm"
-          :class="{ active: canvasEvent === 'add' }"
+        <button v-if="userSignatureZone === null"
+          :class="{ btn: true, 'btn-sm': true, 'btn-create': canvasEvent !== 'add', 'btn-chill-green': canvasEvent === 'add', active: canvasEvent === 'add' }"
           @click="toggleAddZone()"
           :title="$t('add_sign_zone')"
         >
+            <template v-if="canvasEvent !== 'add'">
                 {{ $t("add_zone") }}
+            </template>
+            <template v-else>
+              {{ $t("click_on_document")}}
+              <div class="spinner-border spinner-border-sm" role="status">
+                <span class="visually-hidden">Loading...</span>
+              </div>
+            </template>
         </button>
       </div>
     </div>
   </div>
-  <div class="col-xs-12 col-md-12 col-lg-9 m-auto my-5 text-center">
+  <div class="col-xs-12 col-md-12 col-lg-9 m-auto my-5 text-center" :class="{onAddZone: canvasEvent === 'add'}">
     <canvas class="m-auto" id="canvas" ></canvas>
   </div>
 
   <div class="col-xs-12 col-md-12 col-lg-9 m-auto p-4" id="action-buttons">
     <div class="row">
-      <div class="col-4" v-if="signedState !== 'signed'">
+      <div class="col d-flex">
+        <a
+          class="btn btn-cancel"
+          v-if="signedState !== 'signed'"
+          :href="getReturnPath()"
+        >
+          {{ $t("cancel") }}
+        </a>
+        <a class="btn btn-misc" v-else :href="getReturnPath()">
+          {{ $t("return") }}
+        </a>
+      </div>
+      <div class="col text-end" v-if="signedState !== 'signed'">
         <button
           class="btn btn-action me-2"
           :disabled="!userSignatureZone"
@@ -209,18 +246,6 @@
         </button>
       </div>
       <div class="col-4" v-else></div>
-      <div class="col-8 d-flex justify-content-end">
-        <a
-          class="btn btn-delete"
-          v-if="signedState !== 'signed'"
-          :href="getReturnPath()"
-        >
-          {{ $t("cancel_signing") }}
-        </a>
-        <a class="btn btn-misc" v-else :href="getReturnPath()">
-          {{ $t("return") }}
-        </a>
-      </div>
     </div>
   </div>
 </template>
@@ -235,6 +260,7 @@ import {
   Signature,
   SignatureZone,
   SignedState,
+  ZoomLevel,
 } from "../../types";
 import { makeFetch } from "../../../../../ChillMainBundle/Resources/public/lib/api/apiMethods";
 import * as pdfjsLib from "pdfjs-dist";
@@ -251,7 +277,7 @@ console.log(PdfWorker); // incredible but this is needed
 // pdfjsLib.GlobalWorkerOptions.workerSrc = PdfWorker;
 
 import Modal from "ChillMainAssets/vuejs/_components/Modal.vue";
-import { download_and_decrypt_doc } from "../StoredObjectButton/helpers";
+import {download_and_decrypt_doc, download_doc_as_pdf} from "../StoredObjectButton/helpers";
 
 pdfjsLib.GlobalWorkerOptions.workerSrc = "pdfjs-dist/build/pdf.worker.mjs";
 
@@ -262,6 +288,52 @@ const canvasEvent: Ref<CanvasEvent> = ref("select");
 const signedState: Ref<SignedState> = ref("pending");
 const page: Ref<number> = ref(1);
 const pageCount: Ref<number> = ref(0);
+const zoom: Ref<number> = ref(1);
+let zoomLevel = "";
+const zoomLevels: Ref<ZoomLevel[]> = ref([
+  {
+    id: 0,
+    zoom: 0.75,
+    label: {
+      fr: "75%",
+    },
+  },
+  {
+    id: 1,
+    zoom: zoom.value,
+    label: {
+      fr: "100%",
+    },
+  },
+  {
+    id: 2,
+    zoom: 1.25,
+    label: {
+      fr: "125%",
+    },
+  },
+  {
+    id: 3,
+    zoom: 1.5,
+    label: {
+      fr: "150%",
+    },
+  },
+  {
+    id: 4,
+    zoom: 2,
+    label: {
+      fr: "200%",
+    },
+  },
+  {
+    id: 5,
+    zoom: 3,
+    label: {
+      fr: "300%",
+    },
+  },
+]);
 let userSignatureZone: Ref<null | SignatureZone> = ref(null);
 let pdf = {} as PDFDocumentProxy;
 
@@ -275,17 +347,21 @@ const $toast = useToast();
 
 const signature = window.signature;
 
-console.log(signature);
+const setZoomLevel = (zoomLevel: string) => {
+  zoom.value = Number.parseFloat(zoomLevel);
+  setPage(page.value);
+  setTimeout(() => drawAllZones(page.value), 200);
+};
 
-const mountPdf = async (url: string) => {
-  const loadingTask = pdfjsLib.getDocument(url);
+const mountPdf = async (doc: ArrayBuffer) => {
+  const loadingTask = pdfjsLib.getDocument(doc);
   pdf = await loadingTask.promise;
   pageCount.value = pdf.numPages;
   await setPage(page.value);
 };
 
 const getRenderContext = (pdfPage: PDFPageProxy) => {
-  const scale = 1;
+  const scale = 1 * zoom.value;
   const viewport = pdfPage.getViewport({ scale });
   const canvas = document.querySelectorAll("canvas")[0] as HTMLCanvasElement;
   const context = canvas.getContext("2d") as CanvasRenderingContext2D;
@@ -309,15 +385,13 @@ const init = () => downloadAndOpen().then(initPdf);
 async function downloadAndOpen(): Promise<Blob> {
   let raw;
   try {
-    raw = await download_and_decrypt_doc(
-      signature.storedObject,
-      signature.storedObject.currentVersion
-    );
+    raw = await download_doc_as_pdf(signature.storedObject);
   } catch (e) {
     console.error("error while downloading and decrypting document", e);
     throw e;
   }
-  await mountPdf(URL.createObjectURL(raw));
+  const doc = await raw.arrayBuffer();
+  await mountPdf(doc);
   return raw;
 }
 
@@ -342,12 +416,12 @@ const hitSignature = (
   scaleXToCanvas(zone.x, canvasWidth, zone.PDFPage.width) < xy[0] &&
   xy[0] <
     scaleXToCanvas(zone.x + zone.width, canvasWidth, zone.PDFPage.width) &&
-  zone.PDFPage.height -
+  zone.PDFPage.height * zoom.value -
     scaleYToCanvas(zone.y, canvasHeight, zone.PDFPage.height) <
     xy[1] &&
   xy[1] <
     scaleYToCanvas(zone.height - zone.y, canvasHeight, zone.PDFPage.height) +
-      zone.PDFPage.height;
+      zone.PDFPage.height * zoom.value;
 
 const selectZone = (z: SignatureZone, canvas: HTMLCanvasElement) => {
   userSignatureZone.value = z;
@@ -424,19 +498,19 @@ const drawZone = (
   ctx.lineJoin = "bevel";
   ctx.strokeRect(
     scaleXToCanvas(zone.x, canvasWidth, zone.PDFPage.width),
-    zone.PDFPage.height -
+    zone.PDFPage.height * zoom.value -
       scaleYToCanvas(zone.y, canvasHeight, zone.PDFPage.height),
     scaleXToCanvas(zone.width, canvasWidth, zone.PDFPage.width),
     scaleYToCanvas(zone.height, canvasHeight, zone.PDFPage.height)
   );
-  ctx.font = "bold 16px serif";
+  ctx.font = `bold ${16 * zoom.value}px serif`;
   ctx.textAlign = "center";
   ctx.fillStyle = "black";
   const xText =
     scaleXToCanvas(zone.x, canvasWidth, zone.PDFPage.width) +
     scaleXToCanvas(zone.width, canvasWidth, zone.PDFPage.width) / 2;
   const yText =
-    zone.PDFPage.height -
+    zone.PDFPage.height * zoom.value -
     scaleYToCanvas(zone.y, canvasHeight, zone.PDFPage.height) +
     scaleYToCanvas(zone.height, canvasHeight, zone.PDFPage.height) / 2;
   if (userSignatureZone.value?.index === zone.index) {
@@ -444,8 +518,8 @@ const drawZone = (
     ctx.fillText("Signer ici", xText, yText);
   } else {
     ctx.fillStyle = unselectedBlue;
-    ctx.fillText("Choisir cette", xText, yText - 12);
-    ctx.fillText("zone de signature", xText, yText + 12);
+    ctx.fillText("Choisir cette", xText, yText - 12 * zoom.value);
+    ctx.fillText("zone de signature", xText, yText + 12 * zoom.value);
   }
 };
 
@@ -607,6 +681,15 @@ init();
 #canvas {
   box-shadow: 0 20px 20px rgba(0, 0, 0, 0.2);
 }
+
+.onAddZone {
+    cursor: not-allowed;
+
+    #canvas {
+        cursor: copy;
+    }
+}
+
 div#action-buttons {
   position: sticky;
   bottom: 0px;
@@ -615,16 +698,29 @@ div#action-buttons {
 }
 div.pdf-tools {
   background-color: #f3f3f3;
-  font-size: 0.8rem;
+  font-size: 0.6rem;
+  button {
+    font-size: 0.75rem !important;
+  }
+  div.turnSignature {
+    span {
+      font-size: 1rem;
+    }
+  }
   @media (min-width: 1400px) {
     // background: none;
     // border: none !important;
   }
 }
 div.turn-page {
+  display: flex;
   span {
-    font-size: 0.8rem;
-    margin: 0 0.4rem;
+    font-size: 0.75rem;
+    margin: auto 0.4rem;
+  }
+  select {
+    width: 5rem;
+    font-size: 0.75rem;
   }
 }
 div.signature-modal-body {

src/Bundle/ChillDocStoreBundle/Resources/public/vuejs/DocumentSignature/index.ts

@@ -12,10 +12,10 @@ const appMessages = {
         sign: 'Signer',
         choose_another_signature: 'Choisir une autre zone',
         cancel: 'Annuler',
-        cancel_signing: 'Refuser de signer',
         last_sign_zone: 'Zone de signature précédente',
         next_sign_zone: 'Zone de signature suivante',
         add_sign_zone: 'Ajouter une zone de signature',
+        click_on_document: 'Cliquer sur le document',
         last_zone: 'Zone précédente',
         next_zone: 'Zone suivante',
         add_zone: 'Ajouter une zone',

src/Bundle/ChillDocStoreBundle/Resources/public/vuejs/StoredObjectButton/DownloadButton.vue

@@ -1,9 +1,9 @@
 <template>
-    <a v-if="!state.is_ready" :class="props.classes" @click="download_and_open($event)" title="T&#233;l&#233;charger">
+    <a v-if="!state.is_ready" :class="props.classes" @click="download_and_open()" title="T&#233;l&#233;charger">
         <i class="fa fa-download"></i>
         <template v-if="displayActionStringInButton">Télécharger</template>
     </a>
-    <a v-else :class="props.classes" target="_blank" :type="props.storedObject.type" :download="buildDocumentName()" :href="state.href_url" ref="open_button" title="Ouvrir">
+    <a v-else :class="props.classes" target="_blank" :type="props.atVersion.type" :download="buildDocumentName()" :href="state.href_url" ref="open_button" title="Ouvrir">
         <i class="fa fa-external-link"></i>
         <template v-if="displayActionStringInButton">Ouvrir</template>
     </a>
@@ -20,7 +20,15 @@ interface DownloadButtonConfig {
     atVersion: StoredObjectVersion,
     classes: { [k: string]: boolean },
     filename?: string,
-    displayActionStringInButton: boolean,
+    /**
+     * if true, display the action string into the button. If false, displays only
+     * the icon
+     */
+    displayActionStringInButton?: boolean,
+    /**
+     * if true, will download directly the file on load
+     */
+    directDownload?: boolean,
 }
 
 interface DownloadButtonState {
@@ -29,13 +37,17 @@ interface DownloadButtonState {
     href_url: string,
 }
 
-const props = withDefaults(defineProps<DownloadButtonConfig>(), {displayActionStringInButton: true});
+const props = withDefaults(defineProps<DownloadButtonConfig>(), {displayActionStringInButton: true, directDownload: false});
 const state: DownloadButtonState = reactive({is_ready: false, is_running: false, href_url: "#"});
 
 const open_button = ref<HTMLAnchorElement | null>(null);
 
 function buildDocumentName(): string {
-    const document_name = props.filename ?? props.storedObject.title ?? 'document';
+    let document_name = props.filename ?? props.storedObject.title;
+
+    if ('' === document_name) {
+        document_name = 'document';
+    }
 
     const ext = mime.getExtension(props.atVersion.type);
 
@@ -46,9 +58,7 @@ function buildDocumentName(): string {
     return document_name;
 }
 
-async function download_and_open(event: Event): Promise<void> {
-    const button = event.target as HTMLAnchorElement;
-
+async function download_and_open(): Promise<void> {
     if (state.is_running) {
         console.log('state is running, aborting');
         return;
@@ -75,11 +85,13 @@ async function download_and_open(event: Event): Promise<void> {
     state.is_running = false;
     state.is_ready = true;
 
+    if (!props.directDownload) {
         await nextTick();
         open_button.value?.click();
-    console.log('open button should have been clicked');
 
-    const timer = setTimeout(reset_state, 45000);
+        console.log('open button should have been clicked');
+        setTimeout(reset_state, 45000);
+    }
 }
 
 function reset_state(): void {
@@ -87,10 +99,19 @@ function reset_state(): void {
     state.is_ready = false;
     state.is_running = false;
 }
+
+onMounted(() => {
+    if (props.directDownload) {
+        download_and_open();
+    }
+});
 </script>
 
 <style scoped lang="scss">
 i.fa::before {
    color: var(--bs-dropdown-link-hover-color);
 }
+i.fa {
+    margin-right: 0.5rem;
+}
 </style>

src/Bundle/ChillDocStoreBundle/Resources/public/vuejs/StoredObjectButton/HistoryButton/HistoryButtonList.vue

@@ -50,7 +50,6 @@ const onRestored = ({newVersion}: {newVersion: StoredObjectVersionWithPointInTim
                     :version="v"
                     :can-edit="canEdit"
                     :is-current="higher_version === v.version"
-                    :is-restored="v.version === state.restored"
                     :stored-object="storedObject"
                     @restore-version="onRestored"
                 ></history-button-list-item>

src/Bundle/ChillDocStoreBundle/Resources/public/vuejs/StoredObjectButton/HistoryButton/HistoryButtonListItem.vue

@@ -12,7 +12,6 @@ interface HistoryButtonListItemConfig {
     storedObject: StoredObject;
     canEdit: boolean;
     isCurrent: boolean;
-    isRestored: boolean;
 }
 
 const emit = defineEmits<{
@@ -31,7 +30,9 @@ const isKeptBeforeConversion = computed<boolean>(() => props.version["point-in-t
     ),
 );
 
-const isRestored = computed<boolean>(() => null !== props.version["from-restored"]);
+const isRestored = computed<boolean>(() => props.version.version > 0 && null !== props.version["from-restored"]);
+
+const isDuplicated = computed<boolean>(() => props.version.version === 0 && null !== props.version["from-restored"]);
 
 const classes = computed<{row: true, 'row-hover': true, 'blinking-1': boolean, 'blinking-2': boolean}>(() => ({row: true, 'row-hover': true, 'blinking-1': props.isRestored && 0 === props.version.version % 2, 'blinking-2': props.isRestored && 1 === props.version.version % 2}));
 
@@ -39,13 +40,14 @@ const classes = computed<{row: true, 'row-hover': true, 'blinking-1': boolean, '
 
 <template>
 <div :class="classes">
-    <div class="col-12 tags" v-if="isCurrent || isKeptBeforeConversion || isRestored">
+    <div class="col-12 tags" v-if="isCurrent || isKeptBeforeConversion || isRestored || isDuplicated">
         <span class="badge bg-success" v-if="isCurrent">Version actuelle</span>
         <span class="badge bg-info" v-if="isKeptBeforeConversion">Conservée avant conversion dans un autre format</span>
-        <span class="badge bg-info" v-if="isRestored">Restaurée depuis la version {{ version["from-restored"]?.version }}</span>
+        <span class="badge bg-info" v-if="isRestored">Restaurée depuis la version {{ version["from-restored"]?.version + 1 }}</span>
+        <span class="badge bg-info" v-if="isDuplicated">Dupliqué depuis un autre document</span>
     </div>
     <div class="col-12">
-        <file-icon :type="version.type"></file-icon> <span><strong>#{{ version.version + 1 }}</strong></span> <strong v-if="version.version == 0">Créé par</strong><strong v-else>modifié par</strong> <span class="badge-user"><UserRenderBoxBadge :user="version.createdBy"></UserRenderBoxBadge></span> <strong>à</strong> {{ $d(ISOToDatetime(version.createdAt.datetime8601), 'long') }}
+        <file-icon :type="version.type"></file-icon> <span><strong>#{{ version.version + 1 }}</strong></span> <template v-if="version.createdBy !== null && version.createdAt !== null"><strong v-if="version.version == 0">Créé par</strong><strong v-else>modifié par</strong> <span class="badge-user"><UserRenderBoxBadge :user="version.createdBy"></UserRenderBoxBadge></span> <strong>à</strong> {{ $d(ISOToDatetime(version.createdAt.datetime8601), 'long') }}</template><template v-if="version.createdBy === null && version.createdAt !== null"><strong v-if="version.version == 0">Créé le</strong><strong v-else>modifié le</strong> {{ $d(ISOToDatetime(version.createdAt.datetime8601), 'long') }}</template>
     </div>
     <div class="col-12">
         <ul class="record_actions small slim on-version-actions">
@@ -53,7 +55,7 @@ const classes = computed<{row: true, 'row-hover': true, 'blinking-1': boolean, '
                 <restore-version-button :stored-object-version="props.version" @restore-version="onRestore"></restore-version-button>
             </li>
             <li>
-                <download-button :stored-object="storedObject" :at-version="version" :classes="{btn: true, 'btn-outline-primary': true}" :display-action-string-in-button="false"></download-button>
+                <download-button :stored-object="storedObject" :at-version="version" :classes="{btn: true, 'btn-outline-primary': true, 'btn-sm': true}" :display-action-string-in-button="false"></download-button>
             </li>
         </ul>
     </div>

src/Bundle/ChillDocStoreBundle/Resources/public/vuejs/StoredObjectButton/HistoryButton/HistoryButtonModal.vue

@@ -22,7 +22,6 @@ const props = defineProps<HistoryButtonListConfig>();
 const state = reactive<HistoryButtonModalState>({opened: false});
 
 const open = () => {
-    console.log('open');
     state.opened = true;
 }
 

src/Bundle/ChillDocStoreBundle/Resources/public/vuejs/StoredObjectButton/helpers.ts

@@ -161,7 +161,14 @@ async function download_and_decrypt_doc(storedObject: StoredObject, atVersion: n
        throw new Error("no version associated to stored object");
    }
 
-   const downloadInfo= await download_info_link(storedObject, atVersionToDownload);
+   // sometimes, the downloadInfo may be embedded into the storedObject
+    console.log('storedObject', storedObject);
+    let downloadInfo;
+    if (typeof storedObject._links !== 'undefined' && typeof storedObject._links.downloadLink !== 'undefined') {
+       downloadInfo = storedObject._links.downloadLink;
+    } else {
+       downloadInfo = await download_info_link(storedObject, atVersionToDownload);
+    }
 
    const rawResponse = await window.fetch(downloadInfo.url);
 
@@ -190,6 +197,32 @@ async function download_and_decrypt_doc(storedObject: StoredObject, atVersion: n
    }
 }
 
+/**
+ * Fetch the stored object as a pdf.
+ *
+ * If the document is already in a pdf on the server side, the document is retrieved "as is" from the usual
+ * storage.
+ */
+async function download_doc_as_pdf(storedObject: StoredObject): Promise<Blob>
+{
+    if (null === storedObject.currentVersion) {
+        throw new Error("the stored object does not count any version");
+    }
+
+    if (storedObject.currentVersion?.type === 'application/pdf') {
+        return download_and_decrypt_doc(storedObject, storedObject.currentVersion);
+    }
+
+    const convertLink = build_convert_link(storedObject.uuid);
+    const response = await fetch(convertLink);
+
+    if (!response.ok) {
+        throw new Error("Could not convert the document: " + response.status);
+    }
+
+    return response.blob();
+}
+
 async function is_object_ready(storedObject: StoredObject): Promise<StoredObjectStatusChange>
 {
     const new_status_response = await window
@@ -207,6 +240,7 @@ export {
   build_wopi_editor_link,
   download_and_decrypt_doc,
   download_doc,
+  download_doc_as_pdf,
   is_extension_editable,
   is_extension_viewable,
   is_object_ready,

src/Bundle/ChillDocStoreBundle/Resources/views/Button/button_download.html.twig

@@ -0,0 +1 @@
+<div data-download-button-single="data-download-button-single" data-stored-object="{{ document_json|json_encode|escape('html_attr') }}" data-title="{{ title|escape('html_attr') }}"></div>

src/Bundle/ChillDocStoreBundle/Resources/views/DocumentCategory/index.html.twig

@@ -8,7 +8,7 @@
     <table class="table table-bordered border-dark align-middle">
         <thead>
             <tr>
-                <th>{{ 'Creator bundle id' | trans }}</th>
+{#                <th>{{ 'Creator bundle id' | trans }}</th>#}
                 <th>{{ 'Internal id inside creator bundle' | trans }}</th>
                 <th>{{ 'Document class' | trans }}</th>
                 <th>{{ 'Name' | trans }}</th>
@@ -18,7 +18,7 @@
         <tbody>
         {% for document_category in document_categories %}
             <tr>
-                <td>{{ document_category.bundleId }}</td>
+{#                <td>{{ document_category.bundleId }}</td>#}
                 <td>{{ document_category.idInsideBundle }}</td>
                 <td>{{ document_category.documentClass }}</td>
                 <td>{{ document_category.name | localize_translatable_string}}</td>

src/Bundle/ChillDocStoreBundle/Resources/views/Workflow/public_view_with_document_render.html.twig

@@ -0,0 +1,43 @@
+{% extends '@ChillMain/Workflow/workflow_view_send_public_layout.html.twig' %}
+
+{% block css %}
+    {{ parent() }}
+    {{ encore_entry_link_tags('mod_document_download_button') }}
+{% endblock %}
+
+{% block js %}
+    {{ parent() }}
+    {{ encore_entry_script_tags('mod_document_download_button') }}
+{% endblock %}
+
+{% block title %}{{ 'workflow.public_link.title'|trans }} - {{ title }}{% endblock %}
+
+{% block public_content %}
+    <h1>{{ 'workflow.public_link.shared_doc'|trans }}</h1>
+
+    {% set previous = send.entityWorkflowStepChained.previous %}
+    {% if previous is not null %}
+        {% if previous.transitionBy is not null %}
+            <p>{{ 'workflow.public_link.doc_shared_by_at_explanation'|trans({'byUser': previous.transitionBy|chill_entity_render_string( { 'at_date': previous.transitionAt } ), 'at': previous.transitionAt }) }}</p>
+        {% else %}
+            <p>{{ 'workflow.public_link.doc_shared_automatically_at_explanation'|trans({'at': previous.transitionAt}) }}</p>
+        {% endif %}
+    {% endif %}
+
+    <div class="row">
+        <div class="col-xs-12 col-sm-6 col-md-4">
+            <div class="card"">
+                <div class="card-body">
+                    <h2 class="card-title">{{ title }}</h2>
+                    <h3>{{ 'workflow.public_link.main_document'|trans }}</h3>
+
+                    <ul class="record_actions slim small">
+                        <li>
+                            {{ storedObject|chill_document_download_only_button(storedObject.title(), false) }}
+                        </li>
+                    </ul>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}

src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoter/AbstractStoredObjectVoter.php

@@ -15,7 +15,7 @@ use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoterInterface;
-use Chill\DocStoreBundle\Service\WorkflowStoredObjectPermissionHelper;
+use Chill\MainBundle\Workflow\Helper\WorkflowRelatedEntityPermissionHelper;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Security;
 
@@ -34,7 +34,7 @@ abstract class AbstractStoredObjectVoter implements StoredObjectVoterInterface
 
     public function __construct(
         private readonly Security $security,
-        private readonly ?WorkflowStoredObjectPermissionHelper $workflowDocumentService = null,
+        private readonly ?WorkflowRelatedEntityPermissionHelper $workflowDocumentService = null,
     ) {}
 
     public function supports(StoredObjectRoleEnum $attribute, StoredObject $subject): bool
@@ -46,24 +46,27 @@ abstract class AbstractStoredObjectVoter implements StoredObjectVoterInterface
 
     public function voteOnAttribute(StoredObjectRoleEnum $attribute, StoredObject $subject, TokenInterface $token): bool
     {
-        // Retrieve the related accompanying course document
+        // Retrieve the related entity
         $entity = $this->getRepository()->findAssociatedEntityToStoredObject($subject);
 
-        // Determine the attribute to pass to AccompanyingCourseDocumentVoter
+        // Determine the attribute to pass to the voter for argument
         $voterAttribute = $this->attributeToRole($attribute);
 
-        if (false === $this->security->isGranted($voterAttribute, $entity)) {
-            return false;
+        $regularPermission = $this->security->isGranted($voterAttribute, $entity);
+
+        if (!$this->canBeAssociatedWithWorkflow()) {
+            return $regularPermission;
         }
 
-        if (StoredObjectRoleEnum::SEE !== $attribute && $this->canBeAssociatedWithWorkflow()) {
-            if (null === $this->workflowDocumentService) {
-                throw new \LogicException('Provide a workflow document service');
-            }
+        $workflowPermission = match ($attribute) {
+            StoredObjectRoleEnum::SEE => $this->workflowDocumentService->isAllowedByWorkflowForReadOperation($entity),
+            StoredObjectRoleEnum::EDIT => $this->workflowDocumentService->isAllowedByWorkflowForWriteOperation($entity),
+        };
 
-            return $this->workflowDocumentService->notBlockedByWorkflow($entity);
-        }
-
-        return true;
+        return match ($workflowPermission) {
+            WorkflowRelatedEntityPermissionHelper::FORCE_GRANT => true,
+            WorkflowRelatedEntityPermissionHelper::FORCE_DENIED => false,
+            WorkflowRelatedEntityPermissionHelper::ABSTAIN => $regularPermission,
+        };
     }
 }

src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoter/AccompanyingCourseDocumentStoredObjectVoter.php

@@ -16,7 +16,7 @@ use Chill\DocStoreBundle\Repository\AccompanyingCourseDocumentRepository;
 use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\DocStoreBundle\Security\Authorization\AccompanyingCourseDocumentVoter;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
-use Chill\DocStoreBundle\Service\WorkflowStoredObjectPermissionHelper;
+use Chill\MainBundle\Workflow\Helper\WorkflowRelatedEntityPermissionHelper;
 use Symfony\Component\Security\Core\Security;
 
 final class AccompanyingCourseDocumentStoredObjectVoter extends AbstractStoredObjectVoter
@@ -24,7 +24,7 @@ final class AccompanyingCourseDocumentStoredObjectVoter extends AbstractStoredOb
     public function __construct(
         private readonly AccompanyingCourseDocumentRepository $repository,
         Security $security,
-        WorkflowStoredObjectPermissionHelper $workflowDocumentService,
+        WorkflowRelatedEntityPermissionHelper $workflowDocumentService,
     ) {
         parent::__construct($security, $workflowDocumentService);
     }

src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoter/PersonDocumentStoredObjectVoter.php

@@ -16,7 +16,7 @@ use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\DocStoreBundle\Repository\PersonDocumentRepository;
 use Chill\DocStoreBundle\Security\Authorization\PersonDocumentVoter;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
-use Chill\DocStoreBundle\Service\WorkflowStoredObjectPermissionHelper;
+use Chill\MainBundle\Workflow\Helper\WorkflowRelatedEntityPermissionHelper;
 use Symfony\Component\Security\Core\Security;
 
 class PersonDocumentStoredObjectVoter extends AbstractStoredObjectVoter
@@ -24,7 +24,7 @@ class PersonDocumentStoredObjectVoter extends AbstractStoredObjectVoter
     public function __construct(
         private readonly PersonDocumentRepository $repository,
         Security $security,
-        WorkflowStoredObjectPermissionHelper $workflowDocumentService,
+        WorkflowRelatedEntityPermissionHelper $workflowDocumentService,
     ) {
         parent::__construct($security, $workflowDocumentService);
     }

src/Bundle/ChillDocStoreBundle/Serializer/Normalizer/StoredObjectNormalizer.php

@@ -11,6 +11,7 @@ declare(strict_types=1);
 
 namespace Chill\DocStoreBundle\Serializer\Normalizer;
 
+use Chill\DocStoreBundle\AsyncUpload\TempUrlGeneratorInterface;
 use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Guard\JWTDavTokenProviderInterface;
@@ -30,10 +31,17 @@ final class StoredObjectNormalizer implements NormalizerInterface, NormalizerAwa
 {
     use NormalizerAwareTrait;
 
+    /**
+     * when added to the groups, a download link is included in the normalization,
+     * and no webdav links are generated.
+     */
+    public const DOWNLOAD_LINK_ONLY = 'read:download-link-only';
+
     public function __construct(
         private readonly JWTDavTokenProviderInterface $JWTDavTokenProvider,
         private readonly UrlGeneratorInterface $urlGenerator,
         private readonly Security $security,
+        private readonly TempUrlGeneratorInterface $tempUrlGenerator,
     ) {}
 
     public function normalize($object, ?string $format = null, array $context = [])
@@ -55,6 +63,24 @@ final class StoredObjectNormalizer implements NormalizerInterface, NormalizerAwa
         // deprecated property
         $datas['creationDate'] = $datas['createdAt'];
 
+        if (array_key_exists(AbstractNormalizer::GROUPS, $context)) {
+            $groupsNormalized = is_array($context[AbstractNormalizer::GROUPS]) ? $context[AbstractNormalizer::GROUPS] : [$context[AbstractNormalizer::GROUPS]];
+        } else {
+            $groupsNormalized = [];
+        }
+
+        if (in_array(self::DOWNLOAD_LINK_ONLY, $groupsNormalized, true)) {
+            $datas['_permissions'] = [
+                'canSee' => true,
+                'canEdit' => false,
+            ];
+            $datas['_links'] = [
+                'downloadLink' => $this->normalizer->normalize($this->tempUrlGenerator->generate('GET', $object->getCurrentVersion()->getFilename(), 180), $format, [AbstractNormalizer::GROUPS => ['read']]),
+            ];
+
+            return $datas;
+        }
+
         $canSee = $this->security->isGranted(StoredObjectRoleEnum::SEE->value, $object);
         $canEdit = $this->security->isGranted(StoredObjectRoleEnum::EDIT->value, $object);
 

src/Bundle/ChillDocStoreBundle/Service/Signature/PDFSignatureZoneAvailable.php

@@ -17,15 +17,30 @@ use Chill\MainBundle\Entity\Workflow\EntityWorkflowSignatureStateEnum;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflowStep;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflowStepSignature;
 use Chill\MainBundle\Workflow\EntityWorkflowManager;
+use Chill\WopiBundle\Service\WopiConverter;
+use Symfony\Contracts\Translation\LocaleAwareInterface;
 
-class PDFSignatureZoneAvailable
+class PDFSignatureZoneAvailable implements LocaleAwareInterface
 {
+    private string $locale;
+
     public function __construct(
         private readonly EntityWorkflowManager $entityWorkflowManager,
         private readonly PDFSignatureZoneParser $pdfSignatureZoneParser,
         private readonly StoredObjectManagerInterface $storedObjectManager,
+        private readonly WopiConverter $converter,
     ) {}
 
+    public function setLocale(string $locale)
+    {
+        $this->locale = $locale;
+    }
+
+    public function getLocale()
+    {
+        return $this->locale;
+    }
+
     /**
      * @return list<PDFSignatureZone>
      */
@@ -38,10 +53,16 @@ class PDFSignatureZoneAvailable
         }
 
         if ('application/pdf' !== $storedObject->getType()) {
-            throw new \RuntimeException('Only PDF documents are supported');
+            $content = $this->converter->convert($this->getLocale(), $this->storedObjectManager->read($storedObject), $storedObject->getType());
+        } else {
+            $content = $this->storedObjectManager->read($storedObject);
         }
 
-        $zones = $this->pdfSignatureZoneParser->findSignatureZones($this->storedObjectManager->read($storedObject));
+        $zones = $this->pdfSignatureZoneParser->findSignatureZones($content);
+
+        // free some memory as soon as possible...
+        unset($content);
+
         $signatureZonesIndexes = array_map(
             fn (EntityWorkflowStepSignature $step) => $step->getZoneSignatureIndex(),
             $this->collectSignaturesInUse($entityWorkflow)

src/Bundle/ChillDocStoreBundle/Service/StoredObjectDuplicate.php

@@ -22,9 +22,18 @@ class StoredObjectDuplicate
 {
     public function __construct(private readonly StoredObjectManagerInterface $storedObjectManager, private readonly LoggerInterface $logger) {}
 
-    public function duplicate(StoredObject|StoredObjectVersion $from): StoredObject
+    public function duplicate(StoredObject|StoredObjectVersion $from, bool $onlyLastKeptBeforeConversionVersion = true): StoredObject
     {
-        $fromVersion = $from instanceof StoredObjectVersion ? $from : $from->getCurrentVersion();
+        $storedObject = $from instanceof StoredObjectVersion ? $from->getStoredObject() : $from;
+
+        $fromVersion = match ($storedObject->hasKeptBeforeConversionVersion() && $onlyLastKeptBeforeConversionVersion) {
+            true => $from->getLastKeptBeforeConversionVersion(),
+            false => $storedObject->getCurrentVersion(),
+        };
+
+        if (null === $fromVersion) {
+            throw new \UnexpectedValueException('could not find a version to restore');
+        }
 
         $oldContent = $this->storedObjectManager->read($fromVersion);
 

src/Bundle/ChillDocStoreBundle/Service/StoredObjectToPdfConverter.php

@@ -39,13 +39,13 @@ class StoredObjectToPdfConverter
      * @param string       $lang         the language for the conversion context
      * @param string       $convertTo    The target format for the conversion. Default is 'pdf'.
      *
-     * @return array{0: StoredObjectPointInTime, 1: StoredObjectVersion} contains the point in time before conversion and the new version of the stored object
+     * @return array{0: StoredObjectPointInTime, 1: StoredObjectVersion, 2?: string} contains the point in time before conversion and the new version of the stored object. The converted content is included in the response if $includeConvertedContent is true
      *
      * @throws \UnexpectedValueException    if the preferred mime type for the conversion is not found
      * @throws \RuntimeException            if the conversion or storage of the new version fails
      * @throws StoredObjectManagerException
      */
-    public function addConvertedVersion(StoredObject $storedObject, string $lang, $convertTo = 'pdf'): array
+    public function addConvertedVersion(StoredObject $storedObject, string $lang, $convertTo = 'pdf', bool $includeConvertedContent = false): array
     {
         $newMimeType = $this->mimeTypes->getMimeTypes($convertTo)[0] ?? null;
 
@@ -70,6 +70,11 @@ class StoredObjectToPdfConverter
         $pointInTime = new StoredObjectPointInTime($currentVersion, StoredObjectPointInTimeReasonEnum::KEEP_BEFORE_CONVERSION);
         $version = $this->storedObjectManager->write($storedObject, $converted, $newMimeType);
 
+        if (!$includeConvertedContent) {
             return [$pointInTime, $version];
         }
+
+        return [$pointInTime, $version, $converted];
+
+    }
 }

src/Bundle/ChillDocStoreBundle/Service/WorkflowStoredObjectPermissionHelper.php

@@ -1,49 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * Chill is a software for social workers
- *
- * For the full copyright and license information, please view
- * the LICENSE file that was distributed with this source code.
- */
-
-namespace Chill\DocStoreBundle\Service;
-
-use Chill\MainBundle\Entity\Workflow\EntityWorkflowSignatureStateEnum;
-use Chill\MainBundle\Workflow\EntityWorkflowManager;
-use Symfony\Component\Security\Core\Security;
-
-class WorkflowStoredObjectPermissionHelper
-{
-    public function __construct(private readonly Security $security, private readonly EntityWorkflowManager $entityWorkflowManager) {}
-
-    public function notBlockedByWorkflow(object $entity): bool
-    {
-        $workflows = $this->entityWorkflowManager->findByRelatedEntity($entity);
-        $currentUser = $this->security->getUser();
-
-        foreach ($workflows as $workflow) {
-            if ($workflow->isFinal()) {
-                return false;
-            }
-
-            if (!$workflow->getCurrentStep()->getAllDestUser()->contains($currentUser)) {
-                return false;
-            }
-
-            // as soon as there is one signatured applyied, we are not able to
-            // edit the document any more
-            foreach ($workflow->getSteps() as $step) {
-                foreach ($step->getSignatures() as $signature) {
-                    if (EntityWorkflowSignatureStateEnum::SIGNED === $signature->getState()) {
-                        return false;
-                    }
-                }
-            }
-        }
-
-        return true;
-    }
-}

src/Bundle/ChillDocStoreBundle/Templating/WopiEditTwigExtension.php

@@ -28,6 +28,10 @@ class WopiEditTwigExtension extends AbstractExtension
                 'needs_environment' => true,
                 'is_safe' => ['html'],
             ]),
+            new TwigFilter('chill_document_download_only_button', [WopiEditTwigExtensionRuntime::class, 'renderDownloadButton'], [
+                'needs_environment' => true,
+                'is_safe' => ['html'],
+            ]),
         ];
     }
 

src/Bundle/ChillDocStoreBundle/Templating/WopiEditTwigExtensionRuntime.php

@@ -15,6 +15,7 @@ use ChampsLibres\WopiLib\Contract\Service\Discovery\DiscoveryInterface;
 use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Guard\JWTDavTokenProviderInterface;
+use Chill\DocStoreBundle\Serializer\Normalizer\StoredObjectNormalizer;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
@@ -177,6 +178,17 @@ final readonly class WopiEditTwigExtensionRuntime implements RuntimeExtensionInt
         ]);
     }
 
+    public function renderDownloadButton(Environment $environment, StoredObject $storedObject, string $title = ''): string
+    {
+        return $environment->render(
+            '@ChillDocStore/Button/button_download.html.twig',
+            [
+                'document_json' => $this->normalizer->normalize($storedObject, 'json', [AbstractNormalizer::GROUPS => ['read', StoredObjectNormalizer::DOWNLOAD_LINK_ONLY]]),
+                'title' => $title,
+            ]
+        );
+    }
+
     public function renderEditButton(Environment $environment, StoredObject $document, ?array $options = null): string
     {
         return $environment->render(self::TEMPLATE, [

src/Bundle/ChillDocStoreBundle/Tests/Entity/StoredObjectTest.php

@@ -12,6 +12,8 @@ declare(strict_types=1);
 namespace Chill\DocStoreBundle\Tests\Entity;
 
 use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Entity\StoredObjectPointInTime;
+use Chill\DocStoreBundle\Entity\StoredObjectPointInTimeReasonEnum;
 use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
 
 /**
@@ -54,4 +56,27 @@ class StoredObjectTest extends KernelTestCase
 
         self::assertNotSame($firstVersion, $version);
     }
+
+    public function testHasKeptBeforeConversionVersion(): void
+    {
+        $storedObject = new StoredObject();
+        $version1 = $storedObject->registerVersion();
+
+        self::assertFalse($storedObject->hasKeptBeforeConversionVersion());
+
+        // add a point in time without the correct version
+        new StoredObjectPointInTime($version1, StoredObjectPointInTimeReasonEnum::KEEP_BY_USER);
+
+        self::assertFalse($storedObject->hasKeptBeforeConversionVersion());
+        self::assertNull($storedObject->getLastKeptBeforeConversionVersion());
+
+        new StoredObjectPointInTime($version1, StoredObjectPointInTimeReasonEnum::KEEP_BEFORE_CONVERSION);
+
+        self::assertTrue($storedObject->hasKeptBeforeConversionVersion());
+        // add a second version
+        $version2 = $storedObject->registerVersion();
+        new StoredObjectPointInTime($version2, StoredObjectPointInTimeReasonEnum::KEEP_BEFORE_CONVERSION);
+
+        self::assertSame($version2, $storedObject->getLastKeptBeforeConversionVersion());
+    }
 }

src/Bundle/ChillDocStoreBundle/Tests/Form/StoredObjectTypeTest.php

@@ -11,6 +11,7 @@ declare(strict_types=1);
 
 namespace Chill\DocStoreBundle\Tests\Form;
 
+use Chill\DocStoreBundle\AsyncUpload\TempUrlGeneratorInterface;
 use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Form\DataMapper\StoredObjectDataMapper;
 use Chill\DocStoreBundle\Form\DataTransformer\StoredObjectDataTransformer;
@@ -132,7 +133,8 @@ class StoredObjectTypeTest extends TypeTestCase
                 new StoredObjectNormalizer(
                     $jwtTokenProvider->reveal(),
                     $urlGenerator->reveal(),
-                    $security->reveal()
+                    $security->reveal(),
+                    $this->createMock(TempUrlGeneratorInterface::class)
                 ),
                 new StoredObjectDenormalizer($storedObjectRepository->reveal()),
                 new StoredObjectVersionNormalizer(),

src/Bundle/ChillDocStoreBundle/Tests/Security/Authorization/AbstractStoredObjectVoterTest.php

@@ -15,10 +15,11 @@ use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoter\AbstractStoredObjectVoter;
-use Chill\DocStoreBundle\Service\WorkflowStoredObjectPermissionHelper;
 use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Workflow\Helper\WorkflowRelatedEntityPermissionHelper;
 use PHPUnit\Framework\TestCase;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Prophecy\PhpUnit\ProphecyTrait;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Security;
 
 /**
@@ -28,26 +29,21 @@ use Symfony\Component\Security\Core\Security;
  */
 class AbstractStoredObjectVoterTest extends TestCase
 {
-    private AssociatedEntityToStoredObjectInterface $repository;
-    private Security $security;
-    private WorkflowStoredObjectPermissionHelper $workflowDocumentService;
+    use ProphecyTrait;
 
-    protected function setUp(): void
-    {
-        $this->repository = $this->createMock(AssociatedEntityToStoredObjectInterface::class);
-        $this->security = $this->createMock(Security::class);
-        $this->workflowDocumentService = $this->createMock(WorkflowStoredObjectPermissionHelper::class);
-    }
-
-    private function buildStoredObjectVoter(bool $canBeAssociatedWithWorkflow, AssociatedEntityToStoredObjectInterface $repository, Security $security, ?WorkflowStoredObjectPermissionHelper $workflowDocumentService = null): AbstractStoredObjectVoter
-    {
+    private function buildStoredObjectVoter(
+        bool $canBeAssociatedWithWorkflow,
+        AssociatedEntityToStoredObjectInterface $repository,
+        Security $security,
+        ?WorkflowRelatedEntityPermissionHelper $workflowDocumentService = null,
+    ): AbstractStoredObjectVoter {
         // Anonymous class extending the abstract class
         return new class ($canBeAssociatedWithWorkflow, $repository, $security, $workflowDocumentService) extends AbstractStoredObjectVoter {
             public function __construct(
                 private readonly bool $canBeAssociatedWithWorkflow,
                 private readonly AssociatedEntityToStoredObjectInterface $repository,
                 Security $security,
-                ?WorkflowStoredObjectPermissionHelper $workflowDocumentService = null,
+                ?WorkflowRelatedEntityPermissionHelper $workflowDocumentService = null,
             ) {
                 parent::__construct($security, $workflowDocumentService);
             }
@@ -74,95 +70,89 @@ class AbstractStoredObjectVoterTest extends TestCase
         };
     }
 
-    private function setupMockObjects(): array
-    {
-        $user = new User();
-        $token = $this->createMock(TokenInterface::class);
-        $subject = new StoredObject();
-        $entity = new \stdClass();
-
-        return [$user, $token, $subject, $entity];
-    }
-
-    private function setupMocksForVoteOnAttribute(User $user, TokenInterface $token, bool $isGrantedForEntity, object $entity, bool $workflowAllowed): void
-    {
-        // Set up token to return user
-        $token->method('getUser')->willReturn($user);
-
-        // Mock the return of an AccompanyingCourseDocument by the repository
-        $this->repository->method('findAssociatedEntityToStoredObject')->willReturn($entity);
-
-        // Mock scenario where user is allowed to see_details of the AccompanyingCourseDocument
-        $this->security->method('isGranted')->willReturn($isGrantedForEntity);
-
-        // Mock case where user is blocked or not by workflow
-        $this->workflowDocumentService->method('notBlockedByWorkflow')->willReturn($workflowAllowed);
-    }
-
     public function testSupportsOnAttribute(): void
     {
-        [$user, $token, $subject, $entity] = $this->setupMockObjects();
+        $voter = $this->buildStoredObjectVoter(false, new DummyRepository(new \stdClass()), $this->prophesize(Security::class)->reveal(), null);
 
-        // Setup mocks for voteOnAttribute method
-        $this->setupMocksForVoteOnAttribute($user, $token, true, $entity, true);
-        $voter = $this->buildStoredObjectVoter(true, $this->repository, $this->security, $this->workflowDocumentService);
+        self::assertTrue($voter->supports(StoredObjectRoleEnum::SEE, new StoredObject()));
 
-        self::assertTrue($voter->supports(StoredObjectRoleEnum::SEE, $subject));
+        $voter = $this->buildStoredObjectVoter(false, new DummyRepository(new User()), $this->prophesize(Security::class)->reveal(), null);
+
+        self::assertFalse($voter->supports(StoredObjectRoleEnum::SEE, new StoredObject()));
+
+        $voter = $this->buildStoredObjectVoter(false, new DummyRepository(null), $this->prophesize(Security::class)->reveal(), null);
+
+        self::assertFalse($voter->supports(StoredObjectRoleEnum::SEE, new StoredObject()));
     }
 
-    public function testVoteOnAttributeAllowedAndWorkflowAllowed(): void
+    /**
+     * @dataProvider dataProviderVoteOnAttribute
+     */
+    public function testVoteOnAttribute(
+        StoredObjectRoleEnum $attribute,
+        bool $expected,
+        bool $canBeAssociatedWithWorkflow,
+        bool $isGrantedRegularPermission,
+        ?string $isGrantedWorkflowPermissionRead,
+        ?string $isGrantedWorkflowPermissionWrite,
+        string $message,
+    ): void {
+        $storedObject = new StoredObject();
+        $dummyRepository = new DummyRepository($related = new \stdClass());
+        $token = new UsernamePasswordToken(new User(), 'dummy');
+
+        $security = $this->prophesize(Security::class);
+        $security->isGranted('SOME_ROLE', $related)->willReturn($isGrantedRegularPermission);
+
+        $workflowRelatedEntityPermissionHelper = $this->prophesize(WorkflowRelatedEntityPermissionHelper::class);
+        if (null !== $isGrantedWorkflowPermissionRead) {
+            $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForReadOperation($related)
+                ->willReturn($isGrantedWorkflowPermissionRead)->shouldBeCalled();
+        } else {
+            $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForReadOperation($related)->shouldNotBeCalled();
+        }
+
+        if (null !== $isGrantedWorkflowPermissionWrite) {
+            $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForWriteOperation($related)
+                ->willReturn($isGrantedWorkflowPermissionWrite)->shouldBeCalled();
+        } else {
+            $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForWriteOperation($related)->shouldNotBeCalled();
+        }
+
+        $voter = $this->buildStoredObjectVoter($canBeAssociatedWithWorkflow, $dummyRepository, $security->reveal(), $workflowRelatedEntityPermissionHelper->reveal());
+        self::assertEquals($expected, $voter->voteOnAttribute($attribute, $storedObject, $token), $message);
+    }
+
+    public static function dataProviderVoteOnAttribute(): iterable
     {
-        [$user, $token, $subject, $entity] = $this->setupMockObjects();
+        // not associated on a workflow
+        yield [StoredObjectRoleEnum::SEE, true, false, true, null, null, 'not associated on a workflow, granted by regular access, must not rely on helper'];
+        yield [StoredObjectRoleEnum::SEE, false, false, false, null, null, 'not associated on a workflow, denied by regular access, must not rely on helper'];
 
-        // Setup mocks for voteOnAttribute method
-        $this->setupMocksForVoteOnAttribute($user, $token, true, $entity, true);
-        $voter = $this->buildStoredObjectVoter(true, $this->repository, $this->security, $this->workflowDocumentService);
+        // associated on a workflow, read operation
+        yield [StoredObjectRoleEnum::SEE, true, true, true, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, null, 'associated on a workflow, read by regular, force grant by workflow, ask for read, should be granted'];
+        yield [StoredObjectRoleEnum::SEE, true, true, true, WorkflowRelatedEntityPermissionHelper::ABSTAIN, null, 'associated on a workflow, read by regular, abstain by workflow, ask for read, should be granted'];
+        yield [StoredObjectRoleEnum::SEE, false, true, true, WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, null, 'associated on a workflow, read by regular, force grant by workflow, ask for read, should be denied'];
+        yield [StoredObjectRoleEnum::SEE, true, true, false, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, null, 'associated on a workflow, denied read by regular, force grant by workflow, ask for read, should be granted'];
+        yield [StoredObjectRoleEnum::SEE, false, true, false, WorkflowRelatedEntityPermissionHelper::ABSTAIN, null, 'associated on a workflow, denied read by regular, abstain by workflow, ask for read, should be granted'];
+        yield [StoredObjectRoleEnum::SEE, false, true, false, WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, null, 'associated on a workflow, denied read by regular, force grant by workflow, ask for read, should be denied'];
 
-        // The voteOnAttribute method should return True when workflow is allowed
-        self::assertTrue($voter->voteOnAttribute(StoredObjectRoleEnum::SEE, $subject, $token));
+        // association on a workflow, write operation
+        yield [StoredObjectRoleEnum::EDIT, true, true, true, null, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, 'associated on a workflow, write by regular, force grant by workflow, ask for write, should be granted'];
+        yield [StoredObjectRoleEnum::EDIT, true, true, true, null, WorkflowRelatedEntityPermissionHelper::ABSTAIN, 'associated on a workflow, write by regular, abstain by workflow, ask for write, should be granted'];
+        yield [StoredObjectRoleEnum::EDIT, false, true, true, null, WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, 'associated on a workflow, write by regular, force grant by workflow, ask for write, should be denied'];
+        yield [StoredObjectRoleEnum::EDIT, true, true, false, null, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, 'associated on a workflow, denied write by regular, force grant by workflow, ask for write, should be granted'];
+        yield [StoredObjectRoleEnum::EDIT, false, true, false, null, WorkflowRelatedEntityPermissionHelper::ABSTAIN, 'associated on a workflow, denied write by regular, abstain by workflow, ask for write, should be granted'];
+        yield [StoredObjectRoleEnum::EDIT, false, true, false, null, WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, 'associated on a workflow, denied write by regular, force grant by workflow, ask for write, should be denied'];
+    }
 }
 
-    public function testVoteOnAttributeNotAllowed(): void
+class DummyRepository implements AssociatedEntityToStoredObjectInterface
 {
-        [$user, $token, $subject, $entity] = $this->setupMockObjects();
+    public function __construct(private readonly ?object $relatedEntity) {}
 
-        // Setup mocks for voteOnAttribute method where isGranted() returns false
-        $this->setupMocksForVoteOnAttribute($user, $token, false, $entity, true);
-        $voter = $this->buildStoredObjectVoter(true, $this->repository, $this->security, $this->workflowDocumentService);
-
-        // The voteOnAttribute method should return True when workflow is allowed
-        self::assertFalse($voter->voteOnAttribute(StoredObjectRoleEnum::SEE, $subject, $token));
-    }
-
-    public function testVoteOnAttributeAllowedWorkflowNotAllowed(): void
+    public function findAssociatedEntityToStoredObject(StoredObject $storedObject): ?object
     {
-        [$user, $token, $subject, $entity] = $this->setupMockObjects();
-
-        // Setup mocks for voteOnAttribute method
-        $this->setupMocksForVoteOnAttribute($user, $token, true, $entity, false);
-        $voter = $this->buildStoredObjectVoter(true, $this->repository, $this->security, $this->workflowDocumentService);
-
-        // Test voteOnAttribute method
-        $attribute = StoredObjectRoleEnum::EDIT;
-        $result = $voter->voteOnAttribute($attribute, $subject, $token);
-
-        // Assert that access is denied when workflow is not allowed
-        $this->assertFalse($result);
-    }
-
-    public function testVoteOnAttributeAllowedWorkflowAllowedToSeeDocument(): void
-    {
-        [$user, $token, $subject, $entity] = $this->setupMockObjects();
-
-        // Setup mocks for voteOnAttribute method
-        $this->setupMocksForVoteOnAttribute($user, $token, true, $entity, false);
-        $voter = $this->buildStoredObjectVoter(true, $this->repository, $this->security, $this->workflowDocumentService);
-
-        // Test voteOnAttribute method
-        $attribute = StoredObjectRoleEnum::SEE;
-        $result = $voter->voteOnAttribute($attribute, $subject, $token);
-
-        // Assert that access is denied when workflow is not allowed
-        $this->assertTrue($result);
+        return $this->relatedEntity;
     }
 }

src/Bundle/ChillDocStoreBundle/Tests/Serializer/Normalizer/StoredObjectNormalizerTest.php

@@ -11,6 +11,8 @@ declare(strict_types=1);
 
 namespace Chill\DocStoreBundle\Tests\Serializer\Normalizer;
 
+use Chill\DocStoreBundle\AsyncUpload\SignedUrl;
+use Chill\DocStoreBundle\AsyncUpload\TempUrlGeneratorInterface;
 use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Guard\JWTDavTokenProviderInterface;
@@ -70,7 +72,9 @@ class StoredObjectNormalizerTest extends TestCase
                 return ['sub' => 'sub'];
             });
 
-        $normalizer = new StoredObjectNormalizer($jwtProvider, $urlGenerator, $security);
+        $tempUrlGenerator = $this->createMock(TempUrlGeneratorInterface::class);
+
+        $normalizer = new StoredObjectNormalizer($jwtProvider, $urlGenerator, $security, $tempUrlGenerator);
         $normalizer->setNormalizer($globalNormalizer);
 
         $actual = $normalizer->normalize($storedObject, 'json');
@@ -95,4 +99,48 @@ class StoredObjectNormalizerTest extends TestCase
         self::assertArrayHasKey('dav_link', $actual['_links']);
         self::assertEqualsCanonicalizing(['href' => $davLink, 'expiration' => $d->getTimestamp()], $actual['_links']['dav_link']);
     }
+
+    public function testWithDownloadLinkOnly(): void
+    {
+        $storedObject = new StoredObject();
+        $storedObject->registerVersion();
+        $storedObject->setTitle('test');
+        $reflection = new \ReflectionClass(StoredObject::class);
+        $idProperty = $reflection->getProperty('id');
+        $idProperty->setValue($storedObject, 1);
+
+        $jwtProvider = $this->createMock(JWTDavTokenProviderInterface::class);
+        $jwtProvider->expects($this->never())->method('createToken')->withAnyParameters();
+
+        $urlGenerator = $this->createMock(UrlGeneratorInterface::class);
+        $urlGenerator->expects($this->never())->method('generate');
+
+        $security = $this->createMock(Security::class);
+        $security->expects($this->never())->method('isGranted');
+
+        $globalNormalizer = $this->createMock(NormalizerInterface::class);
+        $globalNormalizer->expects($this->exactly(4))->method('normalize')
+            ->withAnyParameters()
+            ->willReturnCallback(function (?object $object, string $format, array $context) {
+                if (null === $object) {
+                    return null;
+                }
+
+                return ['sub' => 'sub'];
+            });
+
+        $tempUrlGenerator = $this->createMock(TempUrlGeneratorInterface::class);
+        $tempUrlGenerator->expects($this->once())->method('generate')->with('GET', $storedObject->getCurrentVersion()->getFilename(), $this->isType('int'))
+            ->willReturn(new SignedUrl('GET', 'https://some-link/test', new \DateTimeImmutable('300 seconds'), $storedObject->getCurrentVersion()->getFilename()));
+
+        $normalizer = new StoredObjectNormalizer($jwtProvider, $urlGenerator, $security, $tempUrlGenerator);
+        $normalizer->setNormalizer($globalNormalizer);
+
+        $actual = $normalizer->normalize($storedObject, 'json', ['groups' => ['read', 'read:download-link-only']]);
+
+        self::assertIsArray($actual);
+        self::assertArrayHasKey('_links', $actual);
+        self::assertArrayHasKey('downloadLink', $actual['_links']);
+        self::assertEquals(['sub' => 'sub'], $actual['_links']['downloadLink']);
+    }
 }

src/Bundle/ChillDocStoreBundle/Tests/Service/Signature/PDFSignatureZoneAvailableTest.php

@@ -22,6 +22,7 @@ use Chill\MainBundle\Entity\Workflow\EntityWorkflowSignatureStateEnum;
 use Chill\MainBundle\Workflow\EntityWorkflowManager;
 use Chill\MainBundle\Workflow\WorkflowTransitionContextDTO;
 use Chill\PersonBundle\Entity\Person;
+use Chill\WopiBundle\Service\WopiConverter;
 use PHPUnit\Framework\TestCase;
 use Prophecy\PhpUnit\ProphecyTrait;
 use Symfony\Component\Clock\MockClock;
@@ -65,6 +66,7 @@ class PDFSignatureZoneAvailableTest extends TestCase
             $entityWorkflowManager->reveal(),
             $parser->reveal(),
             $storedObjectManager->reveal(),
+            $this->prophesize(WopiConverter::class)->reveal(),
         );
 
         $actual = $filter->getAvailableSignatureZones($entityWorkflow);

src/Bundle/ChillDocStoreBundle/Tests/Service/StoredObjectDuplicateTest.php

@@ -12,9 +12,13 @@ declare(strict_types=1);
 namespace Chill\DocStoreBundle\Tests\Service;
 
 use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Entity\StoredObjectPointInTime;
+use Chill\DocStoreBundle\Entity\StoredObjectPointInTimeReasonEnum;
 use Chill\DocStoreBundle\Service\StoredObjectDuplicate;
 use Chill\DocStoreBundle\Service\StoredObjectManagerInterface;
 use PHPUnit\Framework\TestCase;
+use Prophecy\Argument;
+use Prophecy\PhpUnit\ProphecyTrait;
 use Psr\Log\NullLogger;
 
 /**
@@ -24,9 +28,13 @@ use Psr\Log\NullLogger;
  */
 class StoredObjectDuplicateTest extends TestCase
 {
+    use ProphecyTrait;
+
     public function testDuplicateHappyScenario(): void
     {
         $storedObject = new StoredObject();
+        // we create multiple version, we want the last to be duplicated
+        $storedObject->registerVersion(type: 'application/test');
         $version = $storedObject->registerVersion(type: $type = 'application/test');
 
         $manager = $this->createMock(StoredObjectManagerInterface::class);
@@ -45,4 +53,78 @@ class StoredObjectDuplicateTest extends TestCase
         self::assertNotNull($actual->getCurrentVersion()->getCreatedFrom());
         self::assertSame($version, $actual->getCurrentVersion()->getCreatedFrom());
     }
+
+    public function testDuplicateWithKeptVersion(): void
+    {
+        $storedObject = new StoredObject();
+        // we create two versions for stored object
+        // the first one is "kept before conversion", and that one should
+        // be duplicated, not the second one
+        $version1 = $storedObject->registerVersion(type: $type = 'application/test');
+        new StoredObjectPointInTime($version1, StoredObjectPointInTimeReasonEnum::KEEP_BEFORE_CONVERSION);
+        $version2 = $storedObject->registerVersion(type: $type = 'application/test');
+
+        $manager = $this->prophesize(StoredObjectManagerInterface::class);
+
+        // we create both possibilities for the method "read"
+        $manager->read($version1)->willReturn('1234');
+        $manager->read($version2)->willReturn('4567');
+
+        // we create the write method, and check that it is called with the content from version1, not version2
+        $manager->write(Argument::type(StoredObject::class), '1234', 'application/test')
+            ->shouldBeCalled()
+            ->will(function ($args) {
+                /** @var StoredObject $storedObject */
+                $storedObject = $args[0]; // args are ordered by key, so the first one is the stored object...
+                $type = $args[2]; // and the last one is the string $type
+
+                return $storedObject->registerVersion(type: $type);
+            });
+
+        // we create the service which will duplicate things
+        $storedObjectDuplicate = new StoredObjectDuplicate($manager->reveal(), new NullLogger());
+
+        $actual = $storedObjectDuplicate->duplicate($storedObject);
+
+        self::assertNotNull($actual->getCurrentVersion());
+        self::assertNotNull($actual->getCurrentVersion()->getCreatedFrom());
+        self::assertSame($version1, $actual->getCurrentVersion()->getCreatedFrom());
+    }
+
+    public function testDuplicateWithKeptVersionButWeWantToDuplicateTheLastOne(): void
+    {
+        $storedObject = new StoredObject();
+        // we create two versions for stored object
+        // the first one is "kept before conversion", and that one should
+        // be duplicated, not the second one
+        $version1 = $storedObject->registerVersion(type: $type = 'application/test');
+        new StoredObjectPointInTime($version1, StoredObjectPointInTimeReasonEnum::KEEP_BEFORE_CONVERSION);
+        $version2 = $storedObject->registerVersion(type: $type = 'application/test');
+
+        $manager = $this->prophesize(StoredObjectManagerInterface::class);
+
+        // we create both possibilities for the method "read"
+        $manager->read($version1)->willReturn('1234');
+        $manager->read($version2)->willReturn('4567');
+
+        // we create the write method, and check that it is called with the content from version1, not version2
+        $manager->write(Argument::type(StoredObject::class), '4567', 'application/test')
+            ->shouldBeCalled()
+            ->will(function ($args) {
+                /** @var StoredObject $storedObject */
+                $storedObject = $args[0]; // args are ordered by key, so the first one is the stored object...
+                $type = $args[2]; // and the last one is the string $type
+
+                return $storedObject->registerVersion(type: $type);
+            });
+
+        // we create the service which will duplicate things
+        $storedObjectDuplicate = new StoredObjectDuplicate($manager->reveal(), new NullLogger());
+
+        $actual = $storedObjectDuplicate->duplicate($storedObject, false);
+
+        self::assertNotNull($actual->getCurrentVersion());
+        self::assertNotNull($actual->getCurrentVersion()->getCreatedFrom());
+        self::assertSame($version2, $actual->getCurrentVersion()->getCreatedFrom());
+    }
 }

src/Bundle/ChillDocStoreBundle/Tests/Service/WorkflowStoredObjectPermissionHelperTest.php

@@ -1,101 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * Chill is a software for social workers
- *
- * For the full copyright and license information, please view
- * the LICENSE file that was distributed with this source code.
- */
-
-namespace Chill\DocStoreBundle\Tests\Service;
-
-use Chill\DocStoreBundle\Service\WorkflowStoredObjectPermissionHelper;
-use Chill\MainBundle\Entity\User;
-use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
-use Chill\MainBundle\Entity\Workflow\EntityWorkflowSignatureStateEnum;
-use Chill\MainBundle\Entity\Workflow\EntityWorkflowStepSignature;
-use Chill\MainBundle\Workflow\EntityWorkflowManager;
-use Chill\MainBundle\Workflow\WorkflowTransitionContextDTO;
-use Chill\PersonBundle\Entity\Person;
-use PHPUnit\Framework\TestCase;
-use Prophecy\Argument;
-use Prophecy\PhpUnit\ProphecyTrait;
-use Symfony\Component\Security\Core\Security;
-
-/**
- * @internal
- *
- * @coversNothing
- */
-class WorkflowStoredObjectPermissionHelperTest extends TestCase
-{
-    use ProphecyTrait;
-
-    /**
-     * @dataProvider provideDataNotBlockByWorkflow
-     */
-    public function testNotBlockByWorkflow(EntityWorkflow $entityWorkflow, User $user, bool $expected, string $message): void
-    {
-        $object = new \stdClass();
-        $helper = $this->buildHelper($object, $entityWorkflow, $user);
-
-        self::assertEquals($expected, $helper->notBlockedByWorkflow($entityWorkflow), $message);
-    }
-
-    private function buildHelper(object $relatedEntity, EntityWorkflow $entityWorkflow, User $user): WorkflowStoredObjectPermissionHelper
-    {
-        $security = $this->prophesize(Security::class);
-        $security->getUser()->willReturn($user);
-
-        $entityWorkflowManager = $this->prophesize(EntityWorkflowManager::class);
-        $entityWorkflowManager->findByRelatedEntity(Argument::type('object'))->willReturn([$entityWorkflow]);
-
-        return new WorkflowStoredObjectPermissionHelper($security->reveal(), $entityWorkflowManager->reveal());
-    }
-
-    public static function provideDataNotBlockByWorkflow(): iterable
-    {
-        $entityWorkflow = new EntityWorkflow();
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable());
-
-        yield [$entityWorkflow, new User(), false, 'blocked because the user is not present as a dest user'];
-
-        $entityWorkflow = new EntityWorkflow();
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $dto->futureDestUsers[] = $user = new User();
-        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), $user);
-
-        yield [$entityWorkflow, $user, true, 'allowed because the user is present as a dest user'];
-
-        $entityWorkflow = new EntityWorkflow();
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $dto->futureDestUsers[] = $user = new User();
-        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), $user);
-        $entityWorkflow->getCurrentStep()->setIsFinal(true);
-
-        yield [$entityWorkflow, $user, false, 'blocked because the step is final'];
-
-        $entityWorkflow = new EntityWorkflow();
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $dto->futureDestUsers[] = $user = new User();
-        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), $user);
-        $step = $entityWorkflow->getCurrentStep();
-        new EntityWorkflowStepSignature($step, new Person());
-
-        yield [$entityWorkflow, $user, true, 'allow, a signature is present but still pending'];
-
-        $entityWorkflow = new EntityWorkflow();
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $dto->futureDestUsers[] = $user = new User();
-        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), $user);
-        $step = $entityWorkflow->getCurrentStep();
-        $signature = new EntityWorkflowStepSignature($step, new Person());
-        $signature->setState(EntityWorkflowSignatureStateEnum::SIGNED);
-
-        yield [$entityWorkflow, $user, false, 'blocked, a signature is present and signed'];
-
-    }
-}

src/Bundle/ChillDocStoreBundle/Tests/Workflow/AccompanyingCourseDocumentWorkflowHandlerTest.php

@@ -0,0 +1,94 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Tests\Workflow;
+
+use Chill\DocStoreBundle\Entity\AccompanyingCourseDocument;
+use Chill\DocStoreBundle\Repository\AccompanyingCourseDocumentRepository;
+use Chill\DocStoreBundle\Workflow\AccompanyingCourseDocumentWorkflowHandler;
+use Chill\DocStoreBundle\Workflow\WorkflowWithPublicViewDocumentHelper;
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
+use Chill\MainBundle\Repository\Workflow\EntityWorkflowRepository;
+use Chill\PersonBundle\Entity\AccompanyingPeriod;
+use Chill\PersonBundle\Service\AccompanyingPeriod\ProvidePersonsAssociated;
+use Chill\PersonBundle\Service\AccompanyingPeriod\ProvideThirdPartiesAssociated;
+use PHPUnit\Framework\TestCase;
+use Prophecy\PhpUnit\ProphecyTrait;
+use Symfony\Contracts\Translation\TranslatorInterface;
+use Twig\Environment;
+
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
+class AccompanyingCourseDocumentWorkflowHandlerTest extends TestCase
+{
+    use ProphecyTrait;
+
+    public function testGetSuggestedUsers()
+    {
+        $accompanyingPeriod = new AccompanyingPeriod();
+        $document = new AccompanyingCourseDocument();
+        $document->setCourse($accompanyingPeriod)->setUser($user1 = new User());
+        $accompanyingPeriod->setUser($user = new User());
+        $entityWorkflow = new EntityWorkflow();
+        $entityWorkflow->setRelatedEntityId(1);
+
+        $handler = new AccompanyingCourseDocumentWorkflowHandler(
+            $this->prophesize(TranslatorInterface::class)->reveal(),
+            $this->prophesize(EntityWorkflowRepository::class)->reveal(),
+            $this->buildRepository($document, 1),
+            new WorkflowWithPublicViewDocumentHelper($this->prophesize(Environment::class)->reveal()),
+            $this->prophesize(ProvideThirdPartiesAssociated::class)->reveal(),
+            $this->prophesize(ProvidePersonsAssociated::class)->reveal(),
+        );
+
+        $users = $handler->getSuggestedUsers($entityWorkflow);
+
+        self::assertCount(2, $users);
+        self::assertContains($user, $users);
+        self::assertContains($user1, $users);
+    }
+
+    public function testGetSuggestedUsersWithDuplicates()
+    {
+        $accompanyingPeriod = new AccompanyingPeriod();
+        $document = new AccompanyingCourseDocument();
+        $document->setCourse($accompanyingPeriod)->setUser($user1 = new User());
+        $accompanyingPeriod->setUser($user1);
+        $entityWorkflow = new EntityWorkflow();
+        $entityWorkflow->setRelatedEntityId(1);
+
+        $handler = new AccompanyingCourseDocumentWorkflowHandler(
+            $this->prophesize(TranslatorInterface::class)->reveal(),
+            $this->prophesize(EntityWorkflowRepository::class)->reveal(),
+            $this->buildRepository($document, 1),
+            new WorkflowWithPublicViewDocumentHelper($this->prophesize(Environment::class)->reveal()),
+            $this->prophesize(ProvideThirdPartiesAssociated::class)->reveal(),
+            $this->prophesize(ProvidePersonsAssociated::class)->reveal(),
+        );
+
+        $users = $handler->getSuggestedUsers($entityWorkflow);
+
+        self::assertCount(1, $users);
+        self::assertContains($user1, $users);
+    }
+
+    private function buildRepository(AccompanyingCourseDocument $document, int $id): AccompanyingCourseDocumentRepository
+    {
+        $repository = $this->prophesize(AccompanyingCourseDocumentRepository::class);
+        $repository->find($id)->willReturn($document);
+
+        return $repository->reveal();
+    }
+}

src/Bundle/ChillDocStoreBundle/Tests/Workflow/ConvertToPdfBeforeSignatureStepEventSubscriberTest.php

@@ -1,208 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * Chill is a software for social workers
- *
- * For the full copyright and license information, please view
- * the LICENSE file that was distributed with this source code.
- */
-
-namespace Chill\DocStoreBundle\Tests\Workflow;
-
-use Chill\DocStoreBundle\Entity\StoredObject;
-use Chill\DocStoreBundle\Entity\StoredObjectPointInTime;
-use Chill\DocStoreBundle\Entity\StoredObjectPointInTimeReasonEnum;
-use Chill\DocStoreBundle\Service\StoredObjectToPdfConverter;
-use Chill\DocStoreBundle\Workflow\ConvertToPdfBeforeSignatureStepEventSubscriber;
-use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
-use Chill\MainBundle\Workflow\EntityWorkflowManager;
-use Chill\MainBundle\Workflow\EntityWorkflowMarkingStore;
-use Chill\MainBundle\Workflow\WorkflowTransitionContextDTO;
-use Prophecy\Argument;
-use Prophecy\PhpUnit\ProphecyTrait;
-use Symfony\Component\EventDispatcher\EventDispatcher;
-use Symfony\Component\EventDispatcher\EventSubscriberInterface;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\RequestStack;
-use Symfony\Component\Workflow\DefinitionBuilder;
-use Symfony\Component\Workflow\Metadata\InMemoryMetadataStore;
-use Symfony\Component\Workflow\Registry;
-use Symfony\Component\Workflow\SupportStrategy\WorkflowSupportStrategyInterface;
-use Symfony\Component\Workflow\Transition;
-use Symfony\Component\Workflow\Workflow;
-use Symfony\Component\Workflow\WorkflowInterface;
-
-/**
- * @internal
- *
- * @coversNothing
- */
-class ConvertToPdfBeforeSignatureStepEventSubscriberTest extends \PHPUnit\Framework\TestCase
-{
-    use ProphecyTrait;
-
-    public function testConvertToPdfBeforeSignatureStepEventSubscriberToSignature(): void
-    {
-        $entityWorkflow = new EntityWorkflow();
-        $storedObject = new StoredObject();
-        $previousVersion = $storedObject->registerVersion();
-
-        $converter = $this->prophesize(StoredObjectToPdfConverter::class);
-        $converter->addConvertedVersion($storedObject, 'fr', 'pdf')
-            ->shouldBeCalledOnce()
-            ->will(function ($args) {
-                /** @var StoredObject $storedObject */
-                $storedObject = $args[0];
-
-                $pointInTime = new StoredObjectPointInTime($storedObject->getCurrentVersion(), StoredObjectPointInTimeReasonEnum::KEEP_BEFORE_CONVERSION);
-                $newVersion = $storedObject->registerVersion(filename: 'next');
-
-                return [$pointInTime, $newVersion];
-            });
-
-        $entityWorkflowManager = $this->prophesize(EntityWorkflowManager::class);
-        $entityWorkflowManager->getAssociatedStoredObject($entityWorkflow)->willReturn($storedObject);
-
-        $request = new Request();
-        $request->setLocale('fr');
-        $stack = new RequestStack();
-        $stack->push($request);
-
-        $eventSubscriber = new ConvertToPdfBeforeSignatureStepEventSubscriber($entityWorkflowManager->reveal(), $converter->reveal(), $stack);
-
-        $registry = $this->buildRegistry($eventSubscriber);
-        $workflow = $registry->get($entityWorkflow, 'dummy');
-
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $workflow->apply($entityWorkflow, 'to_signature', ['context' => $dto, 'transition' => 'to_signature', 'transitionAt' => new \DateTimeImmutable('now')]);
-
-        self::assertEquals('signature', $entityWorkflow->getStep());
-        self::assertNotSame($previousVersion, $storedObject->getCurrentVersion());
-        self::assertTrue($previousVersion->hasPointInTimes());
-        self::assertCount(2, $storedObject->getVersions());
-        self::assertEquals('next', $storedObject->getCurrentVersion()->getFilename());
-    }
-
-    public function testConvertToPdfBeforeSignatureStepEventSubscriberToNotASignatureStep(): void
-    {
-        $entityWorkflow = new EntityWorkflow();
-        $storedObject = new StoredObject();
-        $previousVersion = $storedObject->registerVersion();
-
-        $converter = $this->prophesize(StoredObjectToPdfConverter::class);
-        $converter->addConvertedVersion($storedObject, 'fr', 'pdf')
-            ->shouldNotBeCalled();
-
-        $entityWorkflowManager = $this->prophesize(EntityWorkflowManager::class);
-        $entityWorkflowManager->getAssociatedStoredObject($entityWorkflow)->willReturn($storedObject);
-
-        $request = new Request();
-        $request->setLocale('fr');
-        $stack = new RequestStack();
-        $stack->push($request);
-
-        $eventSubscriber = new ConvertToPdfBeforeSignatureStepEventSubscriber($entityWorkflowManager->reveal(), $converter->reveal(), $stack);
-
-        $registry = $this->buildRegistry($eventSubscriber);
-        $workflow = $registry->get($entityWorkflow, 'dummy');
-
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $workflow->apply($entityWorkflow, 'to_something', ['context' => $dto, 'transition' => 'to_something', 'transitionAt' => new \DateTimeImmutable('now')]);
-
-        self::assertEquals('something', $entityWorkflow->getStep());
-        self::assertSame($previousVersion, $storedObject->getCurrentVersion());
-        self::assertFalse($previousVersion->hasPointInTimes());
-        self::assertCount(1, $storedObject->getVersions());
-    }
-
-    public function testConvertToPdfBeforeSignatureStepEventSubscriberToSignatureAlreadyAPdf(): void
-    {
-        $entityWorkflow = new EntityWorkflow();
-        $storedObject = new StoredObject();
-        $previousVersion = $storedObject->registerVersion(type: 'application/pdf');
-
-        $converter = $this->prophesize(StoredObjectToPdfConverter::class);
-        $converter->addConvertedVersion($storedObject, 'fr', 'pdf')
-            ->shouldNotBeCalled();
-
-        $entityWorkflowManager = $this->prophesize(EntityWorkflowManager::class);
-        $entityWorkflowManager->getAssociatedStoredObject($entityWorkflow)->willReturn($storedObject);
-
-        $request = new Request();
-        $request->setLocale('fr');
-        $stack = new RequestStack();
-        $stack->push($request);
-
-        $eventSubscriber = new ConvertToPdfBeforeSignatureStepEventSubscriber($entityWorkflowManager->reveal(), $converter->reveal(), $stack);
-
-        $registry = $this->buildRegistry($eventSubscriber);
-        $workflow = $registry->get($entityWorkflow, 'dummy');
-
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $workflow->apply($entityWorkflow, 'to_signature', ['context' => $dto, 'transition' => 'to_signature', 'transitionAt' => new \DateTimeImmutable('now')]);
-
-        self::assertEquals('signature', $entityWorkflow->getStep());
-        self::assertSame($previousVersion, $storedObject->getCurrentVersion());
-        self::assertFalse($previousVersion->hasPointInTimes());
-        self::assertCount(1, $storedObject->getVersions());
-    }
-
-    public function testConvertToPdfBeforeSignatureStepEventSubscriberToSignatureWithNoStoredObject(): void
-    {
-        $entityWorkflow = new EntityWorkflow();
-
-        $converter = $this->prophesize(StoredObjectToPdfConverter::class);
-        $converter->addConvertedVersion(Argument::type(StoredObject::class), 'fr', 'pdf')
-            ->shouldNotBeCalled();
-
-        $entityWorkflowManager = $this->prophesize(EntityWorkflowManager::class);
-        $entityWorkflowManager->getAssociatedStoredObject($entityWorkflow)->willReturn(null);
-
-        $request = new Request();
-        $request->setLocale('fr');
-        $stack = new RequestStack();
-        $stack->push($request);
-
-        $eventSubscriber = new ConvertToPdfBeforeSignatureStepEventSubscriber($entityWorkflowManager->reveal(), $converter->reveal(), $stack);
-
-        $registry = $this->buildRegistry($eventSubscriber);
-        $workflow = $registry->get($entityWorkflow, 'dummy');
-
-        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
-        $workflow->apply($entityWorkflow, 'to_signature', ['context' => $dto, 'transition' => 'to_signature', 'transitionAt' => new \DateTimeImmutable('now')]);
-
-        self::assertEquals('signature', $entityWorkflow->getStep());
-    }
-
-    private function buildRegistry(EventSubscriberInterface $eventSubscriber): Registry
-    {
-        $builder = new DefinitionBuilder();
-        $builder
-            ->setInitialPlaces('initial')
-            ->addPlaces(['initial', 'signature', 'something'])
-            ->addTransition(new Transition('to_something', 'initial', 'something'))
-            ->addTransition(new Transition('to_signature', 'initial', 'signature'));
-
-        $metadataStore = new InMemoryMetadataStore([], ['signature' => ['isSignature' => ['user']]]);
-        $builder->setMetadataStore($metadataStore);
-
-        $eventDispatcher = new EventDispatcher();
-        $eventDispatcher->addSubscriber($eventSubscriber);
-
-        $workflow = new Workflow($builder->build(), new EntityWorkflowMarkingStore(), $eventDispatcher, 'dummy');
-
-        $supports = new class () implements WorkflowSupportStrategyInterface {
-            public function supports(WorkflowInterface $workflow, object $subject): bool
-            {
-                return true;
-            }
-        };
-
-        $registry = new Registry();
-        $registry->addWorkflow($workflow, $supports);
-
-        return $registry;
-    }
-}

src/Bundle/ChillDocStoreBundle/Workflow/AccompanyingCourseDocumentWorkflowHandler.php

@@ -16,20 +16,28 @@ use Chill\DocStoreBundle\Repository\AccompanyingCourseDocumentRepository;
 use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Security\Authorization\AccompanyingCourseDocumentVoter;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowSend;
 use Chill\MainBundle\Repository\Workflow\EntityWorkflowRepository;
+use Chill\MainBundle\Workflow\EntityWorkflowWithPublicViewInterface;
 use Chill\MainBundle\Workflow\EntityWorkflowWithStoredObjectHandlerInterface;
+use Chill\MainBundle\Workflow\Templating\EntityWorkflowViewMetadataDTO;
 use Chill\PersonBundle\Entity\AccompanyingPeriodParticipation;
+use Chill\PersonBundle\Service\AccompanyingPeriod\ProvideThirdPartiesAssociated;
+use Chill\PersonBundle\Service\AccompanyingPeriod\ProvidePersonsAssociated;
 use Symfony\Contracts\Translation\TranslatorInterface;
 
 /**
  * @implements EntityWorkflowWithStoredObjectHandlerInterface<AccompanyingCourseDocument>
  */
-readonly class AccompanyingCourseDocumentWorkflowHandler implements EntityWorkflowWithStoredObjectHandlerInterface
+final readonly class AccompanyingCourseDocumentWorkflowHandler implements EntityWorkflowWithStoredObjectHandlerInterface, EntityWorkflowWithPublicViewInterface
 {
     public function __construct(
         private TranslatorInterface $translator,
         private EntityWorkflowRepository $workflowRepository,
         private AccompanyingCourseDocumentRepository $repository,
+        private WorkflowWithPublicViewDocumentHelper $publicViewDocumentHelper,
+        private ProvideThirdPartiesAssociated $thirdPartiesAssociated,
+        private ProvidePersonsAssociated $providePersonsAssociated,
     ) {}
 
     public function getDeletionRoles(): array
@@ -87,12 +95,28 @@ readonly class AccompanyingCourseDocumentWorkflowHandler implements EntityWorkfl
 
     public function getSuggestedUsers(EntityWorkflow $entityWorkflow): array
     {
-        $suggestedUsers = $entityWorkflow->getUsersInvolved();
+        $related = $this->getRelatedEntity($entityWorkflow);
 
-        $referrer = $this->getRelatedEntity($entityWorkflow)->getCourse()->getUser();
-        $suggestedUsers[spl_object_hash($referrer)] = $referrer;
+        if (null === $related) {
+            return [];
+        }
 
-        return $suggestedUsers;
+        $users = [];
+        if (null !== $user = $related->getUser()) {
+            $users[] = $user;
+        }
+        if (null !== $user = $related->getCourse()->getUser()) {
+            $users[] = $user;
+        }
+
+        return array_values(
+            // filter objects to remove duplicates
+            array_filter(
+                $users,
+                fn ($o, $k) => array_search($o, $users, true) === $k,
+                ARRAY_FILTER_USE_BOTH
+            )
+        );
     }
 
     public function getTemplate(EntityWorkflow $entityWorkflow, array $options = []): string
@@ -136,4 +160,31 @@ readonly class AccompanyingCourseDocumentWorkflowHandler implements EntityWorkfl
 
         return $this->workflowRepository->findByRelatedEntity(AccompanyingCourseDocument::class, $object->getId());
     }
+
+    public function renderPublicView(EntityWorkflowSend $entityWorkflowSend, EntityWorkflowViewMetadataDTO $metadata): string
+    {
+        return $this->publicViewDocumentHelper->render($entityWorkflowSend, $metadata, $this);
+    }
+
+    public function getSuggestedPersons(EntityWorkflow $entityWorkflow): array
+    {
+        $related = $this->getRelatedEntity($entityWorkflow);
+
+        if (null === $related) {
+            return [];
+        }
+
+        return $this->providePersonsAssociated->getPersonsAssociated($related->getCourse());
+    }
+
+    public function getSuggestedThirdParties(EntityWorkflow $entityWorkflow): array
+    {
+        $related = $this->getRelatedEntity($entityWorkflow);
+
+        if (null === $related) {
+            return [];
+        }
+
+        return $this->thirdPartiesAssociated->getThirdPartiesAssociated($related->getCourse());
+    }
 }

src/Bundle/ChillDocStoreBundle/Workflow/ConvertToPdfBeforeSignatureStepEventSubscriber.php

@@ -1,75 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * Chill is a software for social workers
- *
- * For the full copyright and license information, please view
- * the LICENSE file that was distributed with this source code.
- */
-
-namespace Chill\DocStoreBundle\Workflow;
-
-use Chill\DocStoreBundle\Service\StoredObjectToPdfConverter;
-use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
-use Chill\MainBundle\Workflow\EntityWorkflowManager;
-use Symfony\Component\EventDispatcher\EventSubscriberInterface;
-use Symfony\Component\HttpFoundation\RequestStack;
-use Symfony\Component\Workflow\Event\CompletedEvent;
-use Symfony\Component\Workflow\WorkflowEvents;
-
-/**
- * Event subscriber to convert objects to PDF when the document reach a signature step.
- */
-class ConvertToPdfBeforeSignatureStepEventSubscriber implements EventSubscriberInterface
-{
-    public function __construct(
-        private readonly EntityWorkflowManager $entityWorkflowManager,
-        private readonly StoredObjectToPdfConverter $storedObjectToPdfConverter,
-        private readonly RequestStack $requestStack,
-    ) {}
-
-    public static function getSubscribedEvents(): array
-    {
-        return [
-            WorkflowEvents::COMPLETED => 'convertToPdfBeforeSignatureStepEvent',
-        ];
-    }
-
-    public function convertToPdfBeforeSignatureStepEvent(CompletedEvent $event): void
-    {
-        $entityWorkflow = $event->getSubject();
-        if (!$entityWorkflow instanceof EntityWorkflow) {
-            return;
-        }
-
-        $tos = $event->getTransition()->getTos();
-        $workflow = $event->getWorkflow();
-        $metadataStore = $workflow->getMetadataStore();
-
-        foreach ($tos as $to) {
-            $metadata = $metadataStore->getPlaceMetadata($to);
-            if (array_key_exists('isSignature', $metadata) && 0 < count($metadata['isSignature'])) {
-                $this->convertToPdf($entityWorkflow);
-
-                return;
-            }
-        }
-    }
-
-    private function convertToPdf(EntityWorkflow $entityWorkflow): void
-    {
-        $storedObject = $this->entityWorkflowManager->getAssociatedStoredObject($entityWorkflow);
-
-        if (null === $storedObject) {
-            return;
-        }
-
-        if ('application/pdf' === $storedObject->getCurrentVersion()->getType()) {
-            return;
-        }
-
-        $this->storedObjectToPdfConverter->addConvertedVersion($storedObject, $this->requestStack->getCurrentRequest()->getLocale(), 'pdf');
-    }
-}

src/Bundle/ChillDocStoreBundle/Workflow/WorkflowWithPublicViewDocumentHelper.php

@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Workflow;
+
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowSend;
+use Chill\MainBundle\Workflow\EntityWorkflowHandlerInterface;
+use Chill\MainBundle\Workflow\EntityWorkflowWithStoredObjectHandlerInterface;
+use Chill\MainBundle\Workflow\Templating\EntityWorkflowViewMetadataDTO;
+use Twig\Environment;
+
+class WorkflowWithPublicViewDocumentHelper
+{
+    public function __construct(private readonly Environment $twig) {}
+
+    public function render(EntityWorkflowSend $send, EntityWorkflowViewMetadataDTO $metadata, EntityWorkflowHandlerInterface&EntityWorkflowWithStoredObjectHandlerInterface $handler): string
+    {
+        $entityWorkflow = $send->getEntityWorkflowStep()->getEntityWorkflow();
+        $storedObject = $handler->getAssociatedStoredObject($entityWorkflow);
+
+        if (null === $storedObject) {
+            return 'document removed';
+        }
+
+        $title = $handler->getEntityTitle($entityWorkflow);
+
+        return $this->twig->render(
+            '@ChillDocStore/Workflow/public_view_with_document_render.html.twig',
+            [
+                'title' => $title,
+                'storedObject' => $storedObject,
+                'send' => $send,
+                'metadata' => $metadata,
+            ]
+        );
+    }
+}

src/Bundle/ChillDocStoreBundle/chill.webpack.config.js

@@ -5,5 +5,6 @@ module.exports = function(encore)
     });
     encore.addEntry('mod_async_upload', __dirname + '/Resources/public/module/async_upload/index.ts');
     encore.addEntry('mod_document_action_buttons_group', __dirname + '/Resources/public/module/document_action_buttons_group/index');
-    encore.addEntry('vue_document_signature', __dirname + '/Resources/public/vuejs/DocumentSignature/index.ts');
+    encore.addEntry('mod_document_download_button', __dirname + '/Resources/public/module/button_download/index');
+    encore.addEntry('vue_document_signature', __dirname + '/Resources/public/vuejs/DocumentSignature/index');
 };

src/Bundle/ChillDocStoreBundle/migrations/Version20241118151618.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\Migrations\DocStore;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20241118151618 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return 'Force no duplicated object_id within person_document and accompanyingcourse_document';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->addSql(<<<'SQL'
+        WITH ranked AS (
+            SELECT id, rank() OVER (PARTITION BY object_id ORDER BY id ASC) FROM chill_doc.accompanyingcourse_document
+        )
+        DELETE FROM chill_doc.accompanyingcourse_document WHERE id IN (SELECT id FROM ranked where "rank" <> 1)
+        SQL);
+        $this->addSql('CREATE UNIQUE INDEX acc_course_document_unique_stored_object ON chill_doc.accompanyingcourse_document (object_id)');
+        $this->addSql('CREATE UNIQUE INDEX person_document_unique_stored_object ON chill_doc.person_document (object_id)');
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql('DROP INDEX acc_course_document_unique_stored_object');
+        $this->addSql('DROP INDEX person_document_unique_stored_object');
+    }
+}

src/Bundle/ChillDocStoreBundle/translations/messages+intl-icu.fr.yml

@@ -1,3 +1,11 @@
 acc_course_document:
     duplicated_at: >-
         Dupliqué le {at, date, long} à {at, time, short}
+
+workflow:
+    public_link:
+        doc_shared_by_at_explanation: >-
+            Le document a été partagé avec vous par {byUser}, le {at, date, long} à {at, time, short}.
+        doc_shared_automatically_at_explanation: >-
+            Le document a été partagé avec vous le {at, date, long} à {at, time, short}
+

src/Bundle/ChillDocStoreBundle/translations/messages.fr.yml

@@ -74,12 +74,18 @@ no records found:
 Create new category: Créer une nouvelle catégorie
 Back to the category list: Retour à la liste
 Create new DocumentCategory: Créer une nouvelle catégorie de document
+Accompanying period document: Document de parcours d'accompagnement
+Person document: Document de personne
 
 # WOPI EDIT
 online_edit_document: Éditer en ligne
 
 workflow:
     Document deleted: Document supprimé
+    public_link:
+        shared_doc: Document partagé
+        title: Document partagé
+        main_document: Document principal
 
 # ROLES
 accompanyingCourseDocument: Documents dans les parcours d'accompagnement

src/Bundle/ChillEventBundle/Entity/Status.php

@@ -12,6 +12,7 @@ declare(strict_types=1);
 namespace Chill\EventBundle\Entity;
 
 use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Validator\Constraints as Assert;
 
 /**
  * Class Status.
@@ -36,6 +37,7 @@ class Status
     private $name;
 
     #[ORM\ManyToOne(targetEntity: EventType::class, inversedBy: 'statuses')]
+    #[Assert\NotNull(message: 'An event status must be linked to an event type.')]
     private ?EventType $type = null;
 
     /**

src/Bundle/ChillEventBundle/Resources/views/EventType/index.html.twig

@@ -1,10 +1,10 @@
-{% extends "@ChillEvent/Admin/index.html.twig" %}
+{% extends '@ChillMain/Admin/layoutWithVerticalMenu.html.twig' %}
 
 {% block admin_content -%}
 
     <h1>{{ 'EventType list'|trans }}</h1>
 
-    <table class="records_list">
+    <table class="table table-bordered border-dark align-middle">
         <thead>
             <tr>
                 <th>{{ 'Id'|trans }}</th>

src/Bundle/ChillEventBundle/Resources/views/Role/index.html.twig

@@ -1,10 +1,10 @@
-{% extends "@ChillEvent/Admin/index.html.twig" %}
+{% extends '@ChillMain/Admin/layoutWithVerticalMenu.html.twig' %}
 
 {% block admin_content -%}
 
     <h1>{{ 'Role list'|trans }}</h1>
 
-    <table class="records_list">
+    <table class="table table-bordered border-dark align-middle">
         <thead>
             <tr>
                 <th>{{ 'Id'|trans }}</th>

src/Bundle/ChillEventBundle/Resources/views/Status/index.html.twig

@@ -1,10 +1,10 @@
-{% extends "@ChillEvent/Admin/index.html.twig" %}
+{% extends '@ChillMain/Admin/layoutWithVerticalMenu.html.twig' %}
 
 {% block admin_content -%}
 
     <h1>{{ 'Status list'|trans }}</h1>
 
-    <table class="records_list">
+    <table class="table table-bordered border-dark align-middle">
         <thead>
             <tr>
                 <th>{{ 'Id'|trans }}</th>

src/Bundle/ChillEventBundle/Security/Authorization/EventStoredObjectVoter.php

@@ -14,7 +14,7 @@ namespace Chill\EventBundle\Security\Authorization;
 use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoter\AbstractStoredObjectVoter;
-use Chill\DocStoreBundle\Service\WorkflowStoredObjectPermissionHelper;
+use Chill\MainBundle\Workflow\Helper\WorkflowRelatedEntityPermissionHelper;
 use Chill\EventBundle\Entity\Event;
 use Chill\EventBundle\Repository\EventRepository;
 use Chill\EventBundle\Security\EventVoter;
@@ -25,7 +25,7 @@ class EventStoredObjectVoter extends AbstractStoredObjectVoter
     public function __construct(
         private readonly EventRepository $repository,
         Security $security,
-        WorkflowStoredObjectPermissionHelper $workflowDocumentService,
+        WorkflowRelatedEntityPermissionHelper $workflowDocumentService,
     ) {
         parent::__construct($security, $workflowDocumentService);
     }

src/Bundle/ChillJobBundle/src/Resources/public/sass/csconnectes.scss

@@ -1,19 +0,0 @@
-footer.footer {
-   padding: 0;
-   background-color: white;
-   border-top: 1px solid grey;
-   div.sponsors {
-      p {
-         padding-bottom: 10px;
-         color: #000;
-         font-size: 16px;
-      }
-      background-color: white;
-      padding: 2em 0;
-      img {
-         display: block;
-         margin: auto;
-      }
-   }
-}
-

src/Bundle/ChillJobBundle/src/Resources/public/sass/index.js

@@ -1 +0,0 @@
-require('./csconnectes.scss');

src/Bundle/ChillJobBundle/src/chill.webpack.config.js

@@ -5,8 +5,7 @@ module.exports = function(encore, chillEntries)
         personal_situation_edit_file = __dirname + '/Resources/public/module/personal_situation/index.js',
         cv_edit_file = __dirname + '/Resources/public/module/cv_edit/index.js',
         immersion_edit_file = __dirname + '/Resources/public/module/immersion_edit/index.js',
-        images = __dirname + '/Resources/public/images/index.js',
-        sass_styles = __dirname + '/Resources/public/sass/index.js'
+        images = __dirname + '/Resources/public/images/index.js'
     ;
 
     encore.addEntry('dispositifs_edit', dispositif_edit_file);
@@ -15,6 +14,4 @@ module.exports = function(encore, chillEntries)
     encore.addEntry('images', images);
     encore.addEntry('cs_cv', cv_edit_file);
 
-    chillEntries.push(sass_styles);
-
 };

src/Bundle/ChillMainBundle/Controller/GenderApiController.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\CRUD\Controller\ApiController;
+use Chill\MainBundle\Pagination\PaginatorInterface;
+use Symfony\Component\HttpFoundation\Request;
+
+class GenderApiController extends ApiController
+{
+    protected function customizeQuery(string $action, Request $request, $query): void
+    {
+        $query
+            ->andWhere(
+                $query->expr()->eq('e.active', "'TRUE'")
+            );
+    }
+
+    protected function orderQuery(string $action, $query, Request $request, PaginatorInterface $paginator, $_format)
+    {
+        return $query->addOrderBy('e.order', 'ASC');
+    }
+}

src/Bundle/ChillMainBundle/Controller/GenderController.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\CRUD\Controller\CRUDController;
+use Chill\MainBundle\Pagination\PaginatorInterface;
+use Symfony\Component\HttpFoundation\Request;
+
+class GenderController extends CRUDController
+{
+    protected function orderQuery(string $action, $query, Request $request, PaginatorInterface $paginator)
+    {
+        $query->addOrderBy('e.order', 'ASC');
+
+        return parent::orderQuery($action, $query, $request, $paginator);
+    }
+}

src/Bundle/ChillMainBundle/Controller/UserController.php

@@ -12,7 +12,9 @@ declare(strict_types=1);
 namespace Chill\MainBundle\Controller;
 
 use Chill\MainBundle\CRUD\Controller\CRUDController;
+use Chill\MainBundle\Entity\Center;
 use Chill\MainBundle\Entity\GroupCenter;
+use Chill\MainBundle\Entity\PermissionsGroup;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Form\Type\ComposedGroupCenterType;
 use Chill\MainBundle\Form\UserCurrentLocationType;
@@ -64,10 +66,14 @@ class UserController extends CRUDController
         $form->handleRequest($request);
 
         if ($form->isValid()) {
-            $groupCenter = $this->getPersistedGroupCenter(
-                $form[self::FORM_GROUP_CENTER_COMPOSED]->getData()
-            );
+
+            $formData = $form[self::FORM_GROUP_CENTER_COMPOSED]->getData();
+            $selectedCenters = $formData['center'];
+
+            foreach ($selectedCenters as $center) {
+                $groupCenter = $this->getPersistedGroupCenter($center, $formData['permissionsgroup']);
                 $user->addGroupCenter($groupCenter);
+            }
 
             if (0 === $this->validator->validate($user)->count()) {
                 $em->flush();
@@ -419,17 +425,21 @@ class UserController extends CRUDController
         }
     }
 
-    private function getPersistedGroupCenter(GroupCenter $groupCenter)
+    private function getPersistedGroupCenter(Center $center, PermissionsGroup $permissionsGroup)
     {
         $em = $this->managerRegistry->getManager();
 
         $groupCenterManaged = $em->getRepository(GroupCenter::class)
             ->findOneBy([
-                'center' => $groupCenter->getCenter(),
-                'permissionsGroup' => $groupCenter->getPermissionsGroup(),
+                'center' => $center,
+                'permissionsGroup' => $permissionsGroup,
             ]);
 
         if (!$groupCenterManaged) {
+            $groupCenter = new GroupCenter();
+            $groupCenter->setCenter($center);
+            $groupCenter->setPermissionsGroup($permissionsGroup);
+
             $em->persist($groupCenter);
 
             return $groupCenter;

src/Bundle/ChillMainBundle/Controller/UserGroupAdminController.php

@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\CRUD\Controller\CRUDController;
+use Chill\MainBundle\Pagination\PaginatorInterface;
+use Symfony\Component\HttpFoundation\Request;
+
+class UserGroupAdminController extends CRUDController
+{
+    protected function orderQuery(string $action, $query, Request $request, PaginatorInterface $paginator)
+    {
+        $query->addSelect('JSON_EXTRACT(e.label, :lang) AS HIDDEN labeli18n')
+            ->setParameter('lang', $request->getLocale());
+        $query->addOrderBy('labeli18n', 'ASC');
+
+        return $query;
+    }
+}

src/Bundle/ChillMainBundle/Controller/UserGroupApiController.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\CRUD\Controller\ApiController;
+
+class UserGroupApiController extends ApiController {}

src/Bundle/ChillMainBundle/Controller/UserGroupController.php

@@ -0,0 +1,177 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\UserGroup;
+use Chill\MainBundle\Form\Type\PickUserDynamicType;
+use Chill\MainBundle\Pagination\PaginatorFactoryInterface;
+use Chill\MainBundle\Repository\UserGroupRepositoryInterface;
+use Chill\MainBundle\Routing\ChillUrlGeneratorInterface;
+use Chill\MainBundle\Security\Authorization\UserGroupVoter;
+use Chill\MainBundle\Templating\Entity\ChillEntityRenderManagerInterface;
+use Doctrine\ORM\EntityManagerInterface;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
+use Symfony\Component\Form\Extension\Core\Type\FormType;
+use Symfony\Component\Form\FormFactoryInterface;
+use Symfony\Component\Form\FormInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\Session;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Translation\TranslatableMessage;
+use Twig\Environment;
+
+/**
+ * Controller to see and manage user groups.
+ */
+final readonly class UserGroupController
+{
+    public function __construct(
+        private UserGroupRepositoryInterface $userGroupRepository,
+        private Security $security,
+        private PaginatorFactoryInterface $paginatorFactory,
+        private Environment $twig,
+        private FormFactoryInterface $formFactory,
+        private ChillUrlGeneratorInterface $chillUrlGenerator,
+        private EntityManagerInterface $objectManager,
+        private ChillEntityRenderManagerInterface $chillEntityRenderManager,
+    ) {}
+
+    #[Route('/{_locale}/main/user-groups/my', name: 'chill_main_user_groups_my')]
+    public function myUserGroups(): Response
+    {
+        if (!$this->security->isGranted('ROLE_USER')) {
+            throw new AccessDeniedHttpException();
+        }
+
+        $user = $this->security->getUser();
+
+        if (!$user instanceof User) {
+            throw new AccessDeniedHttpException();
+        }
+
+        $nb = $this->userGroupRepository->countByUser($user);
+        $paginator = $this->paginatorFactory->create($nb);
+
+        $groups = $this->userGroupRepository->findByUser($user, true, $paginator->getItemsPerPage(), $paginator->getCurrentPageFirstItemNumber());
+        $forms = new \SplObjectStorage();
+
+        foreach ($groups as $group) {
+            $forms->attach($group, $this->createFormAppendUserForGroup($group)?->createView());
+        }
+
+        return new Response($this->twig->render('@ChillMain/UserGroup/my_user_groups.html.twig', [
+            'groups' => $groups,
+            'paginator' => $paginator,
+            'forms' => $forms,
+        ]));
+    }
+
+    #[Route('/{_locale}/main/user-groups/{id}/append', name: 'chill_main_user_groups_append_users')]
+    public function appendUsersToGroup(UserGroup $userGroup, Request $request, Session $session): Response
+    {
+        if (!$this->security->isGranted(UserGroupVoter::APPEND_TO_GROUP, $userGroup)) {
+            throw new AccessDeniedHttpException();
+        }
+
+        $form = $this->createFormAppendUserForGroup($userGroup);
+
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            foreach ($form['users']->getData() as $user) {
+                $userGroup->addUser($user);
+
+                $session->getFlashBag()->add(
+                    'success',
+                    new TranslatableMessage(
+                        'user_group.user_added',
+                        [
+                            'user_group' => $this->chillEntityRenderManager->renderString($userGroup, []),
+                            'user' => $this->chillEntityRenderManager->renderString($user, []),
+                        ]
+                    )
+                );
+            }
+
+            $this->objectManager->flush();
+
+            return new RedirectResponse(
+                $this->chillUrlGenerator->returnPathOr('chill_main_user_groups_my')
+            );
+        }
+        if ($form->isSubmitted()) {
+            $errors = [];
+            foreach ($form->getErrors() as $error) {
+                $errors[] = $error->getMessage();
+            }
+
+            return new Response(implode(', ', $errors));
+        }
+
+        return new RedirectResponse(
+            $this->chillUrlGenerator->returnPathOr('chill_main_user_groups_my')
+        );
+    }
+
+    /**
+     * @ParamConverter("user", class=User::class, options={"id" = "userId"})
+     */
+    #[Route('/{_locale}/main/user-group/{id}/user/{userId}/remove', name: 'chill_main_user_groups_remove_user')]
+    public function removeUserToGroup(UserGroup $userGroup, User $user, Session $session): Response
+    {
+        if (!$this->security->isGranted(UserGroupVoter::APPEND_TO_GROUP, $userGroup)) {
+            throw new AccessDeniedHttpException();
+        }
+
+        $userGroup->removeUser($user);
+        $this->objectManager->flush();
+
+        $session->getFlashBag()->add(
+            'success',
+            new TranslatableMessage(
+                'user_group.user_removed',
+                [
+                    'user_group' => $this->chillEntityRenderManager->renderString($userGroup, []),
+                    'user' => $this->chillEntityRenderManager->renderString($user, []),
+                ]
+            )
+        );
+
+        return new RedirectResponse(
+            $this->chillUrlGenerator->returnPathOr('chill_main_user_groups_my')
+        );
+    }
+
+    private function createFormAppendUserForGroup(UserGroup $group): ?FormInterface
+    {
+        if (!$this->security->isGranted(UserGroupVoter::APPEND_TO_GROUP, $group)) {
+            return null;
+        }
+
+        $builder = $this->formFactory->createBuilder(FormType::class, ['users' => []], [
+            'action' => $this->chillUrlGenerator->generateWithReturnPath('chill_main_user_groups_append_users', ['id' => $group->getId()]),
+        ]);
+        $builder->add('users', PickUserDynamicType::class, [
+            'submit_on_adding_new_entity' => true,
+            'label' => 'user_group.append_users',
+            'mapped' => false,
+            'multiple' => true,
+        ]);
+
+        return $builder->getForm();
+    }
+}

src/Bundle/ChillMainBundle/Controller/WorkflowAddSignatureController.php

@@ -71,7 +71,7 @@ final readonly class WorkflowAddSignatureController
 
         return new Response(
             $this->twig->render(
-                '@ChillMain/Workflow/_signature_sign.html.twig',
+                '@ChillMain/Workflow/signature_sign.html.twig',
                 ['signature' => $signatureClient]
             )
         );

src/Bundle/ChillMainBundle/Controller/WorkflowController.php

@@ -300,19 +300,12 @@ class WorkflowController extends AbstractController
         if (\count($workflow->getEnabledTransitions($entityWorkflow)) > 0) {
             // possible transition
             $stepDTO = new WorkflowTransitionContextDTO($entityWorkflow);
-            $usersInvolved = $entityWorkflow->getUsersInvolved();
-            $currentUserFound = array_search($this->security->getUser(), $usersInvolved, true);
-
-            if (false !== $currentUserFound) {
-                unset($usersInvolved[$currentUserFound]);
-            }
 
             $transitionForm = $this->createForm(
                 WorkflowStepType::class,
                 $stepDTO,
                 [
                     'entity_workflow' => $entityWorkflow,
-                    'suggested_users' => $usersInvolved,
                 ]
             );
 
@@ -430,7 +423,7 @@ class WorkflowController extends AbstractController
         }
 
         return $this->render(
-            '@ChillMain/Workflow/_signature_metadata.html.twig',
+            '@ChillMain/Workflow/signature_metadata.html.twig',
             [
                 'metadata_form' => $metadataForm->createView(),
                 'person' => $signature->getSigner(),

src/Bundle/ChillMainBundle/Controller/WorkflowSignatureCancelController.php

@@ -0,0 +1,98 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowStepSignature;
+use Chill\MainBundle\Routing\ChillUrlGeneratorInterface;
+use Chill\MainBundle\Security\Authorization\EntityWorkflowStepSignatureVoter;
+use Chill\MainBundle\Workflow\SignatureStepStateChanger;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\Form\Extension\Core\Type\SubmitType;
+use Symfony\Component\Form\FormFactoryInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Security;
+use Twig\Environment;
+
+final readonly class WorkflowSignatureCancelController
+{
+    public function __construct(
+        private EntityManagerInterface $entityManager,
+        private Security $security,
+        private FormFactoryInterface $formFactory,
+        private Environment $twig,
+        private SignatureStepStateChanger $signatureStepStateChanger,
+        private ChillUrlGeneratorInterface $chillUrlGenerator,
+    ) {}
+
+    #[Route('/{_locale}/main/workflow/signature/{id}/cancel', name: 'chill_main_workflow_signature_cancel')]
+    public function cancelSignature(EntityWorkflowStepSignature $signature, Request $request): Response
+    {
+        return $this->markSignatureAction(
+            $signature,
+            $request,
+            EntityWorkflowStepSignatureVoter::CANCEL,
+            function (EntityWorkflowStepSignature $signature) {$this->signatureStepStateChanger->markSignatureAsCanceled($signature); },
+            '@ChillMain/WorkflowSignature/cancel.html.twig',
+        );
+    }
+
+    #[Route('/{_locale}/main/workflow/signature/{id}/reject', name: 'chill_main_workflow_signature_reject')]
+    public function rejectSignature(EntityWorkflowStepSignature $signature, Request $request): Response
+    {
+        return $this->markSignatureAction(
+            $signature,
+            $request,
+            EntityWorkflowStepSignatureVoter::REJECT,
+            function (EntityWorkflowStepSignature $signature) {$this->signatureStepStateChanger->markSignatureAsRejected($signature); },
+            '@ChillMain/WorkflowSignature/reject.html.twig',
+        );
+    }
+
+    private function markSignatureAction(
+        EntityWorkflowStepSignature $signature,
+        Request $request,
+        string $permissionAttribute,
+        callable $markSignature,
+        string $template,
+    ): Response {
+
+        if (!$this->security->isGranted($permissionAttribute, $signature)) {
+            throw new AccessDeniedHttpException('not allowed to cancel this signature');
+        }
+
+        $form = $this->formFactory->create();
+        $form->add('confirm', SubmitType::class, ['label' => 'Confirm']);
+
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            $markSignature($signature);
+            $this->entityManager->flush();
+
+            return new RedirectResponse(
+                $this->chillUrlGenerator->returnPathOr('chill_main_workflow_show', ['id' => $signature->getStep()->getEntityWorkflow()->getId()])
+            );
+        }
+
+        return
+            new Response(
+                $this->twig->render(
+                    $template,
+                    ['form' => $form->createView(), 'signature' => $signature]
+                )
+            );
+    }
+}

src/Bundle/ChillMainBundle/Controller/WorkflowViewSendPublicController.php

@@ -0,0 +1,89 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowSend;
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowSendView;
+use Chill\MainBundle\Workflow\EntityWorkflowManager;
+use Chill\MainBundle\Workflow\Exception\HandlerWithPublicViewNotFoundException;
+use Chill\MainBundle\Workflow\Messenger\PostPublicViewMessage;
+use Chill\MainBundle\Workflow\Templating\EntityWorkflowViewMetadataDTO;
+use Doctrine\ORM\EntityManagerInterface;
+use Psr\Log\LoggerInterface;
+use Symfony\Component\Clock\ClockInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\Messenger\MessageBusInterface;
+use Symfony\Component\Routing\Annotation\Route;
+use Twig\Environment;
+
+final readonly class WorkflowViewSendPublicController
+{
+    public const LOG_PREFIX = '[workflow-view-send-public-controller] ';
+
+    public function __construct(
+        private EntityManagerInterface $entityManager,
+        private LoggerInterface $chillLogger,
+        private EntityWorkflowManager $entityWorkflowManager,
+        private ClockInterface $clock,
+        private Environment $environment,
+        private MessageBusInterface $messageBus,
+    ) {}
+
+    #[Route('/public/main/workflow/send/{uuid}/view/{verificationKey}', name: 'chill_main_workflow_send_view_public', methods: ['GET'])]
+    public function __invoke(EntityWorkflowSend $workflowSend, string $verificationKey, Request $request): Response
+    {
+        if (50 < $workflowSend->getNumberOfErrorTrials()) {
+            throw new AccessDeniedHttpException('number of trials exceeded, no more access allowed');
+        }
+
+        if ($verificationKey !== $workflowSend->getPrivateToken()) {
+            $this->chillLogger->info(self::LOG_PREFIX.'Invalid trial for this send', ['client_ip' => $request->getClientIp()]);
+            $workflowSend->increaseErrorTrials();
+            $this->entityManager->flush();
+
+            throw new AccessDeniedHttpException('invalid verification key');
+        }
+
+        if ($this->clock->now() > $workflowSend->getExpireAt()) {
+            return new Response(
+                $this->environment->render('@ChillMain/Workflow/workflow_view_send_public_expired.html.twig'),
+                409
+            );
+        }
+
+        if (100 < $workflowSend->getViews()->count()) {
+            $this->chillLogger->info(self::LOG_PREFIX.'100 view reached, not allowed to see it again');
+            throw new AccessDeniedHttpException('100 views reached, not allowed to see it again');
+        }
+
+        try {
+            $metadata = new EntityWorkflowViewMetadataDTO(
+                $workflowSend->getViews()->count(),
+                100 - $workflowSend->getViews()->count(),
+            );
+            $response = new Response(
+                $this->entityWorkflowManager->renderPublicView($workflowSend, $metadata),
+            );
+
+            $view = new EntityWorkflowSendView($workflowSend, $this->clock->now(), $request->getClientIp());
+            $this->entityManager->persist($view);
+            $this->messageBus->dispatch(new PostPublicViewMessage($view->getId()));
+            $this->entityManager->flush();
+
+            return $response;
+        } catch (HandlerWithPublicViewNotFoundException $e) {
+            throw new \RuntimeException('Could not render the public view', previous: $e);
+        }
+    }
+}

src/Bundle/ChillMainBundle/DataFixtures/ORM/LoadGenders.php

@@ -0,0 +1,63 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\DataFixtures\ORM;
+
+use Chill\MainBundle\Entity\Gender;
+use Chill\MainBundle\Entity\GenderEnum;
+use Chill\MainBundle\Entity\GenderIconEnum;
+use Doctrine\Common\DataFixtures\AbstractFixture;
+use Doctrine\Common\DataFixtures\OrderedFixtureInterface;
+use Doctrine\Persistence\ObjectManager;
+
+class LoadGenders extends AbstractFixture implements OrderedFixtureInterface
+{
+    private array $genders = [
+        [
+            'label' => ['en' => 'man', 'fr' => 'homme'],
+            'genderTranslation' => GenderEnum::MALE,
+            'icon' => GenderIconEnum::MALE,
+        ],
+        [
+            'label' => ['en' => 'woman', 'fr' => 'femme'],
+            'genderTranslation' => GenderEnum::FEMALE,
+            'icon' => GenderIconEnum::FEMALE,
+        ],
+        [
+            'label' => ['en' => 'neutral', 'fr' => 'neutre'],
+            'genderTranslation' => GenderEnum::NEUTRAL,
+            'icon' => GenderIconEnum::NEUTRAL,
+        ],
+    ];
+
+    public function getOrder()
+    {
+        return 100;
+    }
+
+    public function load(ObjectManager $manager)
+    {
+        echo "loading genders... \n";
+
+        foreach ($this->genders as $g) {
+            echo $g['label']['fr'].' ';
+            $new_g = new Gender();
+            $new_g->setGenderTranslation($g['genderTranslation']);
+            $new_g->setLabel($g['label']);
+            $new_g->setIcon($g['icon']);
+
+            $this->addReference('g_'.$g['genderTranslation']->value, $new_g);
+            $manager->persist($new_g);
+        }
+
+        $manager->flush();
+    }
+}

src/Bundle/ChillMainBundle/DataFixtures/ORM/LoadUserGroup.php

@@ -0,0 +1,68 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\DataFixtures\ORM;
+
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\UserGroup;
+use Doctrine\Bundle\FixturesBundle\Fixture;
+use Doctrine\Bundle\FixturesBundle\FixtureGroupInterface;
+use Doctrine\Persistence\ObjectManager;
+
+class LoadUserGroup extends Fixture implements FixtureGroupInterface
+{
+    public static function getGroups(): array
+    {
+        return ['user-group'];
+    }
+
+    public function load(ObjectManager $manager)
+    {
+        $centerASocial = $manager->getRepository(User::class)->findOneBy(['username' => 'center a_social']);
+        $centerBSocial = $manager->getRepository(User::class)->findOneBy(['username' => 'center b_social']);
+        $multiCenter = $manager->getRepository(User::class)->findOneBy(['username' => 'multi_center']);
+        $administrativeA = $manager->getRepository(User::class)->findOneBy(['username' => 'center a_administrative']);
+        $administrativeB = $manager->getRepository(User::class)->findOneBy(['username' => 'center b_administrative']);
+
+        $level1 = $this->generateLevelGroup('Niveau 1', '#eec84aff', '#000000ff', 'level');
+        $level1->addUser($centerASocial)->addUser($centerBSocial);
+        $manager->persist($level1);
+
+        $level2 = $this->generateLevelGroup('Niveau 2', ' #e2793dff', '#000000ff', 'level');
+        $level2->addUser($multiCenter);
+        $manager->persist($level2);
+
+        $level3 = $this->generateLevelGroup('Niveau 3', ' #df4949ff', '#000000ff', 'level');
+        $level3->addUser($multiCenter);
+        $manager->persist($level3);
+
+        $tss = $this->generateLevelGroup('Travailleur sociaux', '#43b29dff', '#000000ff', '');
+        $tss->addUser($multiCenter)->addUser($centerASocial)->addUser($centerBSocial);
+        $manager->persist($tss);
+        $admins = $this->generateLevelGroup('Administratif', '#334d5cff', '#000000ff', '');
+        $admins->addUser($administrativeA)->addUser($administrativeB);
+        $manager->persist($admins);
+
+        $manager->flush();
+    }
+
+    private function generateLevelGroup(string $title, string $backgroundColor, string $foregroundColor, string $excludeKey): UserGroup
+    {
+        $userGroup = new UserGroup();
+
+        return $userGroup
+            ->setLabel(['fr' => $title])
+            ->setBackgroundColor($backgroundColor)
+            ->setForegroundColor($foregroundColor)
+            ->setExcludeKey($excludeKey)
+        ;
+    }
+}

src/Bundle/ChillMainBundle/DependencyInjection/ChillMainExtension.php

@@ -17,6 +17,8 @@ use Chill\MainBundle\Controller\CivilityApiController;
 use Chill\MainBundle\Controller\CivilityController;
 use Chill\MainBundle\Controller\CountryApiController;
 use Chill\MainBundle\Controller\CountryController;
+use Chill\MainBundle\Controller\GenderApiController;
+use Chill\MainBundle\Controller\GenderController;
 use Chill\MainBundle\Controller\GeographicalUnitApiController;
 use Chill\MainBundle\Controller\LanguageController;
 use Chill\MainBundle\Controller\LocationController;
@@ -24,6 +26,8 @@ use Chill\MainBundle\Controller\LocationTypeController;
 use Chill\MainBundle\Controller\NewsItemController;
 use Chill\MainBundle\Controller\RegroupmentController;
 use Chill\MainBundle\Controller\UserController;
+use Chill\MainBundle\Controller\UserGroupAdminController;
+use Chill\MainBundle\Controller\UserGroupApiController;
 use Chill\MainBundle\Controller\UserJobApiController;
 use Chill\MainBundle\Controller\UserJobController;
 use Chill\MainBundle\DependencyInjection\Widget\Factory\WidgetFactoryInterface;
@@ -52,6 +56,7 @@ use Chill\MainBundle\Doctrine\Type\PointType;
 use Chill\MainBundle\Entity\Center;
 use Chill\MainBundle\Entity\Civility;
 use Chill\MainBundle\Entity\Country;
+use Chill\MainBundle\Entity\Gender;
 use Chill\MainBundle\Entity\GeographicalUnitLayer;
 use Chill\MainBundle\Entity\Language;
 use Chill\MainBundle\Entity\Location;
@@ -59,15 +64,18 @@ use Chill\MainBundle\Entity\LocationType;
 use Chill\MainBundle\Entity\NewsItem;
 use Chill\MainBundle\Entity\Regroupment;
 use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\UserGroup;
 use Chill\MainBundle\Entity\UserJob;
 use Chill\MainBundle\Form\CenterType;
 use Chill\MainBundle\Form\CivilityType;
 use Chill\MainBundle\Form\CountryType;
+use Chill\MainBundle\Form\GenderType;
 use Chill\MainBundle\Form\LanguageType;
 use Chill\MainBundle\Form\LocationFormType;
 use Chill\MainBundle\Form\LocationTypeType;
 use Chill\MainBundle\Form\NewsItemType;
 use Chill\MainBundle\Form\RegroupmentType;
+use Chill\MainBundle\Form\UserGroupType;
 use Chill\MainBundle\Form\UserJobType;
 use Chill\MainBundle\Form\UserType;
 use Misd\PhoneNumberBundle\Doctrine\DBAL\Types\PhoneNumberType;
@@ -353,6 +361,28 @@ class ChillMainExtension extends Extension implements
     {
         $container->prependExtensionConfig('chill_main', [
             'cruds' => [
+                [
+                    'class' => UserGroup::class,
+                    'controller' => UserGroupAdminController::class,
+                    'name' => 'admin_user_group',
+                    'base_path' => '/admin/main/user-group',
+                    'base_role' => 'ROLE_ADMIN',
+                    'form_class' => UserGroupType::class,
+                    'actions' => [
+                        'index' => [
+                            'role' => 'ROLE_ADMIN',
+                            'template' => '@ChillMain/UserGroup/index.html.twig',
+                        ],
+                        'new' => [
+                            'role' => 'ROLE_ADMIN',
+                            'template' => '@ChillMain/UserGroup/new.html.twig',
+                        ],
+                        'edit' => [
+                            'role' => 'ROLE_ADMIN',
+                            'template' => '@ChillMain/UserGroup/edit.html.twig',
+                        ],
+                    ],
+                ],
                 [
                     'class' => UserJob::class,
                     'controller' => UserJobController::class,
@@ -485,6 +515,28 @@ class ChillMainExtension extends Extension implements
                         ],
                     ],
                 ],
+                [
+                    'class' => Gender::class,
+                    'name' => 'main_gender',
+                    'base_path' => '/admin/main/gender',
+                    'base_role' => 'ROLE_ADMIN',
+                    'form_class' => GenderType::class,
+                    'controller' => GenderController::class,
+                    'actions' => [
+                        'index' => [
+                            'role' => 'ROLE_ADMIN',
+                            'template' => '@ChillMain/Gender/index.html.twig',
+                        ],
+                        'new' => [
+                            'role' => 'ROLE_ADMIN',
+                            'template' => '@ChillMain/Gender/new.html.twig',
+                        ],
+                        'edit' => [
+                            'role' => 'ROLE_ADMIN',
+                            'template' => '@ChillMain/Gender/edit.html.twig',
+                        ],
+                    ],
+                ],
                 [
                     'class' => Language::class,
                     'name' => 'main_language',
@@ -788,6 +840,21 @@ class ChillMainExtension extends Extension implements
                         ],
                     ],
                 ],
+                [
+                    'class' => Gender::class,
+                    'name' => 'gender',
+                    'base_path' => '/api/1.0/main/gender',
+                    'base_role' => 'ROLE_USER',
+                    'controller' => GenderApiController::class,
+                    'actions' => [
+                        '_index' => [
+                            'methods' => [
+                                Request::METHOD_GET => true,
+                                Request::METHOD_HEAD => true,
+                            ],
+                        ],
+                    ],
+                ],
                 [
                     'class' => GeographicalUnitLayer::class,
                     'controller' => GeographicalUnitApiController::class,
@@ -803,6 +870,21 @@ class ChillMainExtension extends Extension implements
                         ],
                     ],
                 ],
+                [
+                    'class' => UserGroup::class,
+                    'controller' => UserGroupApiController::class,
+                    'name' => 'user-group',
+                    'base_path' => '/api/1.0/main/user-group',
+                    'base_role' => 'ROLE_USER',
+                    'actions' => [
+                        '_index' => [
+                            'methods' => [
+                                Request::METHOD_GET => true,
+                                Request::METHOD_HEAD => true,
+                            ],
+                        ],
+                    ],
+                ],
             ],
         ]);
     }

src/Bundle/ChillMainBundle/Entity/Gender.php

@@ -0,0 +1,104 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Entity;
+
+use Chill\MainBundle\Repository\GenderRepository;
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Serializer\Annotation as Serializer;
+use Symfony\Component\Validator\Constraints as Assert;
+
+#[Serializer\DiscriminatorMap(typeProperty: 'type', mapping: ['chill_main_gender' => Gender::class])]
+#[ORM\Entity(repositoryClass: GenderRepository::class)]
+#[ORM\Table(name: 'chill_main_gender')]
+class Gender
+{
+    #[Serializer\Groups(['read'])]
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::INTEGER)]
+    private ?int $id = null;
+
+    #[Serializer\Groups(['read'])]
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::JSON)]
+    private array $label = [];
+
+    #[Serializer\Groups(['read'])]
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::BOOLEAN)]
+    private bool $active = true;
+
+    #[Assert\NotNull(message: 'You must choose a gender translation')]
+    #[Serializer\Groups(['read'])]
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::STRING, enumType: GenderEnum::class)]
+    private GenderEnum $genderTranslation;
+
+    #[Serializer\Groups(['read'])]
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::STRING, enumType: GenderIconEnum::class)]
+    private GenderIconEnum $icon;
+
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::FLOAT, name: 'ordering', nullable: true, options: ['default' => '0.0'])]
+    private float $order = 0;
+
+    public function getId(): int
+    {
+        return $this->id;
+    }
+
+    public function getLabel(): array
+    {
+        return $this->label;
+    }
+
+    public function setLabel(array $label): void
+    {
+        $this->label = $label;
+    }
+
+    public function isActive(): bool
+    {
+        return $this->active;
+    }
+
+    public function setActive(bool $active): void
+    {
+        $this->active = $active;
+    }
+
+    public function getGenderTranslation(): GenderEnum
+    {
+        return $this->genderTranslation;
+    }
+
+    public function setGenderTranslation(GenderEnum $genderTranslation): void
+    {
+        $this->genderTranslation = $genderTranslation;
+    }
+
+    public function getIcon(): GenderIconEnum
+    {
+        return $this->icon;
+    }
+
+    public function setIcon(GenderIconEnum $icon): void
+    {
+        $this->icon = $icon;
+    }
+
+    public function getOrder(): float
+    {
+        return $this->order;
+    }
+
+    public function setOrder(float $order): void
+    {
+        $this->order = $order;
+    }
+}

src/Bundle/ChillMainBundle/Entity/GenderEnum.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Entity;
+
+enum GenderEnum: string
+{
+    case MALE = 'man';
+    case FEMALE = 'woman';
+    case NEUTRAL = 'neutral';
+    case UNKNOWN = 'unknown';
+}

src/Bundle/ChillMainBundle/Entity/GenderIconEnum.php

@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Entity;
+
+enum GenderIconEnum: string
+{
+    case MALE = 'bi bi-gender-male';
+    case FEMALE = 'bi bi-gender-female';
+    case NEUTRAL = 'bi bi-gender-neuter';
+    case AMBIGUOUS = 'bi bi-gender-ambiguous';
+    case TRANS = 'bi bi-gender-trans';
+    case UNKNOWN = 'bi bi-question';
+}

src/Bundle/ChillMainBundle/Entity/UserGroup.php

@@ -0,0 +1,244 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Entity;
+
+use Doctrine\Common\Collections\ArrayCollection;
+use Doctrine\Common\Collections\Collection;
+use Doctrine\Common\Collections\Criteria;
+use Doctrine\Common\Collections\Order;
+use Doctrine\Common\Collections\ReadableCollection;
+use Doctrine\Common\Collections\Selectable;
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Serializer\Annotation\DiscriminatorMap;
+use Symfony\Component\Validator\Constraints as Assert;
+
+#[ORM\Entity]
+#[ORM\Table(name: 'chill_main_user_group')]
+// this discriminator key is required for automated denormalization
+#[DiscriminatorMap('type', mapping: ['user_group' => UserGroup::class])]
+class UserGroup
+{
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::INTEGER, nullable: false)]
+    private ?int $id = null;
+
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::BOOLEAN, nullable: false, options: ['default' => true])]
+    private bool $active = true;
+
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::JSON, nullable: false, options: ['default' => '[]'])]
+    private array $label = [];
+
+    /**
+     * @var Collection<int, User>&Selectable<int, User>
+     */
+    #[ORM\ManyToMany(targetEntity: User::class)]
+    #[ORM\JoinTable(name: 'chill_main_user_group_user')]
+    private Collection&Selectable $users;
+
+    /**
+     * @var Collection<int, User>&Selectable<int, User>
+     */
+    #[ORM\ManyToMany(targetEntity: User::class)]
+    #[ORM\JoinTable(name: 'chill_main_user_group_user_admin')]
+    private Collection&Selectable $adminUsers;
+
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::TEXT, nullable: false, options: ['default' => '#ffffffff'])]
+    private string $backgroundColor = '#ffffffff';
+
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::TEXT, nullable: false, options: ['default' => '#000000ff'])]
+    private string $foregroundColor = '#000000ff';
+
+    /**
+     * Groups with same exclude key are mutually exclusive: adding one in a many-to-one relationship
+     * will exclude others.
+     *
+     * An empty string means "no exclusion"
+     */
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::TEXT, nullable: false, options: ['default' => ''])]
+    private string $excludeKey = '';
+
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::TEXT, nullable: false, options: ['default' => ''])]
+    #[Assert\Email]
+    private string $email = '';
+
+    public function __construct()
+    {
+        $this->adminUsers = new ArrayCollection();
+        $this->users = new ArrayCollection();
+    }
+
+    public function isActive(): bool
+    {
+        return $this->active;
+    }
+
+    public function setActive(bool $active): self
+    {
+        $this->active = $active;
+
+        return $this;
+    }
+
+    public function addAdminUser(User $user): self
+    {
+        if (!$this->adminUsers->contains($user)) {
+            $this->adminUsers[] = $user;
+        }
+
+        return $this;
+    }
+
+    public function removeAdminUser(User $user): self
+    {
+        $this->adminUsers->removeElement($user);
+
+        return $this;
+    }
+
+    public function addUser(User $user): self
+    {
+        if (!$this->users->contains($user)) {
+            $this->users[] = $user;
+        }
+
+        return $this;
+    }
+
+    public function removeUser(User $user): self
+    {
+        if ($this->users->contains($user)) {
+            $this->users->removeElement($user);
+        }
+
+        return $this;
+    }
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getLabel(): array
+    {
+        return $this->label;
+    }
+
+    /**
+     * @return Selectable<int, User>&Collection<int, User>
+     */
+    public function getUsers(): Collection&Selectable
+    {
+        return $this->users;
+    }
+
+    /**
+     * @return Selectable<int, User>&Collection<int, User>
+     */
+    public function getAdminUsers(): Collection&Selectable
+    {
+        return $this->adminUsers;
+    }
+
+    public function getForegroundColor(): string
+    {
+        return $this->foregroundColor;
+    }
+
+    public function getExcludeKey(): string
+    {
+        return $this->excludeKey;
+    }
+
+    public function getBackgroundColor(): string
+    {
+        return $this->backgroundColor;
+    }
+
+    public function setForegroundColor(string $foregroundColor): self
+    {
+        $this->foregroundColor = $foregroundColor;
+
+        return $this;
+    }
+
+    public function setBackgroundColor(string $backgroundColor): self
+    {
+        $this->backgroundColor = $backgroundColor;
+
+        return $this;
+    }
+
+    public function setExcludeKey(string $excludeKey): self
+    {
+        $this->excludeKey = $excludeKey;
+
+        return $this;
+    }
+
+    public function setLabel(array $label): self
+    {
+        $this->label = $label;
+
+        return $this;
+    }
+
+    public function getEmail(): string
+    {
+        return $this->email;
+    }
+
+    public function setEmail(string $email): self
+    {
+        $this->email = $email;
+
+        return $this;
+    }
+
+    public function hasEmail(): bool
+    {
+        return '' !== $this->email;
+    }
+
+    /**
+     * Checks if the current object is an instance of the UserGroup class.
+     *
+     * In use in twig template, to discriminate when there an object can be polymorphic.
+     *
+     * @return bool returns true if the current object is an instance of UserGroup, false otherwise
+     */
+    public function isUserGroup(): bool
+    {
+        return true;
+    }
+
+    public function contains(User $user): bool
+    {
+        return $this->users->contains($user);
+    }
+
+    public function getUserListByLabelAscending(): ReadableCollection
+    {
+        $criteria = Criteria::create();
+        $criteria->orderBy(['label' => Order::Ascending]);
+
+        return $this->getUsers()->matching($criteria);
+    }
+
+    public function getAdminUserListByLabelAscending(): ReadableCollection
+    {
+        $criteria = Criteria::create();
+        $criteria->orderBy(['label' => Order::Ascending]);
+
+        return $this->getAdminUsers()->matching($criteria);
+    }
+}

src/Bundle/ChillMainBundle/Entity/Workflow/EntityWorkflow.php

@@ -243,6 +243,9 @@ class EntityWorkflow implements TrackCreationInterface, TrackUpdateInterface
         throw new \RuntimeException();
     }
 
+    /**
+     * @return Selectable<int, EntityWorkflowStep>&Collection<int, EntityWorkflowStep>
+     */
     public function getSteps(): Collection&Selectable
     {
         return $this->steps;
@@ -431,6 +434,7 @@ class EntityWorkflow implements TrackCreationInterface, TrackUpdateInterface
         $previousStep = $this->getCurrentStep();
 
         $previousStep
+            ->setComment($transitionContextDTO->comment)
             ->setTransitionAfter($transition)
             ->setTransitionAt($transitionAt)
             ->setTransitionBy($byUser);
@@ -442,18 +446,18 @@ class EntityWorkflow implements TrackCreationInterface, TrackUpdateInterface
             $newStep->addCcUser($user);
         }
 
-        foreach ($transitionContextDTO->futureDestUsers as $user) {
+        foreach ($transitionContextDTO->getFutureDestUsers() as $user) {
             $newStep->addDestUser($user);
         }
 
+        foreach ($transitionContextDTO->getFutureDestUserGroups() as $userGroup) {
+            $newStep->addDestUserGroup($userGroup);
+        }
+
         if (null !== $transitionContextDTO->futureUserSignature) {
             $newStep->addDestUser($transitionContextDTO->futureUserSignature);
         }
 
-        foreach ($transitionContextDTO->futureDestEmails as $email) {
-            $newStep->addDestEmail($email);
-        }
-
         if (null !== $transitionContextDTO->futureUserSignature) {
             new EntityWorkflowStepSignature($newStep, $transitionContextDTO->futureUserSignature);
         } else {
@@ -462,6 +466,13 @@ class EntityWorkflow implements TrackCreationInterface, TrackUpdateInterface
             }
         }
 
+        foreach ($transitionContextDTO->futureDestineeThirdParties as $thirdParty) {
+            new EntityWorkflowSend($newStep, $thirdParty, $transitionAt->add(new \DateInterval('P30D')));
+        }
+        foreach ($transitionContextDTO->futureDestineeEmails as $email) {
+            new EntityWorkflowSend($newStep, $email, $transitionAt->add(new \DateInterval('P30D')));
+        }
+
         // copy the freeze
         if ($this->isFreeze()) {
             $newStep->setFreezeAfter(true);

src/Bundle/ChillMainBundle/Entity/Workflow/EntityWorkflowSend.php

@@ -0,0 +1,227 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Entity\Workflow;
+
+use Chill\MainBundle\Doctrine\Model\TrackCreationInterface;
+use Chill\MainBundle\Doctrine\Model\TrackCreationTrait;
+use Chill\ThirdPartyBundle\Entity\ThirdParty;
+use Doctrine\Common\Collections\ArrayCollection;
+use Doctrine\Common\Collections\Collection;
+use Doctrine\DBAL\Types\Types;
+use Doctrine\ORM\Mapping as ORM;
+use Ramsey\Uuid\Uuid;
+use Ramsey\Uuid\UuidInterface;
+use Random\Randomizer;
+
+/**
+ * An entity which stores then sending of a workflow's content to
+ * some external entity.
+ */
+#[ORM\Entity]
+#[ORM\Table(name: 'chill_main_workflow_entity_send')]
+class EntityWorkflowSend implements TrackCreationInterface
+{
+    use TrackCreationTrait;
+
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column(type: Types::INTEGER)]
+    private ?int $id = null;
+
+    #[ORM\ManyToOne(targetEntity: ThirdParty::class)]
+    #[ORM\JoinColumn(nullable: true)]
+    private ?ThirdParty $destineeThirdParty = null;
+
+    #[ORM\Column(type: Types::TEXT, nullable: false, options: ['default' => ''])]
+    private string $destineeEmail = '';
+
+    #[ORM\Column(type: 'uuid', unique: true, nullable: false)]
+    private UuidInterface $uuid;
+
+    #[ORM\Column(type: Types::STRING, length: 255, nullable: false)]
+    private string $privateToken;
+
+    #[ORM\Column(type: Types::INTEGER, nullable: false, options: ['default' => 0])]
+    private int $numberOfErrorTrials = 0;
+
+    /**
+     * @var Collection<int, EntityWorkflowSendView>
+     */
+    #[ORM\OneToMany(mappedBy: 'send', targetEntity: EntityWorkflowSendView::class, cascade: ['remove'])]
+    private Collection $views;
+
+    public function __construct(
+        #[ORM\ManyToOne(targetEntity: EntityWorkflowStep::class, inversedBy: 'sends')]
+        #[ORM\JoinColumn(nullable: false)]
+        private EntityWorkflowStep $entityWorkflowStep,
+        string|ThirdParty $destinee,
+        #[ORM\Column(type: Types::DATETIME_IMMUTABLE, nullable: false)]
+        private \DateTimeImmutable $expireAt,
+    ) {
+        $this->uuid = Uuid::uuid4();
+        $random = new Randomizer();
+        $this->privateToken = bin2hex($random->getBytes(48));
+
+        $this->entityWorkflowStep->addSend($this);
+
+        if ($destinee instanceof ThirdParty) {
+            $this->destineeThirdParty = $destinee;
+        } else {
+            $this->destineeEmail = $destinee;
+        }
+
+        $this->views = new ArrayCollection();
+    }
+
+    /**
+     * @internal use the @see{EntityWorkflowSendView}'s constructor instead
+     */
+    public function addView(EntityWorkflowSendView $view): self
+    {
+        if (!$this->views->contains($view)) {
+            $this->views->add($view);
+        }
+
+        return $this;
+    }
+
+    public function getDestineeEmail(): string
+    {
+        return $this->destineeEmail;
+    }
+
+    public function getDestineeThirdParty(): ?ThirdParty
+    {
+        return $this->destineeThirdParty;
+    }
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getNumberOfErrorTrials(): int
+    {
+        return $this->numberOfErrorTrials;
+    }
+
+    public function getPrivateToken(): string
+    {
+        return $this->privateToken;
+    }
+
+    public function getEntityWorkflowStep(): EntityWorkflowStep
+    {
+        return $this->entityWorkflowStep;
+    }
+
+    public function getEntityWorkflowStepChained(): ?EntityWorkflowStep
+    {
+        foreach ($this->getEntityWorkflowStep()->getEntityWorkflow()->getStepsChained() as $step) {
+            if ($this->getEntityWorkflowStep() === $step) {
+                return $step;
+            }
+        }
+
+        return null;
+    }
+
+    public function getUuid(): UuidInterface
+    {
+        return $this->uuid;
+    }
+
+    public function getExpireAt(): \DateTimeImmutable
+    {
+        return $this->expireAt;
+    }
+
+    public function getViews(): Collection
+    {
+        return $this->views;
+    }
+
+    public function increaseErrorTrials(): void
+    {
+        $this->numberOfErrorTrials = $this->numberOfErrorTrials + 1;
+    }
+
+    public function getDestinee(): string|ThirdParty
+    {
+        if (null !== $this->getDestineeThirdParty()) {
+            return $this->getDestineeThirdParty();
+        }
+
+        return $this->getDestineeEmail();
+    }
+
+    /**
+     * Determines the kind of destinee based on whether the destinee is a thirdParty or an emailAddress.
+     *
+     * @return 'thirdParty'|'email' 'thirdParty' if the destinee is a third party, 'email' otherwise
+     */
+    public function getDestineeKind(): string
+    {
+        if (null !== $this->getDestineeThirdParty()) {
+            return 'thirdParty';
+        }
+
+        return 'email';
+    }
+
+    public function isViewed(): bool
+    {
+        return $this->views->count() > 0;
+    }
+
+    public function isExpired(?\DateTimeImmutable $now = null): bool
+    {
+        return ($now ?? new \DateTimeImmutable('now')) >= $this->expireAt;
+    }
+
+    /**
+     * Retrieves the most recent view.
+     *
+     * @return EntityWorkflowSendView|null returns the last view or null if there are no views
+     */
+    public function getLastView(): ?EntityWorkflowSendView
+    {
+        $last = null;
+        foreach ($this->views as $view) {
+            if (null === $last) {
+                $last = $view;
+            } else {
+                if ($view->getViewAt() > $last->getViewAt()) {
+                    $last = $view;
+                }
+            }
+        }
+
+        return $last;
+    }
+
+    /**
+     * Retrieves an array of views grouped by their remote IP address.
+     *
+     * @return array<string, list<EntityWorkflowSendView>> an associative array where the keys are IP addresses and the values are arrays of views associated with those IPs
+     */
+    public function getViewsByIp(): array
+    {
+        $views = [];
+
+        foreach ($this->getViews() as $view) {
+            $views[$view->getRemoteIp()][] = $view;
+        }
+
+        return $views;
+    }
+}

src/Bundle/ChillMainBundle/Entity/Workflow/EntityWorkflowSendView.php

@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Entity\Workflow;
+
+use Doctrine\DBAL\Types\Types;
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * Register the viewing action from an external destinee.
+ */
+#[ORM\Entity(readOnly: true)]
+#[ORM\Table(name: 'chill_main_workflow_entity_send_views')]
+class EntityWorkflowSendView
+{
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column(type: Types::INTEGER)]
+    private ?int $id = null;
+
+    public function __construct(
+        #[ORM\ManyToOne(targetEntity: EntityWorkflowSend::class, inversedBy: 'views')]
+        #[ORM\JoinColumn(nullable: false)]
+        private EntityWorkflowSend $send,
+        #[ORM\Column(type: Types::DATETIME_IMMUTABLE)]
+        private \DateTimeInterface $viewAt,
+        #[ORM\Column(type: Types::TEXT)]
+        private string $remoteIp = '',
+    ) {
+        $this->send->addView($this);
+    }
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getRemoteIp(): string
+    {
+        return $this->remoteIp;
+    }
+
+    public function getSend(): EntityWorkflowSend
+    {
+        return $this->send;
+    }
+
+    public function getViewAt(): \DateTimeInterface
+    {
+        return $this->viewAt;
+    }
+}

src/Bundle/ChillMainBundle/Entity/Workflow/EntityWorkflowStep.php

@@ -12,6 +12,7 @@ declare(strict_types=1);
 namespace Chill\MainBundle\Entity\Workflow;
 
 use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\UserGroup;
 use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\Common\Collections\Collection;
 use Doctrine\ORM\Mapping as ORM;
@@ -48,6 +49,13 @@ class EntityWorkflowStep
     #[ORM\JoinTable(name: 'chill_main_workflow_entity_step_user')]
     private Collection $destUser;
 
+    /**
+     * @var Collection<int, UserGroup>
+     */
+    #[ORM\ManyToMany(targetEntity: UserGroup::class)]
+    #[ORM\JoinTable(name: 'chill_main_workflow_entity_step_user_group')]
+    private Collection $destUserGroups;
+
     /**
      * @var Collection<int, User>
      */
@@ -58,7 +66,7 @@ class EntityWorkflowStep
     /**
      * @var Collection <int, EntityWorkflowStepSignature>
      */
-    #[ORM\OneToMany(mappedBy: 'step', targetEntity: EntityWorkflowStepSignature::class, cascade: ['persist'], orphanRemoval: true)]
+    #[ORM\OneToMany(mappedBy: 'step', targetEntity: EntityWorkflowStepSignature::class, cascade: ['persist', 'remove'], orphanRemoval: true)]
     private Collection $signatures;
 
     #[ORM\ManyToOne(targetEntity: EntityWorkflow::class, inversedBy: 'steps')]
@@ -104,13 +112,21 @@ class EntityWorkflowStep
     #[ORM\OneToMany(mappedBy: 'step', targetEntity: EntityWorkflowStepHold::class)]
     private Collection $holdsOnStep;
 
+    /**
+     * @var Collection<int, EntityWorkflowSend>
+     */
+    #[ORM\OneToMany(mappedBy: 'entityWorkflowStep', targetEntity: EntityWorkflowSend::class, cascade: ['persist', 'remove'], orphanRemoval: true)]
+    private Collection $sends;
+
     public function __construct()
     {
         $this->ccUser = new ArrayCollection();
         $this->destUser = new ArrayCollection();
+        $this->destUserGroups = new ArrayCollection();
         $this->destUserByAccessKey = new ArrayCollection();
         $this->signatures = new ArrayCollection();
         $this->holdsOnStep = new ArrayCollection();
+        $this->sends = new ArrayCollection();
         $this->accessKey = bin2hex(openssl_random_pseudo_bytes(32));
     }
 
@@ -123,6 +139,9 @@ class EntityWorkflowStep
         return $this;
     }
 
+    /**
+     * @deprecated
+     */
     public function addDestEmail(string $email): self
     {
         if (!\in_array($email, $this->destEmail, true)) {
@@ -141,6 +160,22 @@ class EntityWorkflowStep
         return $this;
     }
 
+    public function addDestUserGroup(UserGroup $userGroup): self
+    {
+        if (!$this->destUserGroups->contains($userGroup)) {
+            $this->destUserGroups[] = $userGroup;
+        }
+
+        return $this;
+    }
+
+    public function removeDestUserGroup(UserGroup $userGroup): self
+    {
+        $this->destUserGroups->removeElement($userGroup);
+
+        return $this;
+    }
+
     public function addDestUserByAccessKey(User $user): self
     {
         if (!$this->destUserByAccessKey->contains($user) && !$this->destUser->contains($user)) {
@@ -162,6 +197,18 @@ class EntityWorkflowStep
         return $this;
     }
 
+    /**
+     * @internal use @see{EntityWorkflowSend}'s constructor instead
+     */
+    public function addSend(EntityWorkflowSend $send): self
+    {
+        if (!$this->sends->contains($send)) {
+            $this->sends[] = $send;
+        }
+
+        return $this;
+    }
+
     public function removeSignature(EntityWorkflowStepSignature $signature): self
     {
         if ($this->signatures->contains($signature)) {
@@ -178,7 +225,9 @@ class EntityWorkflowStep
 
     /**
      * get all the users which are allowed to apply a transition: those added manually, and
-     * those added automatically bu using an access key.
+     * those added automatically by using an access key.
+     *
+     * This method exclude the users associated with user groups
      *
      * @psalm-suppress DuplicateArrayKey
      */
@@ -192,6 +241,14 @@ class EntityWorkflowStep
         );
     }
 
+    /**
+     * @return Collection<int, UserGroup>
+     */
+    public function getDestUserGroups(): Collection
+    {
+        return $this->destUserGroups;
+    }
+
     public function getCcUser(): Collection
     {
         return $this->ccUser;
@@ -207,6 +264,11 @@ class EntityWorkflowStep
         return $this->currentStep;
     }
 
+    /**
+     * @return array<string>
+     *
+     * @deprecated
+     */
     public function getDestEmail(): array
     {
         return $this->destEmail;
@@ -241,6 +303,14 @@ class EntityWorkflowStep
         return $this->signatures;
     }
 
+    /**
+     * @return Collection<int, EntityWorkflowSend>
+     */
+    public function getSends(): Collection
+    {
+        return $this->sends;
+    }
+
     public function getId(): ?int
     {
         return $this->id;

src/Bundle/ChillMainBundle/Entity/Workflow/EntityWorkflowStepSignature.php

@@ -161,6 +161,16 @@ class EntityWorkflowStepSignature implements TrackCreationInterface, TrackUpdate
         return EntityWorkflowSignatureStateEnum::PENDING == $this->getState();
     }
 
+    public function isCanceled(): bool
+    {
+        return EntityWorkflowSignatureStateEnum::CANCELED === $this->getState();
+    }
+
+    public function isRejected(): bool
+    {
+        return EntityWorkflowSignatureStateEnum::REJECTED === $this->getState();
+    }
+
     /**
      * Checks whether all signatures associated with a given workflow step are not pending.
      *

src/Bundle/ChillMainBundle/Form/GenderType.php

@@ -0,0 +1,64 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Form;
+
+use Chill\MainBundle\Entity\Gender;
+use Chill\MainBundle\Entity\GenderEnum;
+use Chill\MainBundle\Entity\GenderIconEnum;
+use Chill\MainBundle\Form\Type\TranslatableStringFormType;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
+use Symfony\Component\Form\Extension\Core\Type\EnumType;
+use Symfony\Component\Form\Extension\Core\Type\NumberType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+
+class GenderType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder
+            ->add('label', TranslatableStringFormType::class, [
+                'required' => true,
+            ])
+            ->add('icon', EnumType::class, [
+                'class' => GenderIconEnum::class,
+                'choices' => GenderIconEnum::cases(),
+                'expanded' => true,
+                'multiple' => false,
+                'mapped' => true,
+                'choice_label' => fn (GenderIconEnum $enum) => '<i class="'.strtolower($enum->value).'"></i>',
+                'choice_value' => fn (?GenderIconEnum $enum) => null !== $enum ? $enum->value : null,
+                'label' => 'gender.admin.Select gender icon',
+                'label_html' => true,
+            ])
+            ->add('genderTranslation', EnumType::class, [
+                'class' => GenderEnum::class,
+                'choice_label' => fn (GenderEnum $enum) => $enum->value,
+                'label' => 'gender.admin.Select gender translation',
+            ])
+            ->add('active', ChoiceType::class, [
+                'choices' => [
+                    'Active' => true,
+                    'Inactive' => false,
+                ],
+            ])
+            ->add('order', NumberType::class);
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([
+            'data_class' => Gender::class,
+        ]);
+    }
+}

src/Bundle/ChillMainBundle/Form/Type/ChillCollectionType.php

@@ -36,6 +36,7 @@ class ChillCollectionType extends AbstractType
         $view->vars['identifier'] = $options['identifier'];
         $view->vars['empty_collection_explain'] = $options['empty_collection_explain'];
         $view->vars['js_caller'] = $options['js_caller'];
+        $view->vars['uniqid'] = uniqid();
     }
 
     public function configureOptions(OptionsResolver $resolver)

src/Bundle/ChillMainBundle/Form/Type/ComposedGroupCenterType.php

@@ -13,36 +13,30 @@ namespace Chill\MainBundle\Form\Type;
 
 use Chill\MainBundle\Entity\Center;
 use Chill\MainBundle\Entity\PermissionsGroup;
-use Doctrine\ORM\EntityRepository;
+use Chill\MainBundle\Repository\CenterRepository;
 use Symfony\Bridge\Doctrine\Form\Type\EntityType;
 use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
 use Symfony\Component\Form\FormBuilderInterface;
-use Symfony\Component\OptionsResolver\OptionsResolver;
 
 class ComposedGroupCenterType extends AbstractType
 {
+    public function __construct(private readonly CenterRepository $centerRepository) {}
+
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
+        $centers = $this->centerRepository->findActive();
+
         $builder->add('permissionsgroup', EntityType::class, [
             'class' => PermissionsGroup::class,
             'choice_label' => static fn (PermissionsGroup $group) => $group->getName(),
-        ])->add('center', EntityType::class, [
-            'class' => Center::class,
-            'query_builder' => static function (EntityRepository $er) {
-                $qb = $er->createQueryBuilder('c');
-                $qb->where($qb->expr()->eq('c.isActive', 'TRUE'))
-                    ->orderBy('c.name', 'ASC');
-
-                return $qb;
-            },
+        ])->add('center', ChoiceType::class, [
+            'choices' => $centers,
+            'choice_label' => fn (Center $center) => $center->getName(),
+            'multiple' => true,
         ]);
     }
 
-    public function configureOptions(OptionsResolver $resolver)
-    {
-        $resolver->setDefault('data_class', \Chill\MainBundle\Entity\GroupCenter::class);
-    }
-
     public function getBlockPrefix()
     {
         return 'composed_groupcenter';

src/Bundle/ChillMainBundle/Form/Type/DataTransformer/EntityToJsonTransformer.php

@@ -12,6 +12,8 @@ declare(strict_types=1);
 namespace Chill\MainBundle\Form\Type\DataTransformer;
 
 use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\UserGroup;
+use Chill\MainBundle\Serializer\Normalizer\DiscriminatedObjectDenormalizer;
 use Chill\PersonBundle\Entity\Person;
 use Chill\ThirdPartyBundle\Entity\ThirdParty;
 use Symfony\Component\Form\DataTransformerInterface;
@@ -26,10 +28,14 @@ class EntityToJsonTransformer implements DataTransformerInterface
 
     public function reverseTransform($value)
     {
-        if ('' === $value) {
+        if (false === $this->multiple && '' === $value) {
             return null;
         }
 
+        if ($this->multiple && [] === $value) {
+            return [];
+        }
+
         $denormalized = json_decode((string) $value, true, 512, JSON_THROW_ON_ERROR);
 
         if ($this->multiple) {
@@ -74,15 +80,23 @@ class EntityToJsonTransformer implements DataTransformerInterface
             'user' => User::class,
             'person' => Person::class,
             'thirdparty' => ThirdParty::class,
+            'user_group' => UserGroup::class,
+            'user_group_or_user' => DiscriminatedObjectDenormalizer::TYPE,
             default => throw new \UnexpectedValueException('This type is not supported'),
         };
 
+        $context = [AbstractNormalizer::GROUPS => ['read']];
+
+        if ('user_group_or_user' === $this->type) {
+            $context[DiscriminatedObjectDenormalizer::ALLOWED_TYPES] = [UserGroup::class, User::class];
+        }
+
         return
             $this->denormalizer->denormalize(
                 ['type' => $item['type'], 'id' => $item['id']],
                 $class,
                 'json',
-                [AbstractNormalizer::GROUPS => ['read']],
+                $context,
             );
     }
 }

src/Bundle/ChillMainBundle/Form/Type/PickUserDynamicType.php

@@ -18,16 +18,30 @@ use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\Form\FormInterface;
 use Symfony\Component\Form\FormView;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
 use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
 use Symfony\Component\Serializer\SerializerInterface;
 
 /**
  * Pick user dymically, using vuejs module "AddPerson".
+ *
+ * Possible options:
+ *
+ * - `multiple`: pick one or more users
+ * - `suggested`: a list of suggested users
+ * - `suggest_myself`: append the current user to the list of suggested
+ * - `as_id`: only the id will be set in the returned data
+ * - `submit_on_adding_new_entity`: the browser will immediately submit the form when new users are checked
  */
 class PickUserDynamicType extends AbstractType
 {
-    public function __construct(private readonly DenormalizerInterface $denormalizer, private readonly SerializerInterface $serializer, private readonly NormalizerInterface $normalizer) {}
+    public function __construct(
+        private readonly DenormalizerInterface $denormalizer,
+        private readonly SerializerInterface $serializer,
+        private readonly NormalizerInterface $normalizer,
+        private readonly Security $security,
+    ) {}
 
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
@@ -46,6 +60,12 @@ class PickUserDynamicType extends AbstractType
         foreach ($options['suggested'] as $user) {
             $view->vars['suggested'][] = $this->normalizer->normalize($user, 'json', ['groups' => 'read']);
         }
+        $user = $this->security->getUser();
+        if ($user instanceof User) {
+            if (true === $options['suggest_myself'] && !in_array($user, $options['suggested'], true)) {
+                $view->vars['suggested'][] = $this->normalizer->normalize($user, 'json', ['groups' => 'read']);
+            }
+        }
     }
 
     public function configureOptions(OptionsResolver $resolver)
@@ -54,6 +74,8 @@ class PickUserDynamicType extends AbstractType
             ->setDefault('multiple', false)
             ->setAllowedTypes('multiple', ['bool'])
             ->setDefault('compound', false)
+            ->setDefault('suggest_myself', false)
+            ->setAllowedTypes('suggest_myself', ['bool'])
             ->setDefault('suggested', [])
             // if set to true, only the id will be set inside the content. The denormalization will not work.
             ->setDefault('as_id', false)

src/Bundle/ChillMainBundle/Form/Type/PickUserGroupOrUserDynamicType.php

@@ -0,0 +1,83 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Form\Type;
+
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Form\Type\DataTransformer\EntityToJsonTransformer;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\Form\FormInterface;
+use Symfony\Component\Form\FormView;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
+use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
+use Symfony\Component\Serializer\SerializerInterface;
+
+/**
+ * Entity which picks a user **or** a user group.
+ */
+final class PickUserGroupOrUserDynamicType extends AbstractType
+{
+    public function __construct(
+        private readonly DenormalizerInterface $denormalizer,
+        private readonly SerializerInterface $serializer,
+        private readonly NormalizerInterface $normalizer,
+        private readonly Security $security,
+    ) {}
+
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        $builder->addViewTransformer(new EntityToJsonTransformer($this->denormalizer, $this->serializer, $options['multiple'], 'user_group_or_user'));
+    }
+
+    public function buildView(FormView $view, FormInterface $form, array $options)
+    {
+        $view->vars['multiple'] = $options['multiple'];
+        $view->vars['types'] = ['user-group', 'user'];
+        $view->vars['uniqid'] = uniqid('pick_usergroup_dyn');
+        $view->vars['suggested'] = [];
+        $view->vars['as_id'] = true === $options['as_id'] ? '1' : '0';
+        $view->vars['submit_on_adding_new_entity'] = true === $options['submit_on_adding_new_entity'] ? '1' : '0';
+
+        foreach ($options['suggested'] as $userGroup) {
+            $view->vars['suggested'][] = $this->normalizer->normalize($userGroup, 'json', ['groups' => 'read']);
+        }
+        $user = $this->security->getUser();
+        if ($user instanceof User) {
+            if (true === $options['suggest_myself'] && !in_array($user, $options['suggested'], true)) {
+                $view->vars['suggested'][] = $this->normalizer->normalize($user, 'json', ['groups' => 'read']);
+            }
+        }
+    }
+
+    public function configureOptions(OptionsResolver $resolver)
+    {
+        $resolver
+            ->setDefault('multiple', false)
+            ->setAllowedTypes('multiple', ['bool'])
+            ->setDefault('compound', false)
+            ->setDefault('suggested', [])
+            ->setDefault('suggest_myself', false)
+            ->setAllowedTypes('suggest_myself', ['bool'])
+            // if set to true, only the id will be set inside the content. The denormalization will not work.
+            ->setDefault('as_id', false)
+            ->setAllowedTypes('as_id', ['bool'])
+            ->setDefault('submit_on_adding_new_entity', false)
+            ->setAllowedTypes('submit_on_adding_new_entity', ['bool']);
+    }
+
+    public function getBlockPrefix()
+    {
+        return 'pick_entity_dynamic';
+    }
+}

src/Bundle/ChillMainBundle/Form/UserGroupType.php

@@ -0,0 +1,65 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Form;
+
+use Chill\MainBundle\Form\Type\PickUserDynamicType;
+use Chill\MainBundle\Form\Type\TranslatableStringFormType;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\ColorType;
+use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
+use Symfony\Component\Form\FormBuilderInterface;
+
+class UserGroupType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        $builder
+            ->add('label', TranslatableStringFormType::class, [
+                'label' => 'user_group.Label',
+                'required' => true,
+            ])
+            ->add('active')
+            ->add('backgroundColor', ColorType::class, [
+                'label' => 'user_group.BackgroundColor',
+            ])
+            ->add('foregroundColor', ColorType::class, [
+                'label' => 'user_group.ForegroundColor',
+            ])
+            ->add('email', EmailType::class, [
+                'label' => 'user_group.Email',
+                'help' => 'user_group.EmailHelp',
+                'empty_data' => '',
+                'required' => false,
+            ])
+            ->add('excludeKey', TextType::class, [
+                'label' => 'user_group.ExcludeKey',
+                'help' => 'user_group.ExcludeKeyHelp',
+                'required' => false,
+                'empty_data' => '',
+            ])
+            ->add('users', PickUserDynamicType::class, [
+                'label' => 'user_group.Users',
+                'multiple' => true,
+                'required' => false,
+                'empty_data' => [],
+            ])
+            ->add('adminUsers', PickUserDynamicType::class, [
+                'label' => 'user_group.adminUsers',
+                'multiple' => true,
+                'required' => false,
+                'empty_data' => [],
+                'help' => 'user_group.adminUsersHelp',
+            ])
+        ;
+    }
+}

src/Bundle/ChillMainBundle/Form/WorkflowStepType.php

@@ -15,19 +15,18 @@ use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
 use Chill\MainBundle\Form\Type\ChillCollectionType;
 use Chill\MainBundle\Form\Type\ChillTextareaType;
 use Chill\MainBundle\Form\Type\PickUserDynamicType;
+use Chill\MainBundle\Form\Type\PickUserGroupOrUserDynamicType;
 use Chill\MainBundle\Templating\TranslatableStringHelperInterface;
+use Chill\MainBundle\Workflow\EntityWorkflowManager;
 use Chill\MainBundle\Workflow\WorkflowTransitionContextDTO;
 use Chill\PersonBundle\Form\Type\PickPersonDynamicType;
+use Chill\ThirdPartyBundle\Form\Type\PickThirdpartyDynamicType;
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
 use Symfony\Component\Form\Extension\Core\Type\EmailType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
-use Symfony\Component\Validator\Constraints\Callback;
-use Symfony\Component\Validator\Constraints\Email;
-use Symfony\Component\Validator\Constraints\NotBlank;
 use Symfony\Component\Validator\Constraints\NotNull;
-use Symfony\Component\Validator\Context\ExecutionContextInterface;
 use Symfony\Component\Workflow\Registry;
 use Symfony\Component\Workflow\Transition;
 
@@ -36,6 +35,7 @@ class WorkflowStepType extends AbstractType
     public function __construct(
         private readonly Registry $registry,
         private readonly TranslatableStringHelperInterface $translatableStringHelper,
+        private readonly EntityWorkflowManager $entityWorkflowManager,
     ) {}
 
     public function buildForm(FormBuilderInterface $builder, array $options)
@@ -45,6 +45,9 @@ class WorkflowStepType extends AbstractType
         $workflow = $this->registry->get($entityWorkflow, $entityWorkflow->getWorkflowName());
         $place = $workflow->getMarking($entityWorkflow);
         $placeMetadata = $workflow->getMetadataStore()->getPlaceMetadata(array_keys($place->getPlaces())[0]);
+        $suggestedUsers = $this->entityWorkflowManager->getSuggestedUsers($entityWorkflow);
+        $suggestedThirdParties = $this->entityWorkflowManager->getSuggestedThirdParties($entityWorkflow);
+        $suggestedPersons = $this->entityWorkflowManager->getSuggestedPersons($entityWorkflow);
 
         if (null === $options['entity_workflow']) {
             throw new \LogicException('if transition is true, entity_workflow should be defined');
@@ -86,7 +89,6 @@ class WorkflowStepType extends AbstractType
         $builder
             ->add('transition', ChoiceType::class, [
                 'label' => 'workflow.Next step',
-                'mapped' => false,
                 'multiple' => false,
                 'expanded' => true,
                 'choices' => $choices,
@@ -104,6 +106,7 @@ class WorkflowStepType extends AbstractType
                     $toFinal = true;
                     $isForward = 'neutral';
                     $isSignature = [];
+                    $isSentExternal = false;
 
                     $metadata = $workflow->getMetadataStore()->getTransitionMetadata($transition);
 
@@ -127,6 +130,8 @@ class WorkflowStepType extends AbstractType
                         if (\array_key_exists('isSignature', $meta)) {
                             $isSignature = $meta['isSignature'];
                         }
+
+                        $isSentExternal = $isSentExternal ? true : $meta['isSentExternal'] ?? false;
                     }
 
                     return [
@@ -134,6 +139,7 @@ class WorkflowStepType extends AbstractType
                         'data-to-final' => $toFinal ? '1' : '0',
                         'data-is-forward' => $isForward,
                         'data-is-signature' => json_encode($isSignature),
+                        'data-is-sent-external' => $isSentExternal ? '1' : '0',
                     ];
                 },
             ])
@@ -151,39 +157,49 @@ class WorkflowStepType extends AbstractType
                 'label' => 'workflow.signature_zone.person signatures',
                 'multiple' => true,
                 'empty_data' => '[]',
+                'suggested' => $suggestedPersons,
             ])
             ->add('futureUserSignature', PickUserDynamicType::class, [
                 'label' => 'workflow.signature_zone.user signature',
                 'multiple' => false,
+                'suggest_myself' => true,
+                'suggested' => $suggestedUsers,
             ])
-            ->add('futureDestUsers', PickUserDynamicType::class, [
+            ->add('futureDestUsers', PickUserGroupOrUserDynamicType::class, [
                 'label' => 'workflow.dest for next steps',
                 'multiple' => true,
                 'empty_data' => '[]',
-                'suggested' => $options['suggested_users'],
+                'suggested' => $suggestedUsers,
+                'suggest_myself' => true,
             ])
             ->add('futureCcUsers', PickUserDynamicType::class, [
                 'label' => 'workflow.cc for next steps',
                 'multiple' => true,
                 'required' => false,
-                'suggested' => $options['suggested_users'],
+                'suggested' => $suggestedUsers,
                 'empty_data' => '[]',
                 'attr' => ['class' => 'future-cc-users'],
+                'suggest_myself' => true,
             ])
-            ->add('futureDestEmails', ChillCollectionType::class, [
-                'label' => 'workflow.dest by email',
-                'help' => 'workflow.dest by email help',
-                'allow_add' => true,
+            ->add('futureDestineeEmails', ChillCollectionType::class, [
                 'entry_type' => EmailType::class,
-                'button_add_label' => 'workflow.Add an email',
-                'button_remove_label' => 'workflow.Remove an email',
-                'empty_collection_explain' => 'workflow.Any email',
                 'entry_options' => [
-                    'constraints' => [
-                        new NotNull(), new NotBlank(), new Email(),
-                    ],
-                    'label' => 'Email',
+                    'empty_data' => '',
                 ],
+                'allow_add' => true,
+                'allow_delete' => true,
+                'delete_empty' => static fn (?string $email) => '' === $email || null === $email,
+                'button_add_label' => 'workflow.transition_destinee_add_emails',
+                'button_remove_label' => 'workflow.transition_destinee_remove_emails',
+                'help' => 'workflow.transition_destinee_emails_help',
+                'label' => 'workflow.transition_destinee_emails_label',
+            ])
+            ->add('futureDestineeThirdParties', PickThirdpartyDynamicType::class, [
+                'label' => 'workflow.transition_destinee_third_party',
+                'help' => 'workflow.transition_destinee_third_party_help',
+                'multiple' => true,
+                'empty_data' => [],
+                'suggested' => $suggestedThirdParties,
             ]);
 
         $builder
@@ -199,40 +215,6 @@ class WorkflowStepType extends AbstractType
         $resolver
             ->setDefault('data_class', WorkflowTransitionContextDTO::class)
             ->setRequired('entity_workflow')
-            ->setAllowedTypes('entity_workflow', EntityWorkflow::class)
-            ->setDefault('suggested_users', [])
-            ->setDefault('constraints', [
-                new Callback(
-                    function (WorkflowTransitionContextDTO $step, ExecutionContextInterface $context, $payload) {
-                        $workflow = $this->registry->get($step->entityWorkflow, $step->entityWorkflow->getWorkflowName());
-                        $transition = $step->transition;
-                        $toFinal = true;
-
-                        if (null === $transition) {
-                            $context
-                                ->buildViolation('workflow.You must select a next step, pick another decision if no next steps are available');
-                        } else {
-                            foreach ($transition->getTos() as $to) {
-                                $meta = $workflow->getMetadataStore()->getPlaceMetadata($to);
-
-                                if (
-                                    !\array_key_exists('isFinal', $meta) || false === $meta['isFinal']
-                                ) {
-                                    $toFinal = false;
-                                }
-                            }
-                            $destUsers = $step->futureDestUsers;
-                            $destEmails = $step->futureDestEmails;
-
-                            if (!$toFinal && [] === $destUsers && [] === $destEmails) {
-                                $context
-                                    ->buildViolation('workflow.You must add at least one dest user or email')
-                                    ->atPath('future_dest_users')
-                                    ->addViolation();
-                            }
-                        }
-                    }
-                ),
-            ]);
+            ->setAllowedTypes('entity_workflow', EntityWorkflow::class);
     }
 }

src/Bundle/ChillMainBundle/Repository/EntityWorkflowSendViewRepository.php

@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Repository;
+
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowSendView;
+use Doctrine\Persistence\ManagerRegistry;
+use Doctrine\Persistence\ObjectRepository;
+
+/**
+ * @template-implements ObjectRepository<EntityWorkflowSendView>
+ */
+class EntityWorkflowSendViewRepository implements ObjectRepository
+{
+    private readonly ObjectRepository $repository;
+
+    public function __construct(ManagerRegistry $registry)
+    {
+        $this->repository = $registry->getRepository($this->getClassName());
+    }
+
+    public function find($id): ?EntityWorkflowSendView
+    {
+        return $this->repository->find($id);
+    }
+
+    public function findAll()
+    {
+        return $this->repository->findAll();
+    }
+
+    public function findBy(array $criteria, ?array $orderBy = null, ?int $limit = null, ?int $offset = null): array
+    {
+        return $this->repository->findBy($criteria, $orderBy, $limit, $offset);
+    }
+
+    public function findOneBy(array $criteria): ?EntityWorkflowSendView
+    {
+        return $this->repository->findOneBy($criteria);
+    }
+
+    public function getClassName()
+    {
+        return EntityWorkflowSendView::class;
+    }
+}