Introduce ConversionWithSameMimeTypeException for improved error handling in document conversion.

- Added the `ConversionWithSameMimeTypeException` to handle cases where document conversion is requested for the same MIME type.
- Updated `StoredObjectToPdfConverter` to throw the new exception when encountering such cases.
- Enhanced error logging in `PostSendExternalMessageHandler` to capture these specific conversion errors.

.changes/unreleased/Fixed-20251003-125745.yaml

@@ -0,0 +1,6 @@
+kind: Fixed
+body: Add missing javascript dependency
+time: 2025-10-03T12:57:45.693475353+02:00
+custom:
+    Issue: ""
+    SchemaChange: No schema change

.changes/unreleased/Fixed-20251003-130249.yaml

@@ -0,0 +1,6 @@
+kind: Fixed
+body: Add exception handling for conversion of attachment on sending external, when documens are already in pdf
+time: 2025-10-03T13:02:49.524835257+02:00
+custom:
+    Issue: ""
+    SchemaChange: No schema change

.changes/v4.2.0.md

@@ -0,0 +1,10 @@
+## v4.2.0 - 2025-09-02
+### Feature
+* ([#64](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/64)) Add external identifier for a Person
+
+  **Schema Change**: Add columns or tables
+* ([#330](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/330) Allow users to choose for which notifications they want to receive an email
+### Fixed
+* ([#422](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/422)) Fixed html layout of pages for recovering password
+* Fix typo in 'uncheckAll' script for centers selection
+* Fix incorrect parameter name in event details link

.changes/v4.2.1.md

@@ -0,0 +1,6 @@
+## v4.2.1 - 2025-09-03
+### Fixed
+* Fix exports to work with DirectExportInterface   
+### DX
+* Improve error message when a stored object cannot be written on local disk
+   

.changes/v4.3.0.md

@@ -0,0 +1,10 @@
+## v4.3.0 - 2025-09-08
+### Feature
+* ([#409](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/409)) Add 45 and 60 min calendar ranges   
+* Add a command to generate a list of permissions   
+* ([#412](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/412)) Add an absence end date   
+
+  **Schema Change**: Add columns or tables
+### Fixed
+* fix date formatting in calendar range display   
+* Change route URL to avoid clash with person duplicate controller method   

.changes/v4.4.0.md

@@ -0,0 +1,8 @@
+## v4.4.0 - 2025-09-11
+### Feature
+* ([#359](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/359)) Allow the merge of two accompanying period works   
+* ([#369](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/369)) Duplication of a document to another accompanying period work evaluation   
+* ([#359](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/359)) Fusion of two accompanying period works   
+### Fixed
+* Fix display of 'duplicate' and 'merge' buttons in CRUD templates   
+* Fix saving notification preferences in user's profile   

.changes/v4.4.1.md

@@ -0,0 +1,3 @@
+## v4.4.1 - 2025-09-11
+### Fixed
+* fix translations in duplicate evaluation document modal and realign close modal button   

.changes/v4.4.2.md

@@ -0,0 +1,3 @@
+## v4.4.2 - 2025-09-12
+### Fixed
+* Fix document generation and workflow generation do not work on accompanying period work documents   

.changes/v4.5.0.md

@@ -0,0 +1,13 @@
+## v4.5.0 - 2025-10-03
+### Feature
+* Only allow delete of attachment on workflows that are not final   
+* Move up signature buttons on index workflow page for easier access   
+* Filter out document from attachment list if it is the same as the workflow document   
+* Block edition on attached document on workflow, if the workflow is finalized or sent external   
+* Convert workflow's attached document to pdf while sending them external   
+* After a signature is canceled or rejected, going to a waiting page until the post-process routines apply a workflow transition   
+### Fixed
+* ([#426](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/426)) Increased the number of required characters when setting a new password in Chill from 9 to 14 - GDPR compliance   
+* Fix permissions on storedObject which are subject by a workflow   
+### DX
+* Introduce a WaitingScreen component to display a waiting screen   

.gitignore

@@ -18,6 +18,9 @@ migrations/*
 templates/*
 translations/*
 
+# we allow developers to add customization on their installation, without commiting it
+config/packages/dev/*
+
 ###> symfony/framework-bundle ###
 /.env.local
 /.env.local.php

.junie/guidelines.md

@@ -27,11 +27,11 @@ Chill is a comprehensive web application built as a set of Symfony bundles. It i
 
 ## Project Structure
 
-Note: This is a project which exists from a long time ago, and we found multiple structure inside each bundle. When having the choice, the developers should choose the new structure.
+Note: This is a project that's existed for a long time, and throughout the years we've used multiple structures inside each bundle. When having the choice, the developers should choose the new structure.
 
 The project follows a standard Symfony bundle structure:
 - `/src/Bundle/`: Contains all the Chill bundles. The code is either at the root of the bundle directory, or within a `src/` directory (preferred). See psr4 mapping at the root's `composer.json`.
-- each bundle come with his own tests, either in the `Tests` directory (when the code is directly within the bundle directory (for instance `src/Bundle/ChillMainBundle/Tests`, `src/Bundle/ChillPersonBundle/Tests`)), or inside the `tests` directory, alongside to the `src/` sub-directory (example: `src/Bundle/ChillWopiBundle/tests`) (this is the preferred way).
+- each bundle comes with its own tests, either in the `Tests` directory (when the code is directly within the bundle directory (for instance `src/Bundle/ChillMainBundle/Tests`, `src/Bundle/ChillPersonBundle/Tests`)), or inside the `tests` directory, alongside the `src/` sub-directory (example: `src/Bundle/ChillWopiBundle/tests`) (this is the preferred way).
 - `/docs/`: Contains project documentation
 
 Each bundle typically has the following structure:
@@ -46,13 +46,13 @@ Each bundle typically has the following structure:
 
 ### A special word about TicketBundle
 
-The ticket bundle is developed using a kind of "Command" pattern. The controller fill a "Command", and a "CommandHandler" handle this command. They are savec in the `src/Bundle/ChillTicketBundle/src/Action` directory.
+The ticket bundle is developed using a kind of "Command" pattern. The controller fills a "Command," and a "CommandHandler" handles this command. They are saved in the `src/Bundle/ChillTicketBundle/src/Action` directory.
 
 ## Development Guidelines
 
 ### Building and Configuration Instructions
 
-All the command should be run through the `symfony` command, which will configure the required variables.
+All the commands should be run through the `symfony` command, which will configure the required variables.
 
 For assets, we must ensure that we use node at version `^20.0.0`. This is done using `nvm use 20`.
 
@@ -87,7 +87,7 @@ For assets, we must ensure that we use node at version `^20.0.0`. This is done u
    docker compose up -d
    ```
 
-5. **Set Up the Database**:
+6. **Set Up the Database**:
    ```bash
    # Create the database
    symfony console doctrine:database:create
@@ -99,20 +99,20 @@ For assets, we must ensure that we use node at version `^20.0.0`. This is done u
    symfony console doctrine:fixtures:load
    ```
 
-6. **Build Assets**:
+7. **Build Assets**:
    ```bash
    nvm use 20
    yarn run encore dev
    ```
 
-7. **Start the Development Server**:
+8. **Start the Development Server**:
    ```bash
    symfony server:start -d
    ```
 
 #### Docker Setup
 
-The project includes Docker configuration for easier development:
+The project includes a Docker configuration for easier development:
 
 1. **Start Docker Services**:
    ```bash
@@ -153,9 +153,9 @@ Key configuration files:
 
 Each time a doctrine entity is created, we generate migration to adapt the database.
 
-The migration are created using the command `symfony console doctrine:migrations:diff --no-interaction --namespace <namespace>`, where the namespace is the relevant namespace for migration. As this is a bash script, do not forget to quote the `\` (`\` must become `\\` in your command).
+The migration is created using the command `symfony console doctrine:migrations:diff --no-interaction --namespace <namespace>`, where the namespace is the relevant namespace for migration. As this is a bash script, remember to quote the `\` (`\` must become `\\` in your command).
 
-Each bundle has his own namespace for migration (always ask me to confirm that command, with a list of updated / created entities so that I can confirm you that it is ok):
+Each bundle has his own namespace for migration (always ask me to confirm that command with a list of updated / created entities so that I can confirm to you that it is ok):
 
 - `Chill\Bundle\ActivityBundle` writes migrations to `Chill\Migrations\Activity`;
 - `Chill\Bundle\BudgetBundle` writes migrations to `Chill\Migrations\Budget`;
@@ -183,7 +183,7 @@ Once created the, comment's classes should be removed and a description of the c
 
 When we need to use a DateTime or DateTimeImmutable that need to express "now", we prefer the usage of
 `Symfony\Component\Clock\ClockInterface`, where possible. This is usually not possible in doctrine entities,
-where injection does not work when restoring an entity from database, but usually possible in services.
+where injection does not work when restoring an entity from a database, but usually possible in services.
 
 In test, we use `\Symfony\Component\Clock\MockClock` which is an implementation of `Symfony\Component\Clock\ClockInterface`
 where we have full and easy control of the date.
@@ -198,9 +198,9 @@ The project uses PHPUnit for testing. Each bundle has its own test suite, and th
 
 For creating mock, we prefer using prophecy (library phpspec/prophecy).
 
-##### Useful helpers and tips that avoid create a mock
+##### Useful helpers and tips that avoid creating a mock
 
-Some notable implementations that are tests helper, and avoid to create a mock:
+Some notable implementations that are test helpers and avoid creating a mock:
 
 - `\Psr\Log\NullLogger`, an implementation of `\Psr\Log\LoggerInterface`;
 - `\Symfony\Component\Clock\MockClock`, an implementation of `Symfony\Component\Clock\ClockInterface` (already mentioned above);
@@ -297,7 +297,7 @@ class TicketTest extends TestCase
 
 #### Test Database
 
-For tests that require a database, the project uses postgresql database filled by fixtures (usage of doctrine-fixtures). You can configure a different database for testing in the `.env.test` file.
+For tests that require a database, the project uses a postgresql database filled with fixtures (usage of doctrine-fixtures). You can configure a different database for testing in the `.env.test` file.
 
 ### Code Quality Tools
 

CHANGELOG.md

@@ -6,6 +6,66 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
 and is generated by [Changie](https://github.com/miniscruff/changie).
 
 
+## v4.5.0 - 2025-10-03
+### Feature
+* Only allow delete of attachment on workflows that are not final   
+* Move up signature buttons on index workflow page for easier access   
+* Filter out document from attachment list if it is the same as the workflow document   
+* Block edition on attached document on workflow, if the workflow is finalized or sent external   
+* Convert workflow's attached document to pdf while sending them external   
+* After a signature is canceled or rejected, going to a waiting page until the post-process routines apply a workflow transition   
+### Fixed
+* ([#426](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/426)) Increased the number of required characters when setting a new password in Chill from 9 to 14 - GDPR compliance   
+* Fix permissions on storedObject which are subject by a workflow   
+### DX
+* Introduce a WaitingScreen component to display a waiting screen   
+
+## v4.4.2 - 2025-09-12
+### Fixed
+* Fix document generation and workflow generation do not work on accompanying period work documents   
+
+## v4.4.1 - 2025-09-11
+### Fixed
+* fix translations in duplicate evaluation document modal and realign close modal button   
+
+## v4.4.0 - 2025-09-11
+### Feature
+* ([#359](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/359)) Allow the merge of two accompanying period works   
+* ([#369](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/369)) Duplication of a document to another accompanying period work evaluation   
+* ([#359](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/359)) Fusion of two accompanying period works   
+### Fixed
+* Fix display of 'duplicate' and 'merge' buttons in CRUD templates   
+* Fix saving notification preferences in user's profile   
+
+## v4.3.0 - 2025-09-08
+### Feature
+* ([#409](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/409)) Add 45 and 60 min calendar ranges   
+* Add a command to generate a list of permissions   
+* ([#412](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/412)) Add an absence end date   
+
+  **Schema Change**: Add columns or tables
+### Fixed
+* fix date formatting in calendar range display   
+* Change route URL to avoid clash with person duplicate controller method   
+
+## v4.2.1 - 2025-09-03
+### Fixed
+* Fix exports to work with DirectExportInterface   
+### DX
+* Improve error message when a stored object cannot be written on local disk
+   
+
+## v4.2.0 - 2025-09-02
+### Feature
+* ([#64](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/64)) Add external identifier for a Person
+
+  **Schema Change**: Add columns or tables
+* ([#330](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/330) Allow users to choose for which notifications they want to receive an email
+### Fixed
+* ([#422](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/422)) Fixed html layout of pages for recovering password
+* Fix typo in 'uncheckAll' script for centers selection
+* Fix incorrect parameter name in event details link
+
 ## v4.1.0 - 2025-08-26
 ### Feature
 * ([#400](https://gitlab.com/Chill-Projet/chill-bundles/-/issues/400)) Add filter to social actions list to filter out actions where current user intervenes   

package.json

@@ -55,6 +55,7 @@
     "@tsconfig/node20": "^20.1.4",
     "@types/dompurify": "^3.0.5",
     "@types/leaflet": "^1.9.3",
+    "@vueuse/core": "^13.9.0",
     "bootstrap-icons": "^1.11.3",
     "dropzone": "^5.7.6",
     "es6-promise": "^4.2.8",

src/Bundle/ChillAsideActivityBundle/src/Resources/views/asideActivity/view.html.twig

@@ -55,5 +55,6 @@
 			</dl>
 
 		{% endblock %}
+        {% block content_view_actions_duplicate_link %}{% endblock %}
 	{% endembed %}
 {% endblock %}

src/Bundle/ChillCalendarBundle/Resources/public/vuejs/Calendar/App.vue

@@ -70,6 +70,8 @@
                         <option value="00:10:00">10 minutes</option>
                         <option value="00:15:00">15 minutes</option>
                         <option value="00:30:00">30 minutes</option>
+                        <option value="00:45:00">45 minutes</option>
+                        <option value="00:60:00">60 minutes</option>
                     </select>
                     <label class="input-group-text" for="slotMinTime">De</label>
                     <select

src/Bundle/ChillCalendarBundle/Resources/public/vuejs/MyCalendarRange/App2.vue

@@ -32,6 +32,8 @@
                     <option value="00:10:00">10 minutes</option>
                     <option value="00:15:00">15 minutes</option>
                     <option value="00:30:00">30 minutes</option>
+                    <option value="00:45:00">45 minutes</option>
+                    <option value="00:60:00">60 minutes</option>
                 </select>
                 <label class="input-group-text" for="slotMinTime">De</label>
                 <select
@@ -102,7 +104,8 @@
                     event.title
                 }}</b>
                 <b v-else-if="event.extendedProps.is === 'range'"
-                    >{{ formatDate(event.startStr) }} -
+                    >{{ formatDate(event.startStr, "time") }} -
+                    {{ formatDate(event.endStr, "time") }}:
                     {{ event.extendedProps.locationName }}</b
                 >
                 <b v-else-if="event.extendedProps.is === 'local'">{{
@@ -294,9 +297,26 @@ const nextWeeks = computed((): Weeks[] =>
     }),
 );
 
-const formatDate = (datetime: string) => {
-    console.log(typeof datetime);
-    return ISOToDate(datetime);
+const formatDate = (datetime: string, format: null | "time" = null) => {
+    const date = ISOToDate(datetime);
+    if (!date) return "";
+
+    if (format === "time") {
+        return date.toLocaleTimeString("fr-FR", {
+            hour: "2-digit",
+            minute: "2-digit",
+        });
+    }
+
+    // French date formatting
+    return date.toLocaleDateString("fr-FR", {
+        weekday: "short",
+        year: "numeric",
+        month: "short",
+        day: "numeric",
+        hour: "2-digit",
+        minute: "2-digit",
+    });
 };
 
 const baseOptions = ref<CalendarOptions>({

src/Bundle/ChillCustomFieldsBundle/EntityRepository/CustomFieldsDefaultGroupRepository.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\CustomFieldsBundle\EntityRepository;
+
+use Chill\CustomFieldsBundle\Entity\CustomFieldsDefaultGroup;
+use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
+use Doctrine\Persistence\ManagerRegistry;
+
+class CustomFieldsDefaultGroupRepository extends ServiceEntityRepository
+{
+    public function __construct(ManagerRegistry $registry)
+    {
+        parent::__construct($registry, CustomFieldsDefaultGroup::class);
+    }
+
+    public function findOneByEntity(string $className): ?CustomFieldsDefaultGroup
+    {
+        return $this->findOneBy(['entity' => $className]);
+    }
+}

src/Bundle/ChillCustomFieldsBundle/config/services.yaml

@@ -127,3 +127,7 @@ services:
         factory: ["@doctrine", getRepository]
         arguments:
             - "Chill\\CustomFieldsBundle\\Entity\\CustomFieldLongChoice\\Option"
+
+    Chill\CustomFieldsBundle\EntityRepository\CustomFieldsDefaultGroupRepository:
+        autowire: true
+        autoconfigure: true

src/Bundle/ChillDocStoreBundle/AsyncUpload/Driver/LocalStorage/StoredObjectManager.php

@@ -18,6 +18,7 @@ use Chill\DocStoreBundle\Exception\StoredObjectManagerException;
 use Chill\DocStoreBundle\Service\Cryptography\KeyGenerator;
 use Chill\DocStoreBundle\Service\StoredObjectManagerInterface;
 use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
+use Symfony\Component\Filesystem\Exception\IOExceptionInterface;
 use Symfony\Component\Filesystem\Filesystem;
 use Symfony\Component\Filesystem\Path;
 
@@ -147,16 +148,11 @@ class StoredObjectManager implements StoredObjectManagerInterface
     public function writeContent(string $filename, string $encryptedContent): void
     {
         $fullPath = $this->buildPath($filename);
-        $dir = Path::getDirectory($fullPath);
 
-        if (!$this->filesystem->exists($dir)) {
-            $this->filesystem->mkdir($dir);
-        }
-
-        $result = file_put_contents($fullPath, $encryptedContent);
-
-        if (false === $result) {
-            throw StoredObjectManagerException::unableToStoreDocumentOnDisk();
+        try {
+            $this->filesystem->dumpFile($fullPath, $encryptedContent);
+        } catch (IOExceptionInterface $exception) {
+            throw StoredObjectManagerException::unableToStoreDocumentOnDisk($exception);
         }
     }
 

src/Bundle/ChillDocStoreBundle/Exception/ConversionWithSameMimeTypeException.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Exception;
+
+class ConversionWithSameMimeTypeException extends \RuntimeException
+{
+    public function __construct(string $mimeType, ?\Throwable $previous = null)
+    {
+        parent::__construct("Conversion to same MIME type '{$mimeType}' is not allowed: already at the same MIME type", 0, $previous);
+    }
+}

src/Bundle/ChillDocStoreBundle/Resources/public/types/generic_doc.ts

@@ -25,7 +25,7 @@ export interface GenericDoc {
     type: "doc_store_generic_doc";
     uniqueKey: string;
     key: string;
-    identifiers: object;
+    identifiers: { id: number };
     context: "person" | "accompanying-period";
     doc_date: DateTime;
     metadata: GenericDocMetadata;

src/Bundle/ChillDocStoreBundle/Resources/public/vuejs/DropFileWidget/DropFileModal.vue

@@ -4,6 +4,7 @@ import { StoredObject, StoredObjectVersion } from "../../types";
 import DropFileWidget from "ChillDocStoreAssets/vuejs/DropFileWidget/DropFileWidget.vue";
 import { computed, reactive } from "vue";
 import { useToast } from "vue-toast-notification";
+import { DOCUMENT_ADD, trans } from "translator";
 
 interface DropFileConfig {
     allowRemove: boolean;
@@ -75,11 +76,9 @@ function closeModal(): void {
         @click="openModal"
         class="btn btn-create"
     >
-        Ajouter un document
-    </button>
-    <button v-else @click="openModal" class="btn btn-edit">
-        Remplacer le document
+        {{ trans(DOCUMENT_ADD) }}
     </button>
+    <button v-else @click="openModal" class="btn btn-edit"></button>
     <modal
         v-if="state.showModal"
         :modal-dialog-class="modalClasses"

src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoter/AbstractStoredObjectVoter.php

@@ -46,6 +46,16 @@ abstract class AbstractStoredObjectVoter implements StoredObjectVoterInterface
 
     public function voteOnAttribute(StoredObjectRoleEnum $attribute, StoredObject $subject, TokenInterface $token): bool
     {
+        // we first try to get the permission from the workflow, as attachement (this is the less intensive query)
+        $workflowPermissionAsAttachment = match ($attribute) {
+            StoredObjectRoleEnum::SEE => $this->workflowDocumentService->isAllowedByWorkflowForReadOperation($subject),
+            StoredObjectRoleEnum::EDIT => $this->workflowDocumentService->isAllowedByWorkflowForWriteOperation($subject),
+        };
+
+        if (WorkflowRelatedEntityPermissionHelper::FORCE_DENIED === $workflowPermissionAsAttachment) {
+            return false;
+        }
+
         // Retrieve the related entity
         $entity = $this->getRepository()->findAssociatedEntityToStoredObject($subject);
 
@@ -66,7 +76,7 @@ abstract class AbstractStoredObjectVoter implements StoredObjectVoterInterface
         return match ($workflowPermission) {
             WorkflowRelatedEntityPermissionHelper::FORCE_GRANT => true,
             WorkflowRelatedEntityPermissionHelper::FORCE_DENIED => false,
-            WorkflowRelatedEntityPermissionHelper::ABSTAIN => $regularPermission,
+            WorkflowRelatedEntityPermissionHelper::ABSTAIN => WorkflowRelatedEntityPermissionHelper::FORCE_GRANT === $workflowPermissionAsAttachment || $regularPermission,
         };
     }
 }

src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoterInterface.php

@@ -14,6 +14,12 @@ namespace Chill\DocStoreBundle\Security\Authorization;
 use Chill\DocStoreBundle\Entity\StoredObject;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
+/**
+ * Interface for voting on stored object permissions.
+ *
+ * Each time a stored object is attached to a document, the voter is responsible for determining
+ * whether the user has the necessary permissions to access or modify the stored object.
+ */
 interface StoredObjectVoterInterface
 {
     public function supports(StoredObjectRoleEnum $attribute, StoredObject $subject): bool;

src/Bundle/ChillDocStoreBundle/Service/StoredObjectToPdfConverter.php

@@ -15,6 +15,7 @@ use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Entity\StoredObjectPointInTime;
 use Chill\DocStoreBundle\Entity\StoredObjectPointInTimeReasonEnum;
 use Chill\DocStoreBundle\Entity\StoredObjectVersion;
+use Chill\DocStoreBundle\Exception\ConversionWithSameMimeTypeException;
 use Chill\DocStoreBundle\Exception\StoredObjectManagerException;
 use Chill\WopiBundle\Service\WopiConverter;
 use Symfony\Component\Mime\MimeTypesInterface;
@@ -41,9 +42,10 @@ class StoredObjectToPdfConverter
      *
      * @return array{0: StoredObjectPointInTime, 1: StoredObjectVersion, 2?: string} contains the point in time before conversion and the new version of the stored object. The converted content is included in the response if $includeConvertedContent is true
      *
-     * @throws \UnexpectedValueException    if the preferred mime type for the conversion is not found
-     * @throws \RuntimeException            if the conversion or storage of the new version fails
+     * @throws \UnexpectedValueException           if the preferred mime type for the conversion is not found
+     * @throws \RuntimeException                   if the conversion or storage of the new version fails
      * @throws StoredObjectManagerException
+     * @throws ConversionWithSameMimeTypeException if the document has already the same mime type79*
      */
     public function addConvertedVersion(StoredObject $storedObject, string $lang, $convertTo = 'pdf', bool $includeConvertedContent = false): array
     {
@@ -56,7 +58,7 @@ class StoredObjectToPdfConverter
         $currentVersion = $storedObject->getCurrentVersion();
 
         if ($currentVersion->getType() === $newMimeType) {
-            throw new \UnexpectedValueException('Already at the same mime type');
+            throw new ConversionWithSameMimeTypeException($newMimeType);
         }
 
         $content = $this->storedObjectManager->read($currentVersion);

src/Bundle/ChillDocStoreBundle/Tests/Security/Authorization/AbstractStoredObjectVoterTest.php

@@ -86,9 +86,165 @@ class AbstractStoredObjectVoterTest extends TestCase
     }
 
     /**
-     * @dataProvider dataProviderVoteOnAttribute
+     * @dataProvider dataProviderVoteOnAttributeWithStoredObjectPermission
      */
-    public function testVoteOnAttribute(
+    public function testVoteOnAttributeWithStoredObjectPermission(
+        StoredObjectRoleEnum $attribute,
+        bool $expected,
+        bool $isGrantedRegularPermission,
+        string $isGrantedWorkflowPermission,
+        string $isGrantedStoredObjectAttachment,
+    ): void {
+        $storedObject = new StoredObject();
+        $repository = new DummyRepository($related = new \stdClass());
+        $token = new UsernamePasswordToken(new User(), 'dummy');
+
+        $security = $this->prophesize(Security::class);
+        $security->isGranted('SOME_ROLE', $related)->willReturn($isGrantedRegularPermission);
+
+        $workflowRelatedEntityPermissionHelper = $this->prophesize(WorkflowRelatedEntityPermissionHelper::class);
+
+        $security = $this->prophesize(Security::class);
+        $security->isGranted('SOME_ROLE', $related)->willReturn($isGrantedRegularPermission);
+
+        if (StoredObjectRoleEnum::SEE === $attribute) {
+            $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForReadOperation($storedObject)
+                ->shouldBeCalled()
+                ->willReturn($isGrantedStoredObjectAttachment);
+            $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForReadOperation($related)
+                ->willReturn($isGrantedWorkflowPermission);
+        } elseif (StoredObjectRoleEnum::EDIT === $attribute) {
+            $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForWriteOperation($storedObject)
+                ->shouldBeCalled()
+                ->willReturn($isGrantedStoredObjectAttachment);
+            $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForWriteOperation($related)
+                ->willReturn($isGrantedWorkflowPermission);
+        } else {
+            throw new \LogicException('Invalid attribute for StoredObjectVoter');
+        }
+
+        $storedObjectVoter = new class ($repository, $workflowRelatedEntityPermissionHelper->reveal(), $security->reveal()) extends AbstractStoredObjectVoter {
+            public function __construct(private $repository, $helper, $security)
+            {
+                parent::__construct($security, $helper);
+            }
+
+            protected function getRepository(): AssociatedEntityToStoredObjectInterface
+            {
+                return $this->repository;
+            }
+
+            protected function getClass(): string
+            {
+                return \stdClass::class;
+            }
+
+            protected function attributeToRole(StoredObjectRoleEnum $attribute): string
+            {
+                return 'SOME_ROLE';
+            }
+
+            protected function canBeAssociatedWithWorkflow(): bool
+            {
+                return true;
+            }
+        };
+
+        $actual = $storedObjectVoter->voteOnAttribute($attribute, $storedObject, $token);
+
+        self::assertEquals($expected, $actual);
+    }
+
+    public static function dataProviderVoteOnAttributeWithStoredObjectPermission(): iterable
+    {
+        foreach (['read' => StoredObjectRoleEnum::SEE, 'write' => StoredObjectRoleEnum::EDIT] as $action => $attribute) {
+            yield 'Not related to any workflow nor attachment ('.$action.')' => [
+                $attribute,
+                true,
+                true,
+                WorkflowRelatedEntityPermissionHelper::ABSTAIN,
+                WorkflowRelatedEntityPermissionHelper::ABSTAIN,
+            ];
+
+            yield 'Not related to any workflow nor attachment (refuse) ('.$action.')' => [
+                $attribute,
+                false,
+                false,
+                WorkflowRelatedEntityPermissionHelper::ABSTAIN,
+                WorkflowRelatedEntityPermissionHelper::ABSTAIN,
+            ];
+
+            yield 'Is granted by a workflow takes precedence (workflow) ('.$action.')' => [
+                $attribute,
+                false,
+                true,
+                WorkflowRelatedEntityPermissionHelper::FORCE_DENIED,
+                WorkflowRelatedEntityPermissionHelper::ABSTAIN,
+            ];
+
+            yield 'Is granted by a workflow takes precedence (stored object) ('.$action.')' => [
+                $attribute,
+                false,
+                true,
+                WorkflowRelatedEntityPermissionHelper::ABSTAIN,
+                WorkflowRelatedEntityPermissionHelper::FORCE_DENIED,
+            ];
+
+            yield 'Is granted by a workflow takes precedence (workflow) although grant ('.$action.')' => [
+                $attribute,
+                false,
+                true,
+                WorkflowRelatedEntityPermissionHelper::FORCE_DENIED,
+                WorkflowRelatedEntityPermissionHelper::FORCE_GRANT,
+            ];
+
+            yield 'Is granted by a workflow takes precedence (stored object) although grant ('.$action.')' => [
+                $attribute,
+                false,
+                true,
+                WorkflowRelatedEntityPermissionHelper::FORCE_GRANT,
+                WorkflowRelatedEntityPermissionHelper::FORCE_DENIED,
+            ];
+
+            yield 'Is granted by a workflow takes precedence (initially refused) (workflow) although grant ('.$action.')' => [
+                $attribute,
+                false,
+                false,
+                WorkflowRelatedEntityPermissionHelper::FORCE_DENIED,
+                WorkflowRelatedEntityPermissionHelper::FORCE_GRANT,
+            ];
+
+            yield 'Is granted by a workflow takes precedence (initially refused) (stored object) although grant ('.$action.')' => [
+                $attribute,
+                false,
+                false,
+                WorkflowRelatedEntityPermissionHelper::FORCE_GRANT,
+                WorkflowRelatedEntityPermissionHelper::FORCE_DENIED,
+            ];
+
+            yield 'Force grant inverse the regular permission (workflow) ('.$action.')' => [
+                $attribute,
+                true,
+                false,
+                WorkflowRelatedEntityPermissionHelper::FORCE_GRANT,
+                WorkflowRelatedEntityPermissionHelper::ABSTAIN,
+            ];
+
+            yield 'Force grant inverse the regular permission (so) ('.$action.')' => [
+                $attribute,
+                true,
+                false,
+                WorkflowRelatedEntityPermissionHelper::ABSTAIN,
+                WorkflowRelatedEntityPermissionHelper::FORCE_GRANT,
+            ];
+
+        }
+    }
+
+    /**
+     * @dataProvider dataProviderVoteOnAttributeWithoutStoredObjectPermission
+     */
+    public function testVoteOnAttributeWithoutStoredObjectPermission(
         StoredObjectRoleEnum $attribute,
         bool $expected,
         bool $canBeAssociatedWithWorkflow,
@@ -105,6 +261,10 @@ class AbstractStoredObjectVoterTest extends TestCase
         $security->isGranted('SOME_ROLE', $related)->willReturn($isGrantedRegularPermission);
 
         $workflowRelatedEntityPermissionHelper = $this->prophesize(WorkflowRelatedEntityPermissionHelper::class);
+
+        $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForReadOperation($storedObject)->willReturn(WorkflowRelatedEntityPermissionHelper::ABSTAIN);
+        $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForWriteOperation($storedObject)->willReturn(WorkflowRelatedEntityPermissionHelper::ABSTAIN);
+
         if (null !== $isGrantedWorkflowPermissionRead) {
             $workflowRelatedEntityPermissionHelper->isAllowedByWorkflowForReadOperation($related)
                 ->willReturn($isGrantedWorkflowPermissionRead)->shouldBeCalled();
@@ -123,7 +283,7 @@ class AbstractStoredObjectVoterTest extends TestCase
         self::assertEquals($expected, $voter->voteOnAttribute($attribute, $storedObject, $token), $message);
     }
 
-    public static function dataProviderVoteOnAttribute(): iterable
+    public static function dataProviderVoteOnAttributeWithoutStoredObjectPermission(): iterable
     {
         // not associated on a workflow
         yield [StoredObjectRoleEnum::SEE, true, false, true, null, null, 'not associated on a workflow, granted by regular access, must not rely on helper'];

src/Bundle/ChillDocStoreBundle/translations/messages.fr.yml

@@ -23,6 +23,8 @@ See the document: Voir le document
 
 document:
     Any title: Aucun titre
+    replace: Remplacer
+    Add: Ajouter un document
 
 generic_doc:
     filter:

src/Bundle/ChillEventBundle/Resources/views/Event/listByPerson.html.twig

@@ -53,7 +53,7 @@
                                 {% set returnLabel = 'Back to %person% events'|trans({ '%person%' : currentPerson } ) %}
 
                                 {% if is_granted('CHILL_EVENT_SEE_DETAILS', participation.event) %}
-                                    <a  href="{{ path('chill_event__event_show', { 'event_id' : participation.event.id, 'return_path' : currentPath, 'return_label' : returnLabel } ) }}"
+                                    <a  href="{{ path('chill_event__event_show', { 'id' : participation.event.id, 'return_path' : currentPath, 'return_label' : returnLabel } ) }}"
                                     class="btn btn-primary btn-sm" title="{{ 'See details of the event'|trans }}">
                                     <i class="fa fa-fw fa-eye"></i>
                                 </a>

src/Bundle/ChillJobBundle/src/Resources/views/CV/view.html.twig

@@ -118,7 +118,7 @@
 
         {{ entity.notes|chill_print_or_message("Aucune note", 'blockquote') }}
     {% endblock crud_content_view_details %}
-
+    {% block content_view_actions_duplicate_link %}{% endblock %}
     {% block content_view_actions_back %}
         <li class="cancel">
             <a class="btn btn-cancel" href="{{ chill_return_path_or('chill_job_report_index', { 'person': entity.person.id }) }}">

src/Bundle/ChillJobBundle/src/Resources/views/Frein/view.html.twig

@@ -46,6 +46,7 @@
             </dd>
         </dl>
     {% endblock crud_content_view_details %}
+    {% block content_view_actions_duplicate_link %}{% endblock %}
 
     {% block content_view_actions_back %}
         <li class="cancel">

src/Bundle/ChillJobBundle/src/Resources/views/Immersion/view.html.twig

@@ -206,6 +206,8 @@
             </a>
         </li>
     {% endblock %}
+    {% block content_view_actions_duplicate_link %}{% endblock %}
+
     {% block content_view_actions_after %}
         <li>
             <a class="btn btn-misc" href="{{ chill_return_path_or('chill_crud_immersion_bilan', { 'id': entity.id, 'person_id': entity.person.id }) }}">

src/Bundle/ChillJobBundle/src/Resources/views/ProjetProfessionnel/view.html.twig

@@ -94,6 +94,7 @@
 
 
     {% endblock crud_content_view_details %}
+    {% block content_view_actions_duplicate_link %}{% endblock %}
 
     {% block content_view_actions_back %}
         <li class="cancel">

src/Bundle/ChillMainBundle/Action/User/UpdateProfile/UpdateProfileCommand.php

@@ -0,0 +1,64 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Action\User\UpdateProfile;
+
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Notification\NotificationFlagManager;
+use Chill\MainBundle\Validation\Constraint\PhonenumberConstraint;
+use libphonenumber\PhoneNumber;
+
+final class UpdateProfileCommand
+{
+    public array $notificationFlags = [];
+
+    public function __construct(
+        #[PhonenumberConstraint]
+        public ?PhoneNumber $phonenumber,
+    ) {}
+
+    public static function create(User $user, NotificationFlagManager $flagManager): self
+    {
+        $updateProfileCommand = new self($user->getPhonenumber());
+
+        foreach ($flagManager->getAllNotificationFlagProviders() as $provider) {
+            $updateProfileCommand->setNotificationFlag(
+                $provider->getFlag(),
+                User::NOTIF_FLAG_IMMEDIATE_EMAIL,
+                $user->isNotificationSendImmediately($provider->getFlag())
+            );
+            $updateProfileCommand->setNotificationFlag(
+                $provider->getFlag(),
+                User::NOTIF_FLAG_DAILY_DIGEST,
+                $user->isNotificationDailyDigest($provider->getFlag())
+            );
+        }
+
+        return $updateProfileCommand;
+    }
+
+    /**
+     * @param User::NOTIF_FLAG_IMMEDIATE_EMAIL|User::NOTIF_FLAG_DAILY_DIGEST $kind
+     */
+    private function setNotificationFlag(string $type, string $kind, bool $value): void
+    {
+        if (!array_key_exists($type, $this->notificationFlags)) {
+            $this->notificationFlags[$type] = ['immediate_email' => true, 'daily_digest' => false];
+        }
+
+        $k = match ($kind) {
+            User::NOTIF_FLAG_IMMEDIATE_EMAIL => 'immediate_email',
+            User::NOTIF_FLAG_DAILY_DIGEST => 'daily_digest',
+        };
+
+        $this->notificationFlags[$type][$k] = $value;
+    }
+}

src/Bundle/ChillMainBundle/Action/User/UpdateProfile/UpdateProfileCommandHandler.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Action\User\UpdateProfile;
+
+use Chill\MainBundle\Entity\User;
+
+final readonly class UpdateProfileCommandHandler
+{
+    public function updateProfile(User $user, UpdateProfileCommand $command): void
+    {
+        $user->setPhonenumber($command->phonenumber);
+
+        foreach ($command->notificationFlags as $flag => $values) {
+            $user->setNotificationImmediately($flag, $values['immediate_email']);
+            $user->setNotificationDailyDigest($flag, $values['daily_digest']);
+        }
+    }
+}

src/Bundle/ChillMainBundle/Command/DumpListPermissionsCommand.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Command;
+
+use Chill\MainBundle\Security\RoleDumper;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+#[AsCommand(name: 'chill:main:dump-list-permissions', description: 'Print a markdown reference of permissions (roles) grouped by title with dependencies).')]
+final class DumpListPermissionsCommand extends Command
+{
+    public function __construct(private readonly RoleDumper $roleDumper)
+    {
+        parent::__construct();
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $markdown = $this->roleDumper->dumpAsMarkdown();
+        $output->writeln($markdown);
+
+        return Command::SUCCESS;
+    }
+}

src/Bundle/ChillMainBundle/Controller/AbsenceController.php

@@ -48,6 +48,7 @@ class AbsenceController extends AbstractController
         $user = $this->security->getUser();
 
         $user->setAbsenceStart(null);
+        $user->setAbsenceEnd(null);
         $em = $this->managerRegistry->getManager();
         $em->flush();
 

src/Bundle/ChillMainBundle/Controller/ExportController.php

@@ -345,7 +345,7 @@ class ExportController extends AbstractController
      * @param array  $dataExport    Raw data from export step
      * @param array  $dataFormatter Raw data from formatter step
      */
-    private function buildExportDataForNormalization(string $alias, ?array $dataCenters, array $dataExport, array $dataFormatter, ?SavedExport $savedExport): array
+    private function buildExportDataForNormalization(string $alias, ?array $dataCenters, array $dataExport, ?array $dataFormatter, ?SavedExport $savedExport): array
     {
         if ($this->filterStatsByCenters) {
             $formCenters = $this->createCreateFormExport($alias, 'generate_centers', [], null);
@@ -365,7 +365,7 @@ class ExportController extends AbstractController
         $formExport->submit($dataExport);
         $dataExport = $formExport->getData();
 
-        if (\count($dataFormatter) > 0) {
+        if (is_array($dataFormatter) && \count($dataFormatter) > 0) {
             $formFormatter = $this->createCreateFormExport(
                 $alias,
                 'generate_formatter',
@@ -381,7 +381,7 @@ class ExportController extends AbstractController
             'export' => $dataExport['export']['export'] ?? [],
             'filters' => $dataExport['export']['filters'] ?? [],
             'aggregators' => $dataExport['export']['aggregators'] ?? [],
-            'pick_formatter' => $dataExport['export']['pick_formatter']['alias'],
+            'pick_formatter' => ($dataExport['export']['pick_formatter'] ?? [])['alias'] ?? '',
             'formatter' => $dataFormatter['formatter'] ?? [],
         ];
     }

src/Bundle/ChillMainBundle/Controller/UserProfileController.php

@@ -1,63 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * Chill is a software for social workers
- *
- * For the full copyright and license information, please view
- * the LICENSE file that was distributed with this source code.
- */
-
-namespace Chill\MainBundle\Controller;
-
-use Chill\MainBundle\Form\UserProfileType;
-use Chill\MainBundle\Security\ChillSecurity;
-use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
-use Symfony\Contracts\Translation\TranslatorInterface;
-use Symfony\Component\Routing\Annotation\Route;
-
-final class UserProfileController extends AbstractController
-{
-    public function __construct(
-        private readonly TranslatorInterface $translator,
-        private readonly ChillSecurity $security,
-        private readonly \Doctrine\Persistence\ManagerRegistry $managerRegistry,
-    ) {}
-
-    /**
-     * User profile that allows editing of phonenumber and visualization of certain data.
-     */
-    #[Route(path: '/{_locale}/main/user/my-profile', name: 'chill_main_user_profile')]
-    public function __invoke(Request $request)
-    {
-        if (!$this->security->isGranted('ROLE_USER')) {
-            throw new AccessDeniedHttpException();
-        }
-
-        $user = $this->security->getUser();
-        $editForm = $this->createForm(UserProfileType::class, $user);
-
-        $editForm->get('notificationFlags')->setData($user->getNotificationFlags());
-
-        $editForm->handleRequest($request);
-
-        if ($editForm->isSubmitted() && $editForm->isValid()) {
-            $notificationFlagsData = $editForm->get('notificationFlags')->getData();
-            $user->setNotificationFlags($notificationFlagsData);
-
-            $em = $this->managerRegistry->getManager();
-            $em->flush();
-            $this->addFlash('success', $this->translator->trans('user.profile.Profile successfully updated!'));
-
-            return $this->redirectToRoute('chill_main_user_profile');
-        }
-
-        return $this->render('@ChillMain/User/profile.html.twig', [
-            'user' => $user,
-            'form' => $editForm->createView(),
-        ]);
-    }
-}

src/Bundle/ChillMainBundle/Controller/UserUpdateProfileController.php

@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\Action\User\UpdateProfile\UpdateProfileCommand;
+use Chill\MainBundle\Action\User\UpdateProfile\UpdateProfileCommandHandler;
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Form\UpdateProfileType;
+use Chill\MainBundle\Notification\NotificationFlagManager;
+use Chill\MainBundle\Security\ChillSecurity;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\Form\FormFactoryInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\Session;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
+use Symfony\Component\Routing\Annotation\Route;
+use Twig\Environment;
+
+final readonly class UserUpdateProfileController
+{
+    public function __construct(
+        private TranslatorInterface $translator,
+        private ChillSecurity $security,
+        private EntityManagerInterface $entityManager,
+        private NotificationFlagManager $notificationFlagManager,
+        private FormFactoryInterface $formFactory,
+        private UrlGeneratorInterface $urlGenerator,
+        private Environment $twig,
+        private UpdateProfileCommandHandler $updateProfileCommandHandler,
+    ) {}
+
+    /**
+     * User profile that allows editing of phonenumber and visualization of certain data.
+     */
+    #[Route(path: '/{_locale}/main/user/my-profile', name: 'chill_main_user_profile')]
+    public function __invoke(Request $request, Session $session)
+    {
+        if (!$this->security->isGranted('ROLE_USER')) {
+            throw new AccessDeniedHttpException();
+        }
+
+        $user = $this->security->getUser();
+
+        $command = UpdateProfileCommand::create($user, $this->notificationFlagManager);
+        $editForm = $this->formFactory->create(UpdateProfileType::class, $command);
+
+        $editForm->handleRequest($request);
+
+        if ($editForm->isSubmitted() && $editForm->isValid()) {
+            $this->updateProfileCommandHandler->updateProfile($user, $command);
+            $this->entityManager->flush();
+            $session->getFlashBag()->add('success', $this->translator->trans('user.profile.Profile successfully updated!'));
+
+            return new RedirectResponse($this->urlGenerator->generate('chill_main_user_profile'));
+        }
+
+        return new Response($this->twig->render('@ChillMain/User/profile.html.twig', [
+            'user' => $user,
+            'form' => $editForm->createView(),
+        ]));
+    }
+}

src/Bundle/ChillMainBundle/Controller/WorkflowApiController.php

@@ -11,6 +11,7 @@ declare(strict_types=1);
 
 namespace Chill\MainBundle\Controller;
 
+use Chill\MainBundle\CRUD\Controller\ApiController;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
 use Chill\MainBundle\Pagination\PaginatorFactory;
@@ -27,7 +28,7 @@ use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Serializer\SerializerInterface;
 
-class WorkflowApiController
+class WorkflowApiController extends ApiController
 {
     public function __construct(private readonly EntityManagerInterface $entityManager, private readonly EntityWorkflowRepository $entityWorkflowRepository, private readonly PaginatorFactory $paginatorFactory, private readonly Security $security, private readonly SerializerInterface $serializer) {}
 

src/Bundle/ChillMainBundle/Controller/WorkflowSignatureStateChangeController.php

@@ -44,7 +44,7 @@ final readonly class WorkflowSignatureStateChangeController
             $signature,
             $request,
             EntityWorkflowStepSignatureVoter::CANCEL,
-            function (EntityWorkflowStepSignature $signature) {$this->signatureStepStateChanger->markSignatureAsCanceled($signature); },
+            fn (EntityWorkflowStepSignature $signature): string => $this->signatureStepStateChanger->markSignatureAsCanceled($signature),
             '@ChillMain/WorkflowSignature/cancel.html.twig',
         );
     }
@@ -56,11 +56,18 @@ final readonly class WorkflowSignatureStateChangeController
             $signature,
             $request,
             EntityWorkflowStepSignatureVoter::REJECT,
-            function (EntityWorkflowStepSignature $signature) {$this->signatureStepStateChanger->markSignatureAsRejected($signature); },
+            fn (EntityWorkflowStepSignature $signature): string => $this->signatureStepStateChanger->markSignatureAsRejected($signature),
             '@ChillMain/WorkflowSignature/reject.html.twig',
         );
     }
 
+    /**
+     * @param callable(EntityWorkflowStepSignature): string $markSignature
+     *
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
     private function markSignatureAction(
         EntityWorkflowStepSignature $signature,
         Request $request,
@@ -79,12 +86,13 @@ final readonly class WorkflowSignatureStateChangeController
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
-            $this->entityManager->wrapInTransaction(function () use ($signature, $markSignature) {
-                $markSignature($signature);
-            });
+            $expectedStep = $this->entityManager->wrapInTransaction(fn () => $markSignature($signature));
 
             return new RedirectResponse(
-                $this->chillUrlGenerator->returnPathOr('chill_main_workflow_show', ['id' => $signature->getStep()->getEntityWorkflow()->getId()])
+                $this->chillUrlGenerator->forwardReturnPath(
+                    'chill_main_workflow_wait',
+                    ['id' => $signature->getStep()->getEntityWorkflow()->getId(), 'expectedStep' => $expectedStep]
+                )
             );
         }
 

src/Bundle/ChillMainBundle/Controller/WorkflowWaitStepChangeController.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Controller;
+
+use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
+use Chill\MainBundle\Routing\ChillUrlGeneratorInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+use Twig\Environment;
+
+final readonly class WorkflowWaitStepChangeController
+{
+    public function __construct(
+        private ChillUrlGeneratorInterface $chillUrlGenerator,
+        private Environment $twig,
+    ) {}
+
+    #[Route('/{_locale}/main/workflow/{id}/wait/{expectedStep}', name: 'chill_main_workflow_wait', methods: ['GET'])]
+    public function waitForSignatureChange(EntityWorkflow $entityWorkflow, string $expectedStep): Response
+    {
+        if ($entityWorkflow->getStep() === $expectedStep) {
+            return new RedirectResponse(
+                $this->chillUrlGenerator->returnPathOr('chill_main_workflow_show', ['id' => $entityWorkflow->getId()])
+            );
+        }
+
+        return new Response(
+            $this->twig->render('@ChillMain/Workflow/waiting.html.twig', ['workflow' => $entityWorkflow, 'expectedStep' => $expectedStep])
+        );
+    }
+}

src/Bundle/ChillMainBundle/DependencyInjection/ChillMainExtension.php

@@ -30,6 +30,7 @@ use Chill\MainBundle\Controller\UserGroupAdminController;
 use Chill\MainBundle\Controller\UserGroupApiController;
 use Chill\MainBundle\Controller\UserJobApiController;
 use Chill\MainBundle\Controller\UserJobController;
+use Chill\MainBundle\Controller\WorkflowApiController;
 use Chill\MainBundle\DependencyInjection\Widget\Factory\WidgetFactoryInterface;
 use Chill\MainBundle\Doctrine\DQL\Age;
 use Chill\MainBundle\Doctrine\DQL\Extract;
@@ -66,6 +67,7 @@ use Chill\MainBundle\Entity\Regroupment;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Entity\UserGroup;
 use Chill\MainBundle\Entity\UserJob;
+use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
 use Chill\MainBundle\Form\CenterType;
 use Chill\MainBundle\Form\CivilityType;
 use Chill\MainBundle\Form\CountryType;
@@ -79,6 +81,7 @@ use Chill\MainBundle\Form\UserGroupType;
 use Chill\MainBundle\Form\UserJobType;
 use Chill\MainBundle\Form\UserType;
 use Chill\MainBundle\Security\Authorization\ChillExportVoter;
+use Chill\MainBundle\Security\Authorization\EntityWorkflowVoter;
 use Misd\PhoneNumberBundle\Doctrine\DBAL\Types\PhoneNumberType;
 use Ramsey\Uuid\Doctrine\UuidType;
 use Symfony\Component\Config\FileLocator;
@@ -940,6 +943,21 @@ class ChillMainExtension extends Extension implements
                         ],
                     ],
                 ],
+                [
+                    'class' => EntityWorkflow::class,
+                    'name' => 'workflow',
+                    'base_path' => '/api/1.0/main/workflow',
+                    'base_role' => EntityWorkflowVoter::SEE,
+                    'controller' => WorkflowApiController::class,
+                    'actions' => [
+                        '_entity' => [
+                            'methods' => [
+                                Request::METHOD_GET => true,
+                                Request::METHOD_HEAD => true,
+                            ],
+                        ],
+                    ],
+                ],
             ],
         ]);
     }

src/Bundle/ChillMainBundle/Entity/User.php

@@ -24,6 +24,7 @@ use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Serializer\Annotation as Serializer;
 use Symfony\Component\Validator\Context\ExecutionContextInterface;
 use Chill\MainBundle\Validation\Constraint\PhonenumberConstraint;
+use Symfony\Component\Validator\Constraints as Assert;
 
 /**
  * User.
@@ -45,6 +46,8 @@ class User implements UserInterface, \Stringable, PasswordAuthenticatedUserInter
     #[ORM\Column(type: \Doctrine\DBAL\Types\Types::DATETIME_IMMUTABLE, nullable: true)]
     private ?\DateTimeImmutable $absenceStart = null;
 
+    #[ORM\Column(type: \Doctrine\DBAL\Types\Types::DATETIME_IMMUTABLE, nullable: true)]
+    private ?\DateTimeImmutable $absenceEnd = null;
     /**
      * Array where SAML attributes's data are stored.
      */
@@ -157,6 +160,11 @@ class User implements UserInterface, \Stringable, PasswordAuthenticatedUserInter
         return $this->absenceStart;
     }
 
+    public function getAbsenceEnd(): ?\DateTimeImmutable
+    {
+        return $this->absenceEnd;
+    }
+
     /**
      * Get attributes.
      *
@@ -336,7 +344,13 @@ class User implements UserInterface, \Stringable, PasswordAuthenticatedUserInter
 
     public function isAbsent(): bool
     {
-        return null !== $this->getAbsenceStart() && $this->getAbsenceStart() <= new \DateTimeImmutable('now');
+        $now = new \DateTimeImmutable('now');
+        $absenceStart = $this->getAbsenceStart();
+        $absenceEnd = $this->getAbsenceEnd();
+
+        return null !== $absenceStart
+            && $absenceStart <= $now
+            && (null === $absenceEnd || $now <= $absenceEnd);
     }
 
     /**
@@ -410,6 +424,11 @@ class User implements UserInterface, \Stringable, PasswordAuthenticatedUserInter
         $this->absenceStart = $absenceStart;
     }
 
+    public function setAbsenceEnd(?\DateTimeImmutable $absenceEnd): void
+    {
+        $this->absenceEnd = $absenceEnd;
+    }
+
     public function setAttributeByDomain(string $domain, string $key, $value): self
     {
         $this->attributes[$domain][$key] = $value;
@@ -633,46 +652,82 @@ class User implements UserInterface, \Stringable, PasswordAuthenticatedUserInter
         return true;
     }
 
-    public function getNotificationFlags(): array
+    private function getNotificationFlagData(string $flag): array
     {
-        return $this->notificationFlags;
-    }
-
-    public function setNotificationFlags(array $notificationFlags)
-    {
-        $this->notificationFlags = $notificationFlags;
-    }
-
-    public function getNotificationFlagData(string $flag): array
-    {
-        return $this->notificationFlags[$flag] ?? [];
-    }
-
-    public function setNotificationFlagData(string $flag, array $data): void
-    {
-        $this->notificationFlags[$flag] = $data;
+        return $this->notificationFlags[$flag] ?? [self::NOTIF_FLAG_IMMEDIATE_EMAIL];
     }
 
     public function isNotificationSendImmediately(string $type): bool
     {
-        if ([] === $this->getNotificationFlagData($type) || in_array(User::NOTIF_FLAG_IMMEDIATE_EMAIL, $this->getNotificationFlagData($type), true)) {
-            return true;
+        return $this->isNotificationForElement($type, self::NOTIF_FLAG_IMMEDIATE_EMAIL);
+    }
+
+    public function setNotificationImmediately(string $type, bool $active): void
+    {
+        $this->setNotificationFlagElement($type, $active, self::NOTIF_FLAG_IMMEDIATE_EMAIL);
+    }
+
+    public function setNotificationDailyDigest(string $type, bool $active): void
+    {
+        $this->setNotificationFlagElement($type, $active, self::NOTIF_FLAG_DAILY_DIGEST);
+    }
+
+    /**
+     * @param self::NOTIF_FLAG_IMMEDIATE_EMAIL|self::NOTIF_FLAG_DAILY_DIGEST $kind
+     */
+    private function setNotificationFlagElement(string $type, bool $active, string $kind): void
+    {
+        $notificationFlags = [...$this->notificationFlags];
+        $changed = false;
+
+        if (!isset($notificationFlags[$type])) {
+            $notificationFlags[$type] = [self::NOTIF_FLAG_IMMEDIATE_EMAIL];
+            $changed = true;
         }
 
-        return false;
+        if ($active) {
+            if (!in_array($kind, $notificationFlags[$type], true)) {
+                $notificationFlags[$type] = [...$notificationFlags[$type], $kind];
+                $changed = true;
+            }
+        } else {
+            if (in_array($kind, $notificationFlags[$type], true)) {
+                $notificationFlags[$type] = array_values(
+                    array_filter($notificationFlags[$type], static fn ($k) => $k !== $kind)
+                );
+                $changed = true;
+            }
+        }
+
+        if ($changed) {
+            $this->notificationFlags = [...$notificationFlags];
+        }
+    }
+
+    private function isNotificationForElement(string $type, string $kind): bool
+    {
+        return in_array($kind, $this->getNotificationFlagData($type), true);
     }
 
     public function isNotificationDailyDigest(string $type): bool
     {
-        if (in_array(User::NOTIF_FLAG_DAILY_DIGEST, $this->getNotificationFlagData($type), true)) {
-            return true;
-        }
-
-        return false;
+        return $this->isNotificationForElement($type, self::NOTIF_FLAG_DAILY_DIGEST);
     }
 
     public function getLocale(): string
     {
         return 'fr';
     }
+
+    #[Assert\Callback]
+    public function validateAbsenceDates(ExecutionContextInterface $context): void
+    {
+        if (null !== $this->getAbsenceEnd() && null === $this->getAbsenceStart()) {
+            $context->buildViolation(
+                'user.absence_end_requires_start'
+            )
+                ->atPath('absenceEnd')
+                ->addViolation();
+        }
+    }
 }

src/Bundle/ChillMainBundle/Export/ExportConfigNormalizer.php

@@ -20,7 +20,7 @@ use Chill\MainBundle\Repository\CenterRepositoryInterface;
 use Chill\MainBundle\Repository\RegroupmentRepositoryInterface;
 
 /**
- * @phpstan-type NormalizedData array{centers: array{centers: list<int>, regroupments: list<int>}, export: array{form: array<string, mixed>, version: int}, filters: array<string, array{enabled: boolean, form: array<string, mixed>, version: int}>, aggregators: array<string, array{enabled: boolean, form: array<string, mixed>, version: int}>, pick_formatter: string, formatter: array{form: array<string, mixed>, version: int}}
+ * @phpstan-type NormalizedData array{centers: array{centers: list<int>, regroupments: list<int>}, export: array{form: array<string, mixed>, version: int}, filters: array<string, array{enabled: boolean, form: array<string, mixed>, version: int}>, aggregators: array<string, array{enabled: boolean, form: array<string, mixed>, version: int}>, pick_formatter?: string, formatter: array{form: array<string, mixed>, version: int}}
  */
 class ExportConfigNormalizer
 {
@@ -72,10 +72,14 @@ class ExportConfigNormalizer
         }
         $serialized['aggregators'] = $aggregatorsSerialized;
 
-        $serialized['pick_formatter'] = $formData['pick_formatter'];
-        $formatter = $this->exportManager->getFormatter($formData['pick_formatter']);
-        $serialized['formatter']['form'] = $formatter->normalizeFormData($formData['formatter']);
-        $serialized['formatter']['version'] = $formatter->getNormalizationVersion();
+        if ($export instanceof ExportInterface) {
+            $serialized['pick_formatter'] = $formData['pick_formatter'];
+            $formatter = $this->exportManager->getFormatter($formData['pick_formatter']);
+            $serialized['formatter']['form'] = $formatter->normalizeFormData($formData['formatter']);
+            $serialized['formatter']['version'] = $formatter->getNormalizationVersion();
+        } elseif ($export instanceof DirectExportInterface) {
+            $serialized['formatter'] = ['form' => [], 'version' => 0];
+        }
 
         return $serialized;
     }
@@ -87,7 +91,12 @@ class ExportConfigNormalizer
     public function denormalizeConfig(string $exportAlias, array $serializedData, bool $replaceDisabledByDefaultData = false): array
     {
         $export = $this->exportManager->getExport($exportAlias);
-        $formater = $this->exportManager->getFormatter($serializedData['pick_formatter']);
+
+        if ($export instanceof ExportInterface) {
+            $formatter = $this->exportManager->getFormatter($serializedData['pick_formatter']);
+        } else {
+            $formatter = null;
+        }
 
         $filtersConfig = [];
         foreach ($serializedData['filters'] as $alias => $filterData) {
@@ -117,8 +126,8 @@ class ExportConfigNormalizer
             'export' => $export->denormalizeFormData($serializedData['export']['form'], $serializedData['export']['version']),
             'filters' => $filtersConfig,
             'aggregators' => $aggregatorsConfig,
-            'pick_formatter' => $serializedData['pick_formatter'],
-            'formatter' => $formater->denormalizeFormData($serializedData['formatter']['form'], $serializedData['formatter']['version']),
+            'pick_formatter' => $serializedData['pick_formatter'] ?? '',
+            'formatter' => $formatter?->denormalizeFormData($serializedData['formatter']['form'], $serializedData['formatter']['version']),
             'centers' => [
                 'centers' => array_values(array_filter(array_map(fn (int $id) => $this->centerRepository->find($id), $serializedData['centers']['centers']), fn ($item) => null !== $item)),
                 'regroupments' => array_values(array_filter(array_map(fn (int $id) => $this->regroupmentRepository->find($id), $serializedData['centers']['regroupments']), fn ($item) => null !== $item)),

src/Bundle/ChillMainBundle/Form/AbsenceType.php

@@ -23,9 +23,14 @@ class AbsenceType extends AbstractType
     {
         $builder
             ->add('absenceStart', ChillDateType::class, [
-                'required' => true,
+                'required' => false,
                 'input' => 'datetime_immutable',
                 'label' => 'absence.Absence start',
+            ])
+            ->add('absenceEnd', ChillDateType::class, [
+                'required' => false,
+                'input' => 'datetime_immutable',
+                'label' => 'absence.Absence end',
             ]);
     }
 

src/Bundle/ChillMainBundle/Form/DataMapper/NotificationFlagDataMapper.php

@@ -1,75 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/*
- * Chill is a software for social workers
- *
- * For the full copyright and license information, please view
- * the LICENSE file that was distributed with this source code.
- */
-
-namespace Chill\MainBundle\Form\DataMapper;
-
-use Chill\MainBundle\Entity\User;
-use Symfony\Component\Form\DataMapperInterface;
-
-final readonly class NotificationFlagDataMapper implements DataMapperInterface
-{
-    public function __construct(private array $notificationFlagProviders) {}
-
-    public function mapDataToForms($viewData, $forms): void
-    {
-        if (null === $viewData) {
-            $viewData = [];
-        }
-
-        $formsArray = iterator_to_array($forms);
-
-        foreach ($this->notificationFlagProviders as $flagProvider) {
-            $flag = $flagProvider->getFlag();
-
-            if (isset($formsArray[$flag])) {
-                $flagForm = $formsArray[$flag];
-
-                $immediateEmailChecked = in_array(User::NOTIF_FLAG_IMMEDIATE_EMAIL, $viewData[$flag] ?? [], true)
-                    || !array_key_exists($flag, $viewData);
-                $dailyEmailChecked = in_array(User::NOTIF_FLAG_DAILY_DIGEST, $viewData[$flag] ?? [], true);
-
-                if ($flagForm->has('immediate_email')) {
-                    $flagForm->get('immediate_email')->setData($immediateEmailChecked);
-                }
-                if ($flagForm->has('daily_email')) {
-                    $flagForm->get('daily_email')->setData($dailyEmailChecked);
-                }
-            }
-        }
-    }
-
-    public function mapFormsToData($forms, &$viewData): void
-    {
-        $formsArray = iterator_to_array($forms);
-        $viewData = [];
-
-        foreach ($this->notificationFlagProviders as $flagProvider) {
-            $flag = $flagProvider->getFlag();
-
-            if (isset($formsArray[$flag])) {
-                $flagForm = $formsArray[$flag];
-                $viewData[$flag] = [];
-
-                if (true === $flagForm['immediate_email']->getData()) {
-                    $viewData[$flag][] = User::NOTIF_FLAG_IMMEDIATE_EMAIL;
-                }
-
-                if (true === $flagForm['daily_email']->getData()) {
-                    $viewData[$flag][] = User::NOTIF_FLAG_DAILY_DIGEST;
-                }
-
-                if ([] === $viewData[$flag]) {
-                    $viewData[$flag][] = User::NOTIF_FLAG_IMMEDIATE_EMAIL;
-                }
-            }
-        }
-    }
-}

src/Bundle/ChillMainBundle/Form/Type/NotificationFlagsType.php

@@ -11,11 +11,9 @@ declare(strict_types=1);
 
 namespace Chill\MainBundle\Form\Type;
 
-use Chill\MainBundle\Form\DataMapper\NotificationFlagDataMapper;
 use Chill\MainBundle\Notification\NotificationFlagManager;
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
-use Symfony\Component\Form\Extension\Core\Type\FormType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
 
@@ -30,27 +28,24 @@ class NotificationFlagsType extends AbstractType
 
     public function buildForm(FormBuilderInterface $builder, array $options): void
     {
-        $builder->setDataMapper(new NotificationFlagDataMapper($this->notificationFlagProviders));
-
         foreach ($this->notificationFlagProviders as $flagProvider) {
             $flag = $flagProvider->getFlag();
-            $builder->add($flag, FormType::class, [
+            $flagBuilder = $builder->create($flag, options: [
                 'label' => $flagProvider->getLabel(),
-                'required' => false,
+                'compound' => true,
             ]);
 
-            $builder->get($flag)
+            $flagBuilder
                 ->add('immediate_email', CheckboxType::class, [
                     'label' => false,
                     'required' => false,
-                    'mapped' => false,
                 ])
-                ->add('daily_email', CheckboxType::class, [
+                ->add('daily_digest', CheckboxType::class, [
                     'label' => false,
                     'required' => false,
-                    'mapped' => false,
                 ])
             ;
+            $builder->add($flagBuilder);
         }
     }
 
@@ -58,6 +53,7 @@ class NotificationFlagsType extends AbstractType
     {
         $resolver->setDefaults([
             'data_class' => null,
+            'compound' => true,
         ]);
     }
 }

src/Bundle/ChillMainBundle/Form/UpdateProfileType.php

@@ -11,31 +11,29 @@ declare(strict_types=1);
 
 namespace Chill\MainBundle\Form;
 
+use Chill\MainBundle\Action\User\UpdateProfile\UpdateProfileCommand;
 use Chill\MainBundle\Form\Type\ChillPhoneNumberType;
 use Chill\MainBundle\Form\Type\NotificationFlagsType;
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
 
-class UserProfileType extends AbstractType
+class UpdateProfileType extends AbstractType
 {
-    public function buildForm(FormBuilderInterface $builder, array $options)
+    public function buildForm(FormBuilderInterface $builder, array $options): void
     {
         $builder
             ->add('phonenumber', ChillPhoneNumberType::class, [
                 'required' => false,
             ])
-            ->add('notificationFlags', NotificationFlagsType::class, [
-                'label' => false,
-                'mapped' => false,
-            ])
+            ->add('notificationFlags', NotificationFlagsType::class)
         ;
     }
 
-    public function configureOptions(OptionsResolver $resolver)
+    public function configureOptions(OptionsResolver $resolver): void
     {
         $resolver->setDefaults([
-            'data_class' => \Chill\MainBundle\Entity\User::class,
+            'data_class' => UpdateProfileCommand::class,
         ]);
     }
 }

src/Bundle/ChillMainBundle/Form/UserPasswordType.php

@@ -59,7 +59,7 @@ class UserPasswordType extends AbstractType
                 'invalid_message' => 'The password fields must match',
                 'constraints' => [
                     new Length([
-                        'min' => 9,
+                        'min' => 14,
                         'minMessage' => 'The password must be greater than {{ limit }} characters',
                     ]),
                     new NotBlank(),

src/Bundle/ChillMainBundle/Form/UserType.php

@@ -105,6 +105,11 @@ class UserType extends AbstractType
                 'required' => false,
                 'input' => 'datetime_immutable',
                 'label' => 'absence.Absence start',
+            ])
+            ->add('absenceEnd', ChillDateType::class, [
+                'required' => false,
+                'input' => 'datetime_immutable',
+                'label' => 'absence.Absence end',
             ]);
 
         // @phpstan-ignore-next-line

src/Bundle/ChillMainBundle/Resources/public/chill/chillmain.scss

@@ -170,13 +170,14 @@ div.banner {
       font-weight: lighter;
       font-size: 50%;
       margin-left: 0.5em;
-      &:before { content: '(n°'; }
-      &:after { content: ')'; }
+
+       &.same-size {
+           font-size: unset;
+           font-weight: unset;
+       }
    }
    span.age {
       margin-left: 0.5em;
-      &:before { content: '('; }
-      &:after { content: ')'; }
    }
 }
 

src/Bundle/ChillMainBundle/Resources/public/chill/js/date.ts

@@ -37,8 +37,13 @@ export const ISOToDate = (str: string | null): Date | null => {
         return null;
     }
 
-    const [year, month, day] = str.split("-").map((p) => parseInt(p));
+    // If the string already contains time info, use it directly
+    if (str.includes("T") || str.includes(" ")) {
+        return new Date(str);
+    }
 
+    // Otherwise, parse date only
+    const [year, month, day] = str.split("-").map((p) => parseInt(p));
     return new Date(year, month - 1, day, 0, 0, 0, 0);
 };
 
@@ -69,20 +74,19 @@ export const ISOToDatetime = (str: string | null): Date | null => {
  *
  */
 export const datetimeToISO = (date: Date): string => {
-    let cal, time, offset;
-    cal = [
+    const cal = [
         date.getFullYear(),
         (date.getMonth() + 1).toString().padStart(2, "0"),
         date.getDate().toString().padStart(2, "0"),
     ].join("-");
 
-    time = [
+    const time = [
         date.getHours().toString().padStart(2, "0"),
         date.getMinutes().toString().padStart(2, "0"),
         date.getSeconds().toString().padStart(2, "0"),
     ].join(":");
 
-    offset = [
+    const offset = [
         date.getTimezoneOffset() <= 0 ? "+" : "-",
         Math.abs(Math.floor(date.getTimezoneOffset() / 60))
             .toString()

src/Bundle/ChillMainBundle/Resources/public/chill/scss/render_box.scss

@@ -44,8 +44,6 @@ section.chill-entity {
                     margin-left: 0.5em;
                 }
                 span.id-number {
-                    &:before { content: '(n°'; }
-                    &:after { content: ')'; }
                 }
             }
             p.moreinfo {}

src/Bundle/ChillMainBundle/Resources/public/lib/return_path/returnPathHelper.ts

@@ -0,0 +1,13 @@
+/**
+ * Extracts the "returnPath" parameter from the current URL's query string and returns it.
+ * If the parameter is not present, returns the provided fallback path.
+ *
+ * @param {string} fallbackPath - The fallback path to use if "returnPath" is not found in the query string.
+ * @return {string} The "returnPath" from the query string, or the fallback path if "returnPath" is not present.
+ */
+export function returnPathOr(fallbackPath: string): string {
+    const urlParams = new URLSearchParams(window.location.search);
+    const returnPath = urlParams.get("returnPath");
+
+    return returnPath ?? fallbackPath;
+}

src/Bundle/ChillMainBundle/Resources/public/lib/workflow/api.ts

@@ -0,0 +1,16 @@
+import { EntityWorkflow } from "ChillMainAssets/types";
+import { makeFetch } from "ChillMainAssets/lib/api/apiMethods";
+
+export const fetchWorkflow = async (
+    workflowId: number,
+): Promise<EntityWorkflow> => {
+    try {
+        return await makeFetch<null, EntityWorkflow>(
+            "GET",
+            `/api/1.0/main/workflow/${workflowId}.json`,
+        );
+    } catch (error) {
+        console.error(`Failed to fetch workflow ${workflowId}:`, error);
+        throw error;
+    }
+};

src/Bundle/ChillMainBundle/Resources/public/types.ts

@@ -1,5 +1,6 @@
 import { GenericDoc } from "ChillDocStoreAssets/types/generic_doc";
 import { StoredObject, StoredObjectStatus } from "ChillDocStoreAssets/types";
+import { Person } from "../../../ChillPersonBundle/Resources/public/types";
 
 export interface DateTime {
     datetime: string;
@@ -202,6 +203,58 @@ export interface WorkflowAttachment {
     genericDoc: null | GenericDoc;
 }
 
+export interface Workflow {
+    name: string;
+    text: string;
+}
+
+export interface EntityWorkflowStep {
+    type: "entity_workflow_step";
+    id: number;
+    comment: string;
+    currentStep: StepDefinition;
+    isFinal: boolean;
+    isFreezed: boolean;
+    isFinalized: boolean;
+    transitionPrevious: Transition | null;
+    transitionAfter: Transition | null;
+    previousId: number | null;
+    nextId: number | null;
+    transitionPreviousBy: User | null;
+    transitionPreviousAt: DateTime | null;
+}
+
+export interface Transition {
+    name: string;
+    text: string;
+    isForward: boolean;
+}
+
+export interface StepDefinition {
+    name: string;
+    text: string;
+}
+
+export interface EntityWorkflow {
+    type: "entity_workflow";
+    id: number;
+    relatedEntityClass: string;
+    relatedEntityId: number;
+    workflow: Workflow;
+    currentStep: EntityWorkflowStep;
+    steps: EntityWorkflowStep[];
+    datas: WorkflowData;
+    title: string;
+    isOnHoldAtCurrentStep: boolean;
+    _permissions: {
+        CHILL_MAIN_WORKFLOW_ATTACHMENT_EDIT: boolean;
+    };
+}
+
+export interface WorkflowData {
+    persons: Person[];
+}
+
 export interface ExportGeneration {
     id: string;
     type: "export_generation";
@@ -215,3 +268,8 @@ export interface ExportGeneration {
 export interface PrivateCommentEmbeddable {
     comments: Record<number, string>;
 }
+
+/**
+ * Possible states for the WaitingScreen Component.
+ */
+export type WaitingScreenState = "pending" | "failure" | "stopped" | "ready";

src/Bundle/ChillMainBundle/Resources/public/vuejs/DownloadExport/App.vue

@@ -10,7 +10,8 @@ import { computed, onMounted, ref } from "vue";
 import { StoredObject, StoredObjectStatus } from "ChillDocStoreAssets/types";
 import { fetchExportGenerationStatus } from "ChillMainAssets/lib/api/export";
 import DocumentActionButtonsGroup from "ChillDocStoreAssets/vuejs/DocumentActionButtonsGroup.vue";
-import { ExportGeneration } from "ChillMainAssets/types";
+import WaitingScreen from "../_components/WaitingScreen.vue";
+import { ExportGeneration, WaitingScreenState } from "ChillMainAssets/types";
 
 interface AppProps {
     exportGenerationId: string;
@@ -34,13 +35,16 @@ const storedObject = computed<null | StoredObject>(() => {
 });
 
 const isPending = computed<boolean>(() => status.value === "pending");
-const isFetching = computed<boolean>(
-    () => tryiesForReady.value < maxTryiesForReady,
-);
-const isReady = computed<boolean>(() => status.value === "ready");
-const isFailure = computed<boolean>(() => status.value === "failure");
 const filename = computed<string>(() => `${props.title}-${props.createdDate}`);
 
+const state = computed<WaitingScreenState>((): WaitingScreenState => {
+    if (status.value === "empty") {
+        return "pending";
+    }
+
+    return status.value;
+});
+
 /**
  * counter for the number of times that we check for a new status
  */
@@ -85,57 +89,36 @@ onMounted(() => {
 </script>
 
 <template>
-    <div id="waiting-screen">
-        <div
-            v-if="isPending && isFetching"
-            class="alert alert-danger text-center"
-        >
-            <div>
-                <p>
-                    {{ trans(EXPORT_GENERATION_EXPORT_GENERATION_IS_PENDING) }}
-                </p>
-            </div>
+    <WaitingScreen :state="state">
+        <template v-slot:pending>
+            <p>
+                {{ trans(EXPORT_GENERATION_EXPORT_GENERATION_IS_PENDING) }}
+            </p>
+        </template>
 
-            <div>
-                <i class="fa fa-cog fa-spin fa-3x fa-fw"></i>
-                <span class="sr-only">Loading...</span>
-            </div>
-        </div>
-        <div v-if="isPending && !isFetching" class="alert alert-info">
-            <div>
-                <p>
-                    {{ trans(EXPORT_GENERATION_TOO_MANY_RETRIES) }}
-                </p>
-            </div>
-        </div>
-        <div v-if="isFailure" class="alert alert-danger text-center">
-            <div>
-                <p>
-                    {{ trans(EXPORT_GENERATION_ERROR_WHILE_GENERATING_EXPORT) }}
-                </p>
-            </div>
-        </div>
-        <div v-if="isReady" class="alert alert-success text-center">
-            <div>
-                <p>
-                    {{ trans(EXPORT_GENERATION_EXPORT_READY) }}
-                </p>
+        <template v-slot:stopped>
+            <p>
+                {{ trans(EXPORT_GENERATION_TOO_MANY_RETRIES) }}
+            </p>
+        </template>
 
-                <p v-if="storedObject !== null">
-                    <document-action-buttons-group
-                        :stored-object="storedObject"
-                        :filename="filename"
-                    ></document-action-buttons-group>
-                </p>
-            </div>
-        </div>
-    </div>
+        <template v-slot:failure>
+            <p>
+                {{ trans(EXPORT_GENERATION_ERROR_WHILE_GENERATING_EXPORT) }}
+            </p>
+        </template>
+
+        <template v-slot:ready>
+            <p>
+                {{ trans(EXPORT_GENERATION_EXPORT_READY) }}
+            </p>
+
+            <p v-if="storedObject !== null">
+                <document-action-buttons-group
+                    :stored-object="storedObject"
+                    :filename="filename"
+                ></document-action-buttons-group>
+            </p>
+        </template>
+    </WaitingScreen>
 </template>
-
-<style scoped lang="scss">
-#waiting-screen {
-    > .alert {
-        min-height: 350px;
-    }
-}
-</style>

src/Bundle/ChillMainBundle/Resources/public/vuejs/WaitPostProcessWorkflow/App.vue

@@ -0,0 +1,75 @@
+<script setup lang="ts">
+import { useIntervalFn } from "@vueuse/core";
+import { fetchWorkflow } from "ChillMainAssets/lib/workflow/api";
+import { returnPathOr } from "ChillMainAssets/lib/return_path/returnPathHelper";
+import { ref } from "vue";
+import WaitingScreen from "ChillMainAssets/vuejs/_components/WaitingScreen.vue";
+import { WaitingScreenState } from "ChillMainAssets/types";
+import {
+    trans,
+    WORKFLOW_WAIT_TITLE,
+    WORKFLOW_WAIT_ERROR_WHILE_WAITING,
+    WORKFLOW_WAIT_SUCCESS,
+} from "translator";
+
+interface WaitPostProcessWorkflowComponentProps {
+    workflowId: number;
+    expectedStep: string;
+}
+
+const props = defineProps<WaitPostProcessWorkflowComponentProps>();
+const counter = ref<number>(0);
+const MAX_TRYIES = 50;
+
+const state = ref<WaitingScreenState>("pending");
+
+const { pause, resume } = useIntervalFn(
+    async () => {
+        try {
+            const workflow = await fetchWorkflow(props.workflowId);
+            counter.value++;
+            if (workflow.currentStep.currentStep.name === props.expectedStep) {
+                window.location.assign(
+                    returnPathOr("/fr/main/workflow" + workflow.id + "/show"),
+                );
+                resume();
+                state.value = "ready";
+            }
+
+            if (counter.value > MAX_TRYIES) {
+                pause();
+                state.value = "failure";
+            }
+        } catch (error) {
+            console.error(error);
+            pause();
+        }
+    },
+    2000,
+    { immediate: true },
+);
+</script>
+
+<template>
+    <div class="container">
+        <WaitingScreen :state="state">
+            <template v-slot:pending>
+                <p>
+                    {{ trans(WORKFLOW_WAIT_TITLE) }}
+                </p>
+            </template>
+            <template v-slot:failure>
+                <p>
+                    {{ trans(WORKFLOW_WAIT_ERROR_WHILE_WAITING) }}
+                </p>
+            </template>
+            <template v-slot:ready>
+                <p>
+                    {{ trans(WORKFLOW_WAIT_SUCCESS) }}
+                </p>
+            </template>
+        </WaitingScreen>
+    </div>
+</template>
+
+<style scoped lang="scss"></style>

src/Bundle/ChillMainBundle/Resources/public/vuejs/WaitPostProcessWorkflow/index.ts

@@ -0,0 +1,51 @@
+import { createApp } from "vue";
+import App from "./App.vue";
+
+function mountApp(): void {
+    const el = document.querySelector<HTMLDivElement>(".screen-wait");
+    if (!el) {
+        console.error(
+            "WaitPostProcessWorkflow: mount element .screen-wait not found",
+        );
+        return;
+    }
+
+    const workflowIdAttr = el.getAttribute("data-workflow-id");
+    const expectedStep = el.getAttribute("data-expected-step") || "";
+
+    if (!workflowIdAttr) {
+        console.error(
+            "WaitPostProcessWorkflow: data-workflow-id attribute missing on mount element",
+        );
+        return;
+    }
+
+    if (!expectedStep) {
+        console.error(
+            "WaitPostProcessWorkflow: data-expected-step attribute missing on mount element",
+        );
+        return;
+    }
+
+    const workflowId = Number(workflowIdAttr);
+    if (Number.isNaN(workflowId)) {
+        console.error(
+            "WaitPostProcessWorkflow: data-workflow-id is not a valid number:",
+            workflowIdAttr,
+        );
+        return;
+    }
+
+    const app = createApp(App, {
+        workflowId,
+        expectedStep,
+    });
+
+    app.mount(el);
+}
+
+if (document.readyState === "loading") {
+    document.addEventListener("DOMContentLoaded", mountApp);
+} else {
+    mountApp();
+}

src/Bundle/ChillMainBundle/Resources/public/vuejs/WorkflowAttachment/App.vue

@@ -1,10 +1,11 @@
 <script setup lang="ts">
-import { computed, useTemplateRef } from "vue";
-import type { WorkflowAttachment } from "ChillMainAssets/types";
+import { computed, onMounted, ref, useTemplateRef } from "vue";
+import type { EntityWorkflow, WorkflowAttachment } from "ChillMainAssets/types";
 import PickGenericDocModal from "ChillMainAssets/vuejs/WorkflowAttachment/Component/PickGenericDocModal.vue";
 import { GenericDocForAccompanyingPeriod } from "ChillDocStoreAssets/types/generic_doc";
 import AttachmentList from "ChillMainAssets/vuejs/WorkflowAttachment/Component/AttachmentList.vue";
 import { GenericDoc } from "ChillDocStoreAssets/types";
+import { fetchWorkflow } from "ChillMainAssets/lib/workflow/api";
 
 interface AppConfig {
     workflowId: number;
@@ -34,6 +35,13 @@ const attachedGenericDoc = computed<GenericDocForAccompanyingPeriod[]>(
             ) as GenericDocForAccompanyingPeriod[],
 );
 
+const workflow = ref<EntityWorkflow | null>(null);
+
+onMounted(async () => {
+    workflow.value = await fetchWorkflow(Number(props.workflowId));
+    console.log("workflow", workflow.value);
+});
+
 const openModal = function () {
     pickDocModal.value?.openModal();
 };
@@ -49,20 +57,30 @@ const onPickGenericDoc = ({
 const onRemoveAttachment = (payload: { attachment: WorkflowAttachment }) => {
     emit("removeAttachment", payload);
 };
+
+const canEditAttachement = computed<boolean>(() => {
+    if (null === workflow.value) {
+        return false;
+    }
+
+    return workflow.value._permissions.CHILL_MAIN_WORKFLOW_ATTACHMENT_EDIT;
+});
 </script>
 
 <template>
     <pick-generic-doc-modal
+        :workflow="workflow"
         :accompanying-period-id="props.accompanyingPeriodId"
         :to-remove="attachedGenericDoc"
         ref="pickDocModal"
         @pickGenericDoc="onPickGenericDoc"
     ></pick-generic-doc-modal>
     <attachment-list
+        :workflow="workflow"
         :attachments="props.attachments"
         @removeAttachment="onRemoveAttachment"
     ></attachment-list>
-    <ul class="record_actions">
+    <ul v-if="canEditAttachement" class="record_actions">
         <li>
             <button type="button" class="btn btn-create" @click="openModal">
                 Ajouter une pièce jointe

src/Bundle/ChillMainBundle/Resources/public/vuejs/WorkflowAttachment/Component/AttachmentList.vue

@@ -1,10 +1,11 @@
 <script setup lang="ts">
-import { WorkflowAttachment } from "ChillMainAssets/types";
+import { EntityWorkflow, WorkflowAttachment } from "ChillMainAssets/types";
 import GenericDocItemBox from "ChillMainAssets/vuejs/WorkflowAttachment/Component/GenericDocItemBox.vue";
 import DocumentActionButtonsGroup from "ChillDocStoreAssets/vuejs/DocumentActionButtonsGroup.vue";
 
 interface AttachmentListProps {
     attachments: WorkflowAttachment[];
+    workflow: EntityWorkflow | null;
 }
 
 const emit = defineEmits<{
@@ -36,7 +37,12 @@ const props = defineProps<AttachmentListProps>();
                             :stored-object="a.genericDoc.storedObject"
                         ></document-action-buttons-group>
                     </li>
-                    <li>
+                    <li
+                        v-if="
+                            !workflow?._permissions
+                                .CHILL_MAIN_WORKFLOW_ATTACHMENT_EDIT
+                        "
+                    >
                         <button
                             type="button"
                             class="btn btn-delete"

src/Bundle/ChillMainBundle/Resources/public/vuejs/WorkflowAttachment/Component/PickGenericDoc.vue

@@ -6,8 +6,10 @@ import {
 import PickGenericDocItem from "ChillMainAssets/vuejs/WorkflowAttachment/Component/PickGenericDocItem.vue";
 import { fetch_generic_docs_by_accompanying_period } from "ChillDocStoreAssets/js/generic-doc-api";
 import { computed, onMounted, ref } from "vue";
+import { EntityWorkflow } from "ChillMainAssets/types";
 
 interface PickGenericDocProps {
+    workflow: EntityWorkflow | null;
     accompanyingPeriodId: number;
     pickedList: GenericDocForAccompanyingPeriod[];
     toRemove: GenericDocForAccompanyingPeriod[];
@@ -36,9 +38,21 @@ const isPicked = (genericDoc: GenericDocForAccompanyingPeriod): boolean =>
     ) !== -1;
 
 onMounted(async () => {
-    genericDocs.value = await fetch_generic_docs_by_accompanying_period(
+    const fetchedGenericDocs = await fetch_generic_docs_by_accompanying_period(
         props.accompanyingPeriodId,
     );
+    const documentClasses = [
+        "Chill\\DocStoreBundle\\Entity\\AccompanyingCourseDocument",
+        "Chill\\PersonBundle\\Entity\\AccompanyingPeriod\\AccompanyingPeriodWorkEvaluationDocument",
+        "Chill\\DocStoreBundle\\Entity\\PersonDocument",
+    ];
+
+    genericDocs.value = fetchedGenericDocs.filter(
+        (doc) =>
+            !documentClasses.includes(
+                props.workflow?.relatedEntityClass || "",
+            ) || props.workflow?.relatedEntityId !== doc.identifiers.id,
+    );
     loaded.value = true;
 });
 

src/Bundle/ChillMainBundle/Resources/public/vuejs/WorkflowAttachment/Component/PickGenericDocModal.vue

@@ -3,8 +3,10 @@ import Modal from "ChillMainAssets/vuejs/_components/Modal.vue";
 import { computed, ref, useTemplateRef } from "vue";
 import PickGenericDoc from "ChillMainAssets/vuejs/WorkflowAttachment/Component/PickGenericDoc.vue";
 import { GenericDocForAccompanyingPeriod } from "ChillDocStoreAssets/types/generic_doc";
+import { EntityWorkflow } from "ChillMainAssets/types";
 
 interface PickGenericDocModalProps {
+    workflow: EntityWorkflow | null;
     accompanyingPeriodId: number;
     toRemove: GenericDocForAccompanyingPeriod[];
 }
@@ -80,6 +82,7 @@ defineExpose({ openModal, closeModal });
         </template>
         <template v-slot:body>
             <pick-generic-doc
+                :workflow="props.workflow"
                 :accompanying-period-id="props.accompanyingPeriodId"
                 :to-remove="props.toRemove"
                 :picked-list="pickeds"

src/Bundle/ChillMainBundle/Resources/public/vuejs/_components/Modal.vue

@@ -84,6 +84,8 @@ const emits = defineEmits<{
 }
 .modal-header .close {
     border-top-right-radius: 0.3rem;
+    margin-right: 0;
+    margin-left: auto;
 }
 /*
    * The following styles are auto-applied to elements with

src/Bundle/ChillMainBundle/Resources/public/vuejs/_components/WaitingScreen.vue

@@ -0,0 +1,62 @@
+<script setup lang="ts">
+import { WaitingScreenState } from "ChillMainAssets/types";
+
+interface Props {
+    state: WaitingScreenState;
+}
+
+const props = defineProps<Props>();
+</script>
+
+<template>
+    <div id="waiting-screen">
+        <div
+            v-if="props.state === 'pending' && !!$slots.pending"
+            class="alert alert-danger text-center"
+        >
+            <div>
+                <slot name="pending"></slot>
+            </div>
+
+            <div>
+                <i class="fa fa-cog fa-spin fa-3x fa-fw"></i>
+                <span class="sr-only">Loading...</span>
+            </div>
+        </div>
+
+        <div
+            v-if="props.state === 'stopped' && !!$slots.stopped"
+            class="alert alert-info"
+        >
+            <div>
+                <slot name="stopped"></slot>
+            </div>
+        </div>
+
+        <div
+            v-if="props.state === 'failure' && !!$slots.failure"
+            class="alert alert-danger text-center"
+        >
+            <div>
+                <slot name="failure"></slot>
+            </div>
+        </div>
+
+        <div
+            v-if="props.state === 'ready' && !!$slots.ready"
+            class="alert alert-success text-center"
+        >
+            <div>
+                <slot name="ready"></slot>
+            </div>
+        </div>
+    </div>
+</template>
+
+<style scoped lang="scss">
+#waiting-screen {
+    > .alert {
+        min-height: 350px;
+    }
+}
+</style>

src/Bundle/ChillMainBundle/Resources/views/CRUD/_view_content.html.twig

@@ -44,17 +44,7 @@
                 {% endif %}
                 {% endif %}
             {% endblock content_view_actions_duplicate_link %}
-            {% block content_view_actions_merge %}
-                <li>
-                    <a href="{{ chill_path_add_return_path('chill_thirdparty_find_duplicate',
-                        { 'thirdparty_id': entity.id }) }}"
-                       title="{{ 'Merge'|trans }}"
-                       class="btn btn-misc">
-                        <i class="bi bi-chevron-contract"></i>
-                        {{ 'Merge'|trans }}
-                    </a>
-                </li>
-            {% endblock %}
+            {% block content_view_actions_merge %}{% endblock %}
             {% block content_view_actions_edit_link %}
                 {% if chill_crud_action_exists(crud_name, 'edit') %}
                 {% if is_granted(chill_crud_config('role', crud_name, 'edit'), entity) %}

src/Bundle/ChillMainBundle/Resources/views/Export/new_centers_step.html.twig

@@ -63,8 +63,7 @@
 
     <script>
         const uncheckAll = () => {
-            const allCenters = document.getElementsByName('centers[center][]');
-
+            const allCenters = document.getElementsByName('centers[centers][]');
             allCenters.forEach(checkbox => checkbox.checked = false)
         }
     </script>

src/Bundle/ChillMainBundle/Resources/views/Form/fields.html.twig

@@ -280,11 +280,17 @@
     </div>
 {% endblock %}
 
-{% block pick_linked_entities_widget %}
-    <input type="hidden" {{ block('widget_attributes') }} {% if value is not empty %}value="{{ value|escape('html_attr') }}" {% endif %} data-input-uniqid="{{ form.vars['uniqid'] }}" />
-    <div data-input-uniqid="{{ form.vars['uniqid'] }}" data-module="pick-linked-entities" data-pick-entities-type="{{ form.vars['pick-entities-type'] }}"
-    ></div>
 
+{% block pick_linked_entities_widget %}
+    <input type="hidden" {{ block('widget_attributes') }}
+        {% if value is not empty %}value="{{ value|escape('html_attr') }}" {% endif %}
+       data-input-uniqid="{{ form.vars['uniqid'] }}"/>
+    <div
+        data-input-uniqid="{{ form.vars['uniqid'] }}"
+        data-module="pick-linked-entities"
+        data-pick-entities-type="{{ form.vars['pick-entities-type'] }}"
+         data-suggested="{{ form.vars['suggested']|json_encode|escape('html_attr') }}"
+    ></div>
 {% endblock %}
 
 {% block pick_postal_code_widget %}

src/Bundle/ChillMainBundle/Resources/views/Layout/_header_logo_only.html.twig

@@ -0,0 +1,13 @@
+<header>
+    <nav class="navbar navbar-dark bg-primary navbar-expand-md">
+        <div class="container-xxl">
+
+            <div class="col-12">
+                <a class="navbar-brand" href="{{ path('chill_main_homepage') }}">
+                    {{ include('@ChillMain/Layout/_header-logo.html.twig') }}
+                </a>
+            </div>
+
+        </div>
+    </nav>
+</header>

src/Bundle/ChillMainBundle/Resources/views/Menu/absence.html.twig

@@ -8,36 +8,36 @@
 
     <div class="col-md-10">
         <h2>{{ 'absence.My absence'|trans }}</h2>
+        <div>
+            {% if user.absenceStart is not null %}
+                <div class="alert alert-success flash_message">{{ 'absence.You are listed as absent, as of {date, date, short}'|trans({
+                        date: user.absenceStart
+                    }) }}
+                    {% if user.absenceEnd is not null %}
+                   {{ 'until %date%'|trans({'%date%': user.absenceEnd|format_date('short') }) }}
+                {% endif %}
+                </div>
+            {% else %}
+                <div class="alert alert-warning flash_message">{{ 'absence.No absence listed'|trans }}</div>
+            {% endif %}
+        </div>
+        <div>
+            {{ form_start(form) }}
+            {{ form_row(form.absenceStart) }}
+            {{ form_row(form.absenceEnd) }}
 
-        {% if user.absenceStart is not null %}
-            <div>
-                <p>{{ 'absence.You are listed as absent, as of'|trans }} {{ user.absenceStart|format_date('long') }}</p>
-                <ul class="record_actions sticky-form-buttons">
-                    <li>
-                        <a href="{{ path('chill_main_user_absence_unset') }}"
-                           class="btn btn-delete">{{ 'absence.Unset absence'|trans }}</a>
-                    </li>
-                </ul>
-            </div>
-        {% else %}
-            <div>
-                <p class="chill-no-data-statement">{{ 'absence.No absence listed'|trans }}</p>
-            </div>
-            <div>
-                {{ form_start(form) }}
-                {{ form_row(form.absenceStart) }}
-
-                <ul class="record_actions sticky-form-buttons">
-                    <li>
-                        <button class="btn btn-save" type="submit">
-                            {{ 'Save'|trans }}
-                        </button>
-                    </li>
-                </ul>
-
-                {{ form_end(form) }}
-            </div>
-        {% endif %}
+            <ul class="record_actions sticky-form-buttons">
+                <li>
+                    <a class="btn btn-delete" title="Modifier" href="{{ path('chill_main_user_absence_unset') }}">{{ 'absence.Unset absence'|trans }}</a>
+                </li>
+                <li>
+                    <button class="btn btn-save" type="submit">
+                        {{ 'Save'|trans }}
+                    </button>
+                </li>
+            </ul>
+            {{ form_end(form) }}
+        </div>
     </div>
 
 {% endblock %}

src/Bundle/ChillMainBundle/Resources/views/Menu/quick_menu.html.twig

@@ -5,7 +5,7 @@
         role="button"
         data-bs-toggle="dropdown"
         aria-expanded="false">
-        <i class="fa fa-flash"></i>
+        <i class="bi bi-lightning-fill"></i>
     </a>
     <div class="dropdown-menu">
         {% for menu in menus %}

src/Bundle/ChillMainBundle/Resources/views/Menu/user.html.twig

@@ -26,11 +26,12 @@
 
         {{ 'Welcome' | trans }}<br/>
 
-        <b>
-            {{ app.user.username }}
-            {{ render(controller('Chill\\MainBundle\\Controller\\UIController::showNotificationUserCounterAction')) }}
-        </b>
-
+        {% if app.user %}
+            <b>
+                {{ app.user.username }}
+                {{ render(controller('Chill\\MainBundle\\Controller\\UIController::showNotificationUserCounterAction')) }}
+            </b>
+        {% endif %}
         {% if is_granted('IS_IMPERSONATOR') %}
             <i class="fa fa-wrench fa-lg" title="Impersonate mode"></i>
         {% endif %}

src/Bundle/ChillMainBundle/Resources/views/Password/recover_layout.html.twig

@@ -16,29 +16,16 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 
-<!DOCTYPE html>
-<html>
-    <head>
-        <meta charset="UTF-8" />
-        <title>
-            {{ 'Login to %installation_name%' | trans({ '%installation_name%' : installation.name } ) }}
-        </title>
-        <link rel="shortcut icon" href="{{ asset('build/images/favicon.ico') }}" type="image/x-icon">
-        {{ encore_entry_link_tags('chill') }}
-    </head>
-    <body>
-        <header class="navigation container-fluid">
-            <div class="col-4 d-md-none parent">
-                <div class="col-10 col-md-12 offset-2 logo-container">
-                    <a href="{{ path('chill_main_homepage') }}">
-                        <img class="logo" src="{{ asset('build/images/logo-chill-sans-slogan_white.png') }}">
-                    </a>
-                </div>
-            </div>
-        </header>
+{% extends "@ChillMain/layout.html.twig" %}
 
-        <div id="content">
-            {% block content %}{% endblock %}
-        </div>
-    </body>
-</html>
+{% set header_logo_only = 1 %}
+
+{% block title %}{{ 'Login to %installation_name%' | trans({ '%installation_name%' : installation.name } ) }}{% endblock %}
+
+{% block content %}
+
+    <div id="content">
+        {% block password_content %}{% endblock %}
+    </div>
+
+{% endblock %}

src/Bundle/ChillMainBundle/Resources/views/Password/recover_password_changed.html.twig

@@ -2,7 +2,7 @@
 
 {% block title %}{{ "New password set"|trans }}{% endblock %}
 
-{% block content %}
+{% block password_content %}
     <div class="col-10 centered">
 
         <h1>{{ "New password set"|trans }}</h1>

src/Bundle/ChillMainBundle/Resources/views/Password/recover_password_form.html.twig

@@ -4,7 +4,7 @@
 
 {% block title %}{{ title }}{% endblock %}
 
-{% block content %}
+{% block password_content %}
     <div class="col-10 centered">
 
         <h1>{{ title }}</h1>

src/Bundle/ChillMainBundle/Resources/views/Password/request_recover_password.html.twig

@@ -22,7 +22,7 @@
 
 {% block title %}{{"Recover password"|trans}}{% endblock %}
 
-{% block content %}
+{% block password_content %}
     <div class="col-10 centered">
 
         <h1>{{ 'Recover password'|trans }}</h1>

src/Bundle/ChillMainBundle/Resources/views/Password/request_recover_password_confirm.html.twig

@@ -2,7 +2,7 @@
 
 {% block title "Check your email"|trans %}
 
-{% block content %}
+{% block password_content %}
 
 <div class="col-10 centered">
 

src/Bundle/ChillMainBundle/Resources/views/User/profile.html.twig

@@ -64,7 +64,7 @@
                             {{ form_widget(flag.immediate_email, {'label_attr': { 'class': 'checkbox-inline checkbox-switch'}}) }}
                         </td>
                         <td class="text-center">
-                            {{ form_widget(flag.daily_email, {'label_attr': { 'class': 'checkbox-inline checkbox-switch'}}) }}
+                            {{ form_widget(flag.daily_digest, {'label_attr': { 'class': 'checkbox-inline checkbox-switch'}}) }}
                         </td>
                     </tr>
                 {% endfor %}

src/Bundle/ChillMainBundle/Resources/views/Workflow/index.html.twig

@@ -58,12 +58,14 @@
         {% endif %}
     </section>
 
+    {% if signatures|length > 0 %}
+    <section class="step my-4">{% include '@ChillMain/Workflow/_signature.html.twig' %}</section>
+    {% endif %}
+
     <section class="step my-4">{% include '@ChillMain/Workflow/_attachment.html.twig' %}</section>
 
     <section class="step my-4">{% include '@ChillMain/Workflow/_follow.html.twig' %}</section>
-    {% if signatures|length > 0 %}
-        <section class="step my-4">{% include '@ChillMain/Workflow/_signature.html.twig' %}</section>
-    {% elseif entity_workflow.currentStep.sends|length > 0 %}
+    {% if entity_workflow.currentStep.sends|length > 0 %}
         <section class="step my-4">
             <h2>{{ 'workflow.external_views.title'|trans({'numberOfSends': entity_workflow.currentStep.sends|length }) }}</h2>
             {% include '@ChillMain/Workflow/_send_views_list.html.twig' with {'sends': entity_workflow.currentStep.sends} %}

src/Bundle/ChillMainBundle/Resources/views/Workflow/waiting.html.twig

@@ -0,0 +1,18 @@
+{% extends '@ChillMain/layout.html.twig' %}
+
+{% block title %}{{ 'workflow.signature.waiting_for'|trans }}{% endblock %}
+
+{% block css %}
+    {{ encore_entry_link_tags('page_workflow_waiting_post_process') }}
+{% endblock %}
+
+{% block js %}
+    {{ encore_entry_script_tags('page_workflow_waiting_post_process') }}
+{% endblock %}
+
+{% block content %}
+    <h1>{{ block('title') }}</h1>
+
+    <div class="screen-wait" data-workflow-id="{{ workflow.id|e('html_attr') }}" data-expected-step="{{ expectedStep|e('html_attr') }}"></div>
+
+{% endblock %}

src/Bundle/ChillMainBundle/Resources/views/layout.html.twig

@@ -30,7 +30,11 @@
         {{ include('@ChillMain/Layout/_debug.html.twig') }}
     {% endif %}
 
-    {{ include('@ChillMain/Layout/_header.html.twig') }}
+    {% if header_logo_only is defined and header_logo_only == 1 %}
+        {{ include('@ChillMain/Layout/_header_logo_only.html.twig') }}
+    {% else %}
+        {{ include('@ChillMain/Layout/_header.html.twig') }}
+    {% endif %}
 
     {% block top_banner %}{#
         To use if you want to add a banner below the header (ie the menu)
@@ -75,7 +79,7 @@
                             <div class="d-flex flex-row mb-5 alert alert-warning" role="alert">
                                 <p class="m-2">{{'absence.You are marked as being absent'|trans }}</p>
                                 <span class="ms-auto">
-                                    <a class="btn btn-remove" title="Modifier" href="{{ path('chill_main_user_absence_index') }}">{{ 'absence.Unset absence'|trans }}</a>
+                                    <a class="btn btn-delete" title="Modifier" href="{{ path('chill_main_user_absence_unset') }}">{{ 'absence.Unset absence'|trans }}</a>
                                 </span>
                             </div>
                         {% endif %}

src/Bundle/ChillMainBundle/Security/Authorization/EntityWorkflowAttachmentVoter.php

@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Security\Authorization;
+
+use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Workflow\Registry;
+
+final class EntityWorkflowAttachmentVoter extends Voter
+{
+    public function __construct(
+        private readonly Registry $registry,
+    ) {}
+    public const EDIT = 'CHILL_MAIN_WORKFLOW_ATTACHMENT_EDIT';
+
+    protected function supports(string $attribute, $subject): bool
+    {
+        return $subject instanceof EntityWorkflow && self::EDIT === $attribute;
+    }
+
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    {
+        if (!$subject instanceof EntityWorkflow) {
+            throw new \UnexpectedValueException('Subject must be an instance of EntityWorkflow');
+        }
+
+        if ($subject->isFinal()) {
+            return false;
+        }
+
+        $workflow = $this->registry->get($subject, $subject->getWorkflowName());
+
+        $marking = $workflow->getMarking($subject);
+        foreach ($marking->getPlaces() as $place => $int) {
+            $placeMetadata = $workflow->getMetadataStore()->getPlaceMetadata($place);
+            if ($placeMetadata['isSentExternal'] ?? false) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}

src/Bundle/ChillMainBundle/Security/RoleDumper.php

@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Security;
+
+use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+final readonly class RoleDumper
+{
+    public function __construct(
+        private RoleProvider $roleProvider,
+        private RoleHierarchyInterface $roleHierarchy,
+        private TranslatorInterface $translator,
+    ) {}
+
+    public function dumpAsMarkdown(): string
+    {
+        $roles = $this->roleProvider->getRoles();
+        $rolesWithoutScopes = $this->roleProvider->getRolesWithoutScopes();
+
+        // Group roles by title
+        $groups = [];
+        foreach ($roles as $role) {
+            $title = $this->roleProvider->getRoleTitle($role);
+            $title ??= 'Other';
+            $groups[$title][] = $role;
+        }
+
+        // Sort groups by title
+        ksort($groups, SORT_NATURAL | SORT_FLAG_CASE);
+
+        $lines = [];
+        foreach ($groups as $title => $roleList) {
+            // Sort roles by translated label for deterministic output
+            usort($roleList, function (string $a, string $b): int {
+                $ta = $this->translator->trans($a);
+                $tb = $this->translator->trans($b);
+
+                return strcasecmp($ta, $tb);
+            });
+
+            $translatedTitle = $this->translator->trans($title);
+            $lines[] = '## '.$translatedTitle;
+
+            foreach ($roleList as $role) {
+                // Translate primary role
+                $translatedRole = $this->translator->trans($role);
+
+                // Scope marker: (S) if needs scope, (~~S~~) if no scope required
+                $needsScope = !in_array($role, $rolesWithoutScopes, true);
+                $scopeMarker = $needsScope ? '(S)' : '(~~S~~)';
+
+                // Compute dependent roles from hierarchy (exclude itself)
+                $reachable = $this->roleHierarchy->getReachableRoleNames([$role]);
+                $dependents = array_values(array_filter($reachable, static fn (string $r): bool => $r !== $role));
+
+                // Translate dependents and sort deterministically
+                $translatedDependents = array_map(fn (string $r) => $this->translator->trans($r), $dependents);
+                sort($translatedDependents, SORT_NATURAL | SORT_FLAG_CASE);
+
+                if (count($translatedDependents) > 0) {
+                    $lines[] = sprintf('- **%s** %s: %s', $translatedRole, $scopeMarker, implode(', ', $translatedDependents));
+                } else {
+                    $lines[] = sprintf('- **%s** %s', $translatedRole, $scopeMarker);
+                }
+            }
+
+            // Add a blank line between groups
+            $lines[] = '';
+        }
+
+        // Trim possible trailing blank line
+        $markdown = rtrim(implode("\n", $lines));
+
+        return $markdown."\n"; // End with newline for POSIX friendliness
+    }
+}

src/Bundle/ChillMainBundle/Security/RoleProvider.php

@@ -52,12 +52,8 @@ class RoleProvider
 
     /**
      * Get the title for each role.
-     *
-     * @param string $role
-     *
-     * @return string the title of the role
      */
-    public function getRoleTitle($role)
+    public function getRoleTitle(string $role): ?string
     {
         $this->initializeRolesTitlesCache();
 
@@ -73,7 +69,7 @@ class RoleProvider
     /**
      * initialize the array for caching role and titles.
      */
-    private function initializeRolesTitlesCache()
+    private function initializeRolesTitlesCache(): void
     {
         // break if already initialized
         if (null !== $this->rolesTitlesCache) {

src/Bundle/ChillMainBundle/Serializer/Normalizer/EntityWorkflowNormalizer.php

@@ -12,18 +12,25 @@ declare(strict_types=1);
 namespace Chill\MainBundle\Serializer\Normalizer;
 
 use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
+use Chill\MainBundle\Security\Authorization\EntityWorkflowAttachmentVoter;
 use Chill\MainBundle\Workflow\EntityWorkflowManager;
 use Chill\MainBundle\Workflow\Helper\MetadataExtractor;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Serializer\Normalizer\NormalizerAwareInterface;
 use Symfony\Component\Serializer\Normalizer\NormalizerAwareTrait;
 use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
 use Symfony\Component\Workflow\Registry;
 
-class EntityWorkflowNormalizer implements NormalizerInterface, NormalizerAwareInterface
+final class EntityWorkflowNormalizer implements NormalizerInterface, NormalizerAwareInterface
 {
     use NormalizerAwareTrait;
 
-    public function __construct(private readonly EntityWorkflowManager $entityWorkflowManager, private readonly MetadataExtractor $metadataExtractor, private readonly Registry $registry) {}
+    public function __construct(
+        private readonly EntityWorkflowManager $entityWorkflowManager,
+        private readonly MetadataExtractor $metadataExtractor,
+        private readonly Registry $registry,
+        private readonly Security $security,
+    ) {}
 
     /**
      * @param EntityWorkflow $object
@@ -46,6 +53,9 @@ class EntityWorkflowNormalizer implements NormalizerInterface, NormalizerAwareIn
             'datas' => $this->normalizer->normalize($handler->getEntityData($object), $format, $context),
             'title' => $handler->getEntityTitle($object),
             'isOnHoldAtCurrentStep' => $object->isOnHoldAtCurrentStep(),
+            '_permissions' => [
+                EntityWorkflowAttachmentVoter::EDIT => $this->security->isGranted(EntityWorkflowAttachmentVoter::EDIT, $object),
+            ],
         ];
     }
 

src/Bundle/ChillMainBundle/Serializer/Normalizer/UserNormalizer.php

@@ -39,6 +39,8 @@ class UserNormalizer implements ContextAwareNormalizerInterface, NormalizerAware
         'label' => '',
         'email' => '',
         'isAbsent' => false,
+        'absenceStart' => null,
+        'absenceEnd' => null,
     ];
 
     public function __construct(private readonly UserRender $userRender, private readonly ClockInterface $clock) {}
@@ -77,6 +79,11 @@ class UserNormalizer implements ContextAwareNormalizerInterface, NormalizerAware
             ['docgen:expects' => PhoneNumber::class, 'groups' => 'docgen:read']
         );
 
+        $absenceDatesContext = array_merge(
+            $context,
+            ['docgen:expects' => \DateTimeImmutable::class, 'groups' => 'docgen:read']
+        );
+
         if (null === $object && 'docgen' === $format) {
             return [...self::NULL_USER, 'phonenumber' => $this->normalizer->normalize(null, $format, $phonenumberContext), 'civility' => $this->normalizer->normalize(null, $format, $civilityContext), 'user_job' => $this->normalizer->normalize(null, $format, $userJobContext), 'main_center' => $this->normalizer->normalize(null, $format, $centerContext), 'main_scope' => $this->normalizer->normalize(null, $format, $scopeContext), 'current_location' => $this->normalizer->normalize(null, $format, $locationContext), 'main_location' => $this->normalizer->normalize(null, $format, $locationContext)];
         }
@@ -99,6 +106,8 @@ class UserNormalizer implements ContextAwareNormalizerInterface, NormalizerAware
             'main_center' => $this->normalizer->normalize($object->getMainCenter(), $format, $centerContext),
             'main_scope' => $this->normalizer->normalize($object->getMainScope($at), $format, $scopeContext),
             'isAbsent' => $object->isAbsent(),
+            'absenceStart' => $this->normalizer->normalize($object->getAbsenceStart(), $format, $absenceDatesContext),
+            'absenceEnd' => $this->normalizer->normalize($object->getAbsenceEnd(), $format, $absenceDatesContext),
         ];
 
         if ('docgen' === $format) {

src/Bundle/ChillMainBundle/Tests/Action/User/UpdateProfile/UpdateProfileCommandHandlerTest.php

@@ -0,0 +1,85 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Action\User\UpdateProfile;
+
+use Chill\MainBundle\Action\User\UpdateProfile\UpdateProfileCommand;
+use Chill\MainBundle\Action\User\UpdateProfile\UpdateProfileCommandHandler;
+use Chill\MainBundle\Entity\User;
+use libphonenumber\PhoneNumber;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
+final class UpdateProfileCommandHandlerTest extends TestCase
+{
+    public function testUpdateProfileWithNullPhoneAndFlags(): void
+    {
+        $user = new User();
+
+        // Pre-set some flags to opposite values to check they are updated
+        $flag = 'tickets';
+        $user->setNotificationImmediately($flag, true);
+        $user->setNotificationDailyDigest($flag, true);
+
+        $command = new UpdateProfileCommand(null);
+        $command->notificationFlags = [
+            $flag => [
+                'immediate_email' => false,
+                'daily_digest' => false,
+            ],
+        ];
+
+        (new UpdateProfileCommandHandler())->updateProfile($user, $command);
+
+        self::assertNull($user->getPhonenumber(), 'Phone should be set to null');
+        self::assertFalse($user->isNotificationSendImmediately($flag));
+        self::assertFalse($user->isNotificationDailyDigest($flag));
+    }
+
+    public function testUpdateProfileWithPhoneAndMultipleFlags(): void
+    {
+        $user = new User();
+
+        $phone = new PhoneNumber();
+        $phone->setCountryCode(33); // France
+        $phone->setNationalNumber(612345678);
+
+        $command = new UpdateProfileCommand($phone);
+        $command->notificationFlags = [
+            'reports' => [
+                'immediate_email' => true,
+                'daily_digest' => false,
+            ],
+            'activities' => [
+                'immediate_email' => false,
+                'daily_digest' => true,
+            ],
+        ];
+
+        (new UpdateProfileCommandHandler())->updateProfile($user, $command);
+
+        // Phone assigned
+        self::assertInstanceOf(PhoneNumber::class, $user->getPhonenumber());
+        self::assertSame(33, $user->getPhonenumber()->getCountryCode());
+        self::assertSame('612345678', (string) $user->getPhonenumber()->getNationalNumber());
+
+        // Flags applied
+        self::assertTrue($user->isNotificationSendImmediately('reports'));
+        self::assertFalse($user->isNotificationDailyDigest('reports'));
+
+        self::assertFalse($user->isNotificationSendImmediately('activities'));
+        self::assertTrue($user->isNotificationDailyDigest('activities'));
+    }
+}

src/Bundle/ChillMainBundle/Tests/Action/User/UpdateProfile/UpdateProfileCommandTest.php

@@ -0,0 +1,103 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Action\User\UpdateProfile;
+
+use Chill\MainBundle\Action\User\UpdateProfile\UpdateProfileCommand;
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Notification\FlagProviders\NotificationFlagProviderInterface;
+use Chill\MainBundle\Notification\NotificationFlagManager;
+use libphonenumber\PhoneNumber;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Translation\TranslatableMessage;
+
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
+final class UpdateProfileCommandTest extends TestCase
+{
+    public function testCreateTransfersPhonenumberAndNotificationFlags(): void
+    {
+        $user = new User();
+
+        // set a phone number
+        $phone = new PhoneNumber();
+        $phone->setCountryCode(32); // Belgium
+        $phone->setNationalNumber(471234567);
+        $user->setPhonenumber($phone);
+
+        // configure notification flags on the user via helpers
+        $flagA = 'foo';
+        $flagB = 'bar';
+
+        // For tickets: immediate true, daily false
+        $user->setNotificationImmediately($flagA, true);
+        $user->setNotificationDailyDigest($flagA, false);
+
+        // For reports: immediate false, daily true
+        $user->setNotificationImmediately($flagB, false);
+        $user->setNotificationDailyDigest($flagB, true);
+
+        // a third flag not explicitly set to validate default behavior from User
+        $flagC = 'foobar'; // by default immediate-email is true, daily-digest is false per User::getNotificationFlagData
+
+        $manager = $this->createNotificationFlagManager([$flagA, $flagB, $flagC]);
+
+        $command = UpdateProfileCommand::create($user, $manager);
+
+        // phone number transferred
+        self::assertInstanceOf(PhoneNumber::class, $command->phonenumber);
+        self::assertSame($phone->getCountryCode(), $command->phonenumber->getCountryCode());
+        self::assertSame($phone->getNationalNumber(), $command->phonenumber->getNationalNumber());
+
+        // flags transferred consistently
+        self::assertArrayHasKey($flagA, $command->notificationFlags);
+        self::assertArrayHasKey($flagB, $command->notificationFlags);
+        self::assertArrayHasKey($flagC, $command->notificationFlags);
+
+        self::assertSame([
+            'immediate_email' => true,
+            'daily_digest' => false,
+        ], $command->notificationFlags[$flagA]);
+
+        self::assertSame([
+            'immediate_email' => false,
+            'daily_digest' => true,
+        ], $command->notificationFlags[$flagB]);
+
+        // default from User::getNotificationFlagData -> immediate true, daily false
+        self::assertSame([
+            'immediate_email' => true,
+            'daily_digest' => false,
+        ], $command->notificationFlags[$flagC]);
+    }
+
+    private function createNotificationFlagManager(array $flags): NotificationFlagManager
+    {
+        $providers = array_map(fn (string $flag) => new class ($flag) implements NotificationFlagProviderInterface {
+            public function __construct(private readonly string $flag) {}
+
+            public function getFlag(): string
+            {
+                return $this->flag;
+            }
+
+            public function getLabel(): TranslatableMessage
+            {
+                return new TranslatableMessage($this->flag);
+            }
+        }, $flags);
+
+        return new NotificationFlagManager($providers);
+    }
+}

src/Bundle/ChillMainBundle/Tests/Controller/UserControllerTest.php

@@ -45,7 +45,7 @@ final class UserControllerTest extends WebTestCase
         self::assertResponseIsSuccessful();
 
         $username = 'Test_user'.uniqid();
-        $password = 'Password1234!';
+        $password = 'Password_1234!';
 
         // Fill in the form and submit it
 
@@ -99,7 +99,7 @@ final class UserControllerTest extends WebTestCase
     {
         $client = $this->getClientAuthenticatedAsAdmin();
         $crawler = $client->request('GET', "/fr/admin/user/{$userId}/edit_password");
-        $newPassword = '1234Password!';
+        $newPassword = '1234_Password!';
 
         $form = $crawler->selectButton('Changer le mot de passe')->form([
             'chill_mainbundle_user_password[new_password][first]' => $newPassword,

src/Bundle/ChillMainBundle/Tests/Entity/NotificationTest.php

@@ -96,11 +96,13 @@ final class NotificationTest extends KernelTestCase
         $this->assertTrue($user->isNotificationSendImmediately($notification->getType()), 'Should return true when no notification flags are set, by default immediate email');
 
         // immediate-email preference
-        $user->setNotificationFlags(['test_notification_type' => [User::NOTIF_FLAG_IMMEDIATE_EMAIL, User::NOTIF_FLAG_DAILY_DIGEST]]);
+        $user->setNotificationImmediately('test_notification_type', true);
+        $user->setNotificationDailyDigest('test_notification_type', true);
         $this->assertTrue($user->isNotificationSendImmediately($notification->getType()), 'Should return true when preferences contain immediate-email');
 
         // daily-email preference
-        $user->setNotificationFlags(['test_notification_type' => [User::NOTIF_FLAG_DAILY_DIGEST]]);
+        $user->setNotificationDailyDigest('test_notification_type', true);
+        $user->setNotificationImmediately('test_notification_type', false);
         $this->assertFalse($user->isNotificationSendImmediately($notification->getType()), 'Should return false when preference is daily-email only');
         $this->assertTrue($user->isNotificationDailyDigest($notification->getType()), 'Should return true when preference is daily-email');
 

src/Bundle/ChillMainBundle/Tests/Entity/UserNotificationFlagsPersistenceTest.php

@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Tests\Entity;
+
+use Chill\MainBundle\Entity\User;
+use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
+
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
+class UserNotificationFlagsPersistenceTest extends KernelTestCase
+{
+    public function testFlushPersistsNotificationFlagsChanges(): void
+    {
+        self::bootKernel();
+        $em = self::getContainer()->get('doctrine')->getManager();
+
+        $user = new User();
+        $user->setUsername('user_'.bin2hex(random_bytes(4)));
+        $user->setLabel('Test User');
+        $user->setPassword('secret');
+
+        // Étape 1: créer et persister l’utilisateur
+        $em->persist($user);
+        $em->flush();
+        $id = $user->getId();
+        self::assertNotNull($id, 'User should have an ID after flush');
+
+        try {
+            // Sanity check: par défaut, pas de daily digest pour "alerts"
+            self::assertFalse($user->isNotificationDailyDigest('alerts'));
+
+            // Étape 2: activer le daily digest -> setNotificationFlagElement réassigne la propriété
+            $user->setNotificationDailyDigest('alerts', true);
+            $em->flush(); // persist le changement
+            $em->clear(); // simule un nouveau cycle de requête
+
+            // Étape 3: recharger depuis la base et vérifier la persistance
+            /** @var User $reloaded */
+            $reloaded = $em->find(User::class, $id);
+            self::assertNotNull($reloaded);
+            self::assertTrue(
+                $reloaded->isNotificationDailyDigest('alerts'),
+                'Daily digest flag should be persisted'
+            );
+
+            // Étape 4: modifier via setNotificationFlagData (remplacement du tableau)
+            // Cette méthode doit réassigner la propriété (copie -> réassignation)
+            $reloaded->setNotificationImmediately('alerts', true);
+            $reloaded->setNotificationDailyDigest('alerts', false);
+            $em->flush();
+            $em->clear();
+
+            /** @var User $reloaded2 */
+            $reloaded2 = $em->find(User::class, $id);
+            self::assertNotNull($reloaded2);
+
+            // Le daily digest n’est plus actif, seul immediate-email est présent
+            self::assertFalse($reloaded2->isNotificationDailyDigest('alerts'));
+            self::assertTrue($reloaded2->isNotificationSendImmediately('alerts'));
+        } finally {
+            // Nettoyage
+            $managed = $em->find(User::class, $id);
+            if (null !== $managed) {
+                $em->remove($managed);
+                $em->flush();
+            }
+            $em->clear();
+        }
+    }
+}

src/Bundle/ChillMainBundle/Tests/Entity/UserTest.php

@@ -67,4 +67,54 @@ class UserTest extends TestCase
                 ->first()->getEndDate()
         );
     }
+
+    public function testIsAbsent()
+    {
+        $user = new User();
+
+        // Absent: today is within absence period
+        $absenceStart = new \DateTimeImmutable('-1 day');
+        $absenceEnd = new \DateTimeImmutable('+1 day');
+        $user->setAbsenceStart($absenceStart);
+        $user->setAbsenceEnd($absenceEnd);
+        self::assertTrue($user->isAbsent(), 'Should be absent when now is between start and end');
+
+        // Absent: end is null
+        $user->setAbsenceStart(new \DateTimeImmutable('-2 days'));
+        $user->setAbsenceEnd(null);
+        self::assertTrue($user->isAbsent(), 'Should be absent when started and no end');
+
+        // Not absent: absenceStart is in the future
+        $user->setAbsenceStart(new \DateTimeImmutable('+2 days'));
+        $user->setAbsenceEnd(null);
+        self::assertFalse($user->isAbsent(), 'Should not be absent if start is in the future');
+
+        // Not absent: absenceEnd is in the past
+        $user->setAbsenceStart(new \DateTimeImmutable('-5 days'));
+        $user->setAbsenceEnd(new \DateTimeImmutable('-1 day'));
+        self::assertFalse($user->isAbsent(), 'Should not be absent if end is in the past');
+
+        // Not absent: both are null
+        $user->setAbsenceStart(null);
+        $user->setAbsenceEnd(null);
+        self::assertFalse($user->isAbsent(), 'Should not be absent if start is null');
+    }
+
+    public function testSetNotification(): void
+    {
+        $user = new User();
+
+        self::assertTrue($user->isNotificationSendImmediately('dummy'));
+        self::assertFalse($user->isNotificationDailyDigest('dummy'));
+
+        $user->setNotificationImmediately('dummy', false);
+        self::assertFalse($user->isNotificationSendImmediately('dummy'));
+
+        $user->setNotificationDailyDigest('dummy', true);
+        self::assertTrue($user->isNotificationDailyDigest('dummy'));
+
+        $user->setNotificationImmediately('dummy', true);
+        self::assertTrue($user->isNotificationSendImmediately('dummy'));
+        self::assertTrue($user->isNotificationDailyDigest('dummy'));
+    }
 }

src/Bundle/ChillMainBundle/Tests/Notification/Email/NotificationMailerTest.php

@@ -144,7 +144,7 @@ class NotificationMailerTest extends TestCase
         $idProperty->setValue($user, 456);
 
         // Set notification flags for the user
-        $user->setNotificationFlags(['test_notification_type' => [User::NOTIF_FLAG_IMMEDIATE_EMAIL]]);
+        $user->setNotificationImmediately('test_notification_type', true);
 
         $messageBus = $this->createMock(MessageBusInterface::class);
         $messageBus->expects($this->once())

src/Bundle/ChillMainBundle/Tests/Security/Authorization/EntityWorkflowAttachmentVoterTest.php

@@ -0,0 +1,173 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Tests\Security\Authorization;
+
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
+use Chill\MainBundle\Security\Authorization\EntityWorkflowAttachmentVoter;
+use Chill\MainBundle\Workflow\EntityWorkflowMarkingStore;
+use Chill\MainBundle\Workflow\WorkflowTransitionContextDTO;
+use PHPUnit\Framework\TestCase;
+use Prophecy\PhpUnit\ProphecyTrait;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+use Symfony\Component\Workflow\DefinitionBuilder;
+use Symfony\Component\Workflow\Metadata\InMemoryMetadataStore;
+use Symfony\Component\Workflow\Registry;
+use Symfony\Component\Workflow\SupportStrategy\WorkflowSupportStrategyInterface;
+use Symfony\Component\Workflow\Transition;
+use Symfony\Component\Workflow\Workflow;
+use Symfony\Component\Workflow\WorkflowInterface;
+
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
+class EntityWorkflowAttachmentVoterTest extends TestCase
+{
+    use ProphecyTrait;
+
+    /**
+     * @dataProvider dataVoteOnAttribute
+     */
+    public function testVoteOnAttribute(EntityWorkflow $entityWorkflow, int $expected): void
+    {
+        $voter = new EntityWorkflowAttachmentVoter($this->buildRegistry());
+        $actual = $voter->vote(
+            new UsernamePasswordToken(new User(), 'default'),
+            $entityWorkflow,
+            ['CHILL_MAIN_WORKFLOW_ATTACHMENT_EDIT'],
+        );
+        $this->assertEquals($expected, $actual);
+    }
+
+    public static function dataVoteOnAttribute(): iterable
+    {
+        $entity = new EntityWorkflow();
+        $entity->setWorkflowName('dummy');
+
+        $workflow = static::buildRegistry()->get($entity, 'dummy');
+
+        $dto = new WorkflowTransitionContextDTO($entity);
+        $dto->futureDestUsers[] = new User();
+        $workflow->apply(
+            $entity,
+            'to_final_positive',
+            ['context' => $dto,
+                'byUser' => new User(),
+                'transition' => 'to_final_positive',
+                'transitionAt' => new \DateTimeImmutable()],
+        );
+        // we need to mark manually as final, as the listener is not registered
+        $entity->getCurrentStep()->setIsFinal(true);
+
+        yield 'on final positive' => [
+            $entity,
+            VoterInterface::ACCESS_DENIED,
+        ];
+
+        $entity = new EntityWorkflow();
+        $entity->setWorkflowName('dummy');
+
+        $workflow = static::buildRegistry()->get($entity, 'dummy');
+
+        $dto = new WorkflowTransitionContextDTO($entity);
+        $dto->futureDestUsers[] = new User();
+        $workflow->apply(
+            $entity,
+            'to_final_negative',
+            ['context' => $dto,
+                'byUser' => new User(),
+                'transition' => 'to_final_negative',
+                'transitionAt' => new \DateTimeImmutable()],
+        );
+        // we need to mark manually as final, as the listener is not registered
+        $entity->getCurrentStep()->setIsFinal(true);
+
+        yield 'on final negative' => [
+            $entity,
+            VoterInterface::ACCESS_DENIED,
+        ];
+
+        $entity = new EntityWorkflow();
+        $entity->setWorkflowName('dummy');
+
+        $workflow = static::buildRegistry()->get($entity, 'dummy');
+
+        $dto = new WorkflowTransitionContextDTO($entity);
+        $dto->futureDestUsers[] = new User();
+        $workflow->apply(
+            $entity,
+            'to_sent_external',
+            ['context' => $dto,
+                'byUser' => new User(),
+                'transition' => 'to_sent_external',
+                'transitionAt' => new \DateTimeImmutable()],
+        );
+
+        yield 'on sent_external' => [
+            $entity,
+            VoterInterface::ACCESS_DENIED,
+        ];
+
+        $entity = new EntityWorkflow();
+        $entity->setWorkflowName('dummy');
+
+        yield 'on initial' => [
+            $entity,
+            VoterInterface::ACCESS_GRANTED,
+        ];
+    }
+
+    private static function buildRegistry(): Registry
+    {
+        $builder = new DefinitionBuilder();
+        $builder
+            ->setInitialPlaces(['initial'])
+            ->addPlaces(['initial', 'sent_external', 'final_positive', 'final_negative'])
+            ->addTransitions([
+                new Transition('to_final_positive', ['initial'], 'final_positive'),
+                new Transition('to_sent_external', ['initial'], 'sent_external'),
+                new Transition('to_final_negative', ['initial'], 'final_negative'),
+
+            ])
+            ->setMetadataStore(
+                new InMemoryMetadataStore(
+                    placesMetadata: [
+                        'sent_external' => [
+                            'isSentExternal' => true,
+                        ],
+                        'final_positive' => [
+                            'isFinal' => true,
+                            'isFinalPositive' => true,
+                        ],
+                        'final_negative' => [
+                            'isFinal' => true,
+                            'isFinalPositive' => false,
+                        ],
+                    ]
+                )
+            );
+
+        $workflow = new Workflow($builder->build(), new EntityWorkflowMarkingStore(), name: 'dummy');
+        $registry = new Registry();
+        $registry->addWorkflow($workflow, new class () implements WorkflowSupportStrategyInterface {
+            public function supports(WorkflowInterface $workflow, object $subject): bool
+            {
+                return true;
+            }
+        });
+
+        return $registry;
+    }
+}

src/Bundle/ChillMainBundle/Tests/Security/RoleDumperTest.php

@@ -0,0 +1,98 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Tests\Security;
+
+use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
+use Chill\MainBundle\Security\RoleDumper;
+use Chill\MainBundle\Security\RoleProvider;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
+class RoleDumperTest extends TestCase
+{
+    public function testDumpAsMarkdownGroupsByTitleTranslatesAndListsDependencies(): void
+    {
+        // Fake provider with two groups
+        $provider = new class () implements ProvideRoleHierarchyInterface {
+            public const R_PERSON_SEE = 'CHILL_PERSON_SEE';
+            public const R_PERSON_UPDATE = 'CHILL_PERSON_UPDATE';
+            public const R_REPORT_SEE = 'CHILL_REPORT_SEE';
+
+            public function getRoles(): array
+            {
+                return [self::R_PERSON_SEE, self::R_PERSON_UPDATE, self::R_REPORT_SEE];
+            }
+
+            public function getRolesWithoutScope(): array
+            {
+                // In this test, assume REPORT_SEE does not need scope, others do
+                return [self::R_REPORT_SEE];
+            }
+
+            public function getRolesWithHierarchy(): array
+            {
+                return [
+                    'Person' => [self::R_PERSON_SEE, self::R_PERSON_UPDATE],
+                    'Report' => [self::R_REPORT_SEE],
+                ];
+            }
+        };
+
+        $roleProvider = new RoleProvider([$provider]);
+
+        // Fake role hierarchy: UPDATE implies SEE; others none
+        $roleHierarchy = new class () implements RoleHierarchyInterface {
+            public function getReachableRoleNames(array $roles): array
+            {
+                $output = [];
+                foreach ($roles as $r) {
+                    $output[] = $r;
+                    if ('CHILL_PERSON_UPDATE' === $r) {
+                        $output[] = 'CHILL_PERSON_SEE';
+                    }
+                }
+
+                return array_values(array_unique($output));
+            }
+        };
+
+        // Fake translator that clearly shows translation applied
+        $translator = new class () implements TranslatorInterface {
+            public function trans(string $id, array $parameters = [], ?string $domain = null, ?string $locale = null): string
+            {
+                return 'T('.$id.')';
+            }
+
+            public function getLocale(): string
+            {
+                return 'en';
+            }
+        };
+
+        $dumper = new RoleDumper($roleProvider, $roleHierarchy, $translator);
+        $md = $dumper->dumpAsMarkdown();
+
+        $expected = "## T(Person)\n"
+            ."- **T(CHILL_PERSON_SEE)** (S)\n"
+            ."- **T(CHILL_PERSON_UPDATE)** (S): T(CHILL_PERSON_SEE)\n\n"
+            ."## T(Report)\n"
+            ."- **T(CHILL_REPORT_SEE)** (~~S~~)\n";
+
+        self::assertSame($expected, $md);
+    }
+}

src/Bundle/ChillMainBundle/Tests/Serializer/Normalizer/UserNormalizerTest.php

@@ -101,6 +101,8 @@ final class UserNormalizerTest extends TestCase
                 'text_without_absent' => 'SomeUser',
                 'isAbsent' => false,
                 'main_center' => ['context' => Center::class],
+                'absenceStart' => ['context' => \DateTimeImmutable::class],
+                'absenceEnd' => ['context' => \DateTimeImmutable::class],
             ]];
 
         yield [$userNoPhone, 'docgen', ['docgen:expects' => User::class],
@@ -120,6 +122,8 @@ final class UserNormalizerTest extends TestCase
                 'text_without_absent' => 'AnotherUser',
                 'isAbsent' => false,
                 'main_center' => ['context' => Center::class],
+                'absenceStart' => ['context' => \DateTimeImmutable::class],
+                'absenceEnd' => ['context' => \DateTimeImmutable::class],
             ]];
 
         yield [null, 'docgen', ['docgen:expects' => User::class], [
@@ -138,6 +142,8 @@ final class UserNormalizerTest extends TestCase
             'text_without_absent' => '',
             'isAbsent' => false,
             'main_center' => ['context' => Center::class],
+            'absenceStart' => null,
+            'absenceEnd' => null,
         ]];
     }
 }

src/Bundle/ChillMainBundle/Tests/Workflow/Helper/WorkflowRelatedEntityPermissionHelperTest.php

@@ -11,6 +11,9 @@ declare(strict_types=1);
 
 namespace Chill\MainBundle\Tests\Workflow\Helper;
 
+use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowAttachment;
+use Chill\MainBundle\Repository\Workflow\EntityWorkflowAttachmentRepository;
 use Chill\MainBundle\Workflow\Helper\WorkflowRelatedEntityPermissionHelper;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
@@ -148,8 +151,11 @@ class WorkflowRelatedEntityPermissionHelperTest extends TestCase
         $dto = new WorkflowTransitionContextDTO($entityWorkflow);
         $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
 
-        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
-            'abstain because the user is not present as a dest user'];
+        yield [[], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain because there is no workflow'];
+
+        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, new \DateTimeImmutable(),
+            'force deny because the user is not present as a dest user'];
 
         $entityWorkflow = new EntityWorkflow();
         $dto = new WorkflowTransitionContextDTO($entityWorkflow);
@@ -171,6 +177,9 @@ class WorkflowRelatedEntityPermissionHelperTest extends TestCase
         yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, new \DateTimeImmutable(),
             'force grant because the user was a previous user'];
 
+        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, new \DateTimeImmutable(),
+            'force denied because the user was not a previous user'];
+
         $entityWorkflow = new EntityWorkflow();
         $dto = new WorkflowTransitionContextDTO($entityWorkflow);
         $dto->futureDestUsers[] = $user = new User();
@@ -232,6 +241,13 @@ class WorkflowRelatedEntityPermissionHelperTest extends TestCase
 
         yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
             'abstain: there is a signature on a canceled workflow'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('sent_external', $dto, 'to_sent_external', new \DateTimeImmutable(), $user);
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, new \DateTimeImmutable(), 'force denied: the workflow is sent to an external user'];
     }
 
     public function testNoWorkflow(): void
@@ -253,7 +269,217 @@ class WorkflowRelatedEntityPermissionHelperTest extends TestCase
         $entityWorkflowManager = $this->prophesize(EntityWorkflowManager::class);
         $entityWorkflowManager->findByRelatedEntity(Argument::type('object'))->willReturn($entityWorkflows);
 
-        return new WorkflowRelatedEntityPermissionHelper($security->reveal(), $entityWorkflowManager->reveal(), $this->buildRegistry(), new MockClock($atDateTime ?? new \DateTimeImmutable()));
+        $repository = $this->prophesize(EntityWorkflowAttachmentRepository::class);
+        $repository->findByStoredObject(Argument::type(StoredObject::class))->willReturn([]);
+
+        return new WorkflowRelatedEntityPermissionHelper($security->reveal(), $entityWorkflowManager->reveal(), $repository->reveal(), $this->buildRegistry(), new MockClock($atDateTime ?? new \DateTimeImmutable()));
+    }
+
+    /**
+     * @dataProvider provideDataAllowedByWorkflowReadOperationByAttachment
+     *
+     * @param list<EntityWorkflow> $entityWorkflows
+     */
+    public function testAllowedByWorkflowReadByAttachment(
+        array $entityWorkflows,
+        User $user,
+        string $expected,
+        ?\DateTimeImmutable $atDate,
+        string $message,
+    ): void {
+        // all entities must have this workflow name, so we are ok to set it here
+        foreach ($entityWorkflows as $entityWorkflow) {
+            $entityWorkflow->setWorkflowName('dummy');
+        }
+        $helper = $this->buildHelperForAttachment($entityWorkflows, $user, $atDate);
+
+        self::assertEquals($expected, $helper->isAllowedByWorkflowForReadOperation(new StoredObject()), $message);
+    }
+
+    public static function provideDataAllowedByWorkflowReadOperationByAttachment(): iterable
+    {
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain because the user is not present as a dest user'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, new \DateTimeImmutable(),
+            'force grant because the user is a current user'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, new \DateTimeImmutable(),
+            'force grant because the user was a previous user'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futurePersonSignatures[] = new Person();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'Abstain: there is a signature for person, but the attachment is not concerned'];
+    }
+
+    /**
+     * @dataProvider provideDataAllowedByWorkflowWriteOperationByAttachment
+     *
+     * @param list<EntityWorkflow> $entityWorkflows
+     */
+    public function testAllowedByWorkflowWriteByAttachment(
+        array $entityWorkflows,
+        User $user,
+        string $expected,
+        ?\DateTimeImmutable $atDate,
+        string $message,
+    ): void {
+        // all entities must have this workflow name, so we are ok to set it here
+        foreach ($entityWorkflows as $entityWorkflow) {
+            $entityWorkflow->setWorkflowName('dummy');
+        }
+        $helper = $this->buildHelperForAttachment($entityWorkflows, $user, $atDate);
+
+        self::assertEquals($expected, $helper->isAllowedByWorkflowForWriteOperation(new StoredObject()), $message);
+    }
+
+    public static function provideDataAllowedByWorkflowWriteOperationByAttachment(): iterable
+    {
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        yield [[], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain because there is no workflow'];
+
+        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain because the user is not present as a dest user (and attachment)'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, new \DateTimeImmutable(),
+            'force grant because the user is a current user'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::FORCE_GRANT, new \DateTimeImmutable(),
+            'force grant because the user was a previous user'];
+
+        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain because the user was not a previous user'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $entityWorkflow->setStep('final_positive', $dto, 'to_final_positive', new \DateTimeImmutable(), new User());
+        $entityWorkflow->getCurrentStep()->setIsFinal(true);
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, new \DateTimeImmutable(),
+            'force denied: user was a previous user, but it is finalized positive'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable());
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $entityWorkflow->setStep('final_negative', $dto, 'to_final_negative', new \DateTimeImmutable());
+        $entityWorkflow->getCurrentStep()->setIsFinal(true);
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain: user was a previous user, it is finalized, but finalized negative'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futurePersonSignatures[] = new Person();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+        $signature = $entityWorkflow->getCurrentStep()->getSignatures()->first();
+        $signature->setState(EntityWorkflowSignatureStateEnum::SIGNED)->setStateDate(new \DateTimeImmutable());
+
+        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain: there is a signature, but not on the attachment'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futurePersonSignatures[] = new Person();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+
+        yield [[$entityWorkflow], new User(), WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain: there is a signature, but the signature is not on the attachment'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futurePersonSignatures[] = new Person();
+        $entityWorkflow->setStep('test', $dto, 'to_test', new \DateTimeImmutable(), new User());
+        $signature = $entityWorkflow->getCurrentStep()->getSignatures()->first();
+        $signature->setState(EntityWorkflowSignatureStateEnum::SIGNED)->setStateDate(new \DateTimeImmutable());
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $entityWorkflow->setStep('final_negative', $dto, 'to_final_negative', new \DateTimeImmutable(), new User());
+        $entityWorkflow->getCurrentStep()->setIsFinal(true);
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::ABSTAIN, new \DateTimeImmutable(),
+            'abstain: there is a signature on a canceled workflow'];
+
+        $entityWorkflow = new EntityWorkflow();
+        $dto = new WorkflowTransitionContextDTO($entityWorkflow);
+        $dto->futureDestUsers[] = $user = new User();
+        $entityWorkflow->setStep('sent_external', $dto, 'to_sent_external', new \DateTimeImmutable(), $user);
+
+        yield [[$entityWorkflow], $user, WorkflowRelatedEntityPermissionHelper::FORCE_DENIED, new \DateTimeImmutable(),
+            'force denied: the workflow is sent to an external user'];
+    }
+
+    /**
+     * @param list<EntityWorkflow> $entityWorkflows
+     */
+    private function buildHelperForAttachment(array $entityWorkflows, User $user, ?\DateTimeImmutable $atDateTime): WorkflowRelatedEntityPermissionHelper
+    {
+        $security = $this->prophesize(Security::class);
+        $security->getUser()->willReturn($user);
+
+        $entityWorkflowManager = $this->prophesize(EntityWorkflowManager::class);
+        $entityWorkflowManager->findByRelatedEntity(Argument::type('object'))->shouldNotBeCalled();
+
+        $repository = $this->prophesize(EntityWorkflowAttachmentRepository::class);
+        $attachments = [];
+        foreach ($entityWorkflows as $entityWorkflow) {
+            $attachments[] = new EntityWorkflowAttachment('dummy', ['id' => 1], $entityWorkflow, new StoredObject());
+        }
+        $repository->findByStoredObject(Argument::type(StoredObject::class))->willReturn($attachments);
+
+        return new WorkflowRelatedEntityPermissionHelper($security->reveal(), $entityWorkflowManager->reveal(), $repository->reveal(), $this->buildRegistry(), new MockClock($atDateTime ?? new \DateTimeImmutable()));
     }
 
     private static function buildRegistry(): Registry
@@ -261,10 +487,13 @@ class WorkflowRelatedEntityPermissionHelperTest extends TestCase
         $builder = new DefinitionBuilder();
         $builder
             ->setInitialPlaces(['initial'])
-            ->addPlaces(['initial', 'test', 'final_positive', 'final_negative'])
+            ->addPlaces(['initial', 'test', 'sent_external', 'final_positive', 'final_negative'])
             ->setMetadataStore(
                 new InMemoryMetadataStore(
                     placesMetadata: [
+                        'sent_external' => [
+                            'isSentExternal' => true,
+                        ],
                         'final_positive' => [
                             'isFinal' => true,
                             'isFinalPositive' => true,

src/Bundle/ChillMainBundle/Tests/Workflow/Messenger/PostSendExternalMessageHandlerTest.php

@@ -11,8 +11,11 @@ declare(strict_types=1);
 
 namespace Chill\MainBundle\Tests\Workflow\Messenger;
 
+use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Service\StoredObjectToPdfConverter;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowAttachment;
 use Chill\MainBundle\Repository\Workflow\EntityWorkflowRepository;
 use Chill\MainBundle\Workflow\EntityWorkflowHandlerInterface;
 use Chill\MainBundle\Workflow\EntityWorkflowManager;
@@ -23,6 +26,7 @@ use Chill\ThirdPartyBundle\Entity\ThirdParty;
 use PHPUnit\Framework\TestCase;
 use Prophecy\Argument;
 use Prophecy\PhpUnit\ProphecyTrait;
+use Psr\Log\LoggerInterface;
 use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Mime\Address;
@@ -39,24 +43,54 @@ class PostSendExternalMessageHandlerTest extends TestCase
     public function testSendMessageHappyScenario(): void
     {
         $entityWorkflow = $this->buildEntityWorkflow();
+
+        // Prepare attachments (2 attachments)
+        $attachmentStoredObject1 = new StoredObject();
+        $attachmentStoredObject2 = new StoredObject();
+        new EntityWorkflowAttachment('generic_doc', ['id' => 1], $entityWorkflow, $attachmentStoredObject1);
+        new EntityWorkflowAttachment('generic_doc', ['id' => 2], $entityWorkflow, $attachmentStoredObject2);
+
+        // Prepare transition DTO and sends
         $dto = new WorkflowTransitionContextDTO($entityWorkflow);
         $dto->futureDestineeEmails = ['external@example.com'];
         $dto->futureDestineeThirdParties = [(new ThirdParty())->setEmail('3party@example.com')];
         $entityWorkflow->setStep('send_external', $dto, 'to_send_external', new \DateTimeImmutable(), new User());
 
+        // Repository returns our workflow
         $repository = $this->prophesize(EntityWorkflowRepository::class);
         $repository->find(1)->willReturn($entityWorkflow);
 
+        // Mailer must send to both recipients
         $mailer = $this->prophesize(MailerInterface::class);
         $mailer->send(Argument::that($this->buildCheckAddressCallback('3party@example.com')))->shouldBeCalledOnce();
         $mailer->send(Argument::that($this->buildCheckAddressCallback('external@example.com')))->shouldBeCalledOnce();
 
+        // Workflow manager and handler
         $workflowHandler = $this->prophesize(EntityWorkflowHandlerInterface::class);
         $workflowHandler->getEntityTitle($entityWorkflow, Argument::any())->willReturn('title');
         $workflowManager = $this->prophesize(EntityWorkflowManager::class);
         $workflowManager->getHandler($entityWorkflow)->willReturn($workflowHandler->reveal());
 
-        $handler = new PostSendExternalMessageHandler($repository->reveal(), $mailer->reveal(), $workflowManager->reveal());
+        // Associated stored object for the workflow
+        $associatedStoredObject = new StoredObject();
+        $workflowManager->getAssociatedStoredObject($entityWorkflow)->willReturn($associatedStoredObject);
+
+        // Converter should be called for each attachment and the associated stored object
+        $converter = $this->prophesize(StoredObjectToPdfConverter::class);
+        $converter->addConvertedVersion($attachmentStoredObject1, 'fr')->shouldBeCalledOnce();
+        $converter->addConvertedVersion($attachmentStoredObject2, 'fr')->shouldBeCalledOnce();
+        $converter->addConvertedVersion($associatedStoredObject, 'fr')->shouldBeCalledOnce();
+
+        // Logger (not used in happy path, but required by handler)
+        $logger = $this->prophesize(LoggerInterface::class);
+
+        $handler = new PostSendExternalMessageHandler(
+            $repository->reveal(),
+            $mailer->reveal(),
+            $workflowManager->reveal(),
+            $converter->reveal(),
+            $logger->reveal(),
+        );
 
         $handler(new PostSendExternalMessage(1, 'fr'));
 

src/Bundle/ChillMainBundle/Workflow/Helper/WorkflowRelatedEntityPermissionHelper.php

@@ -11,9 +11,12 @@ declare(strict_types=1);
 
 namespace Chill\MainBundle\Workflow\Helper;
 
+use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflow;
+use Chill\MainBundle\Entity\Workflow\EntityWorkflowAttachment;
 use Chill\MainBundle\Entity\Workflow\EntityWorkflowSignatureStateEnum;
+use Chill\MainBundle\Repository\Workflow\EntityWorkflowAttachmentRepository;
 use Chill\MainBundle\Workflow\EntityWorkflowManager;
 use Symfony\Component\Clock\ClockInterface;
 use Symfony\Component\Security\Core\Security;
@@ -58,21 +61,39 @@ class WorkflowRelatedEntityPermissionHelper
     public function __construct(
         private readonly Security $security,
         private readonly EntityWorkflowManager $entityWorkflowManager,
+        private readonly EntityWorkflowAttachmentRepository $entityWorkflowAttachmentRepository,
         private readonly Registry $registry,
         private readonly ClockInterface $clock,
     ) {}
 
     /**
+     * @param object $entity The entity may be an
+     *
      * @return 'FORCE_GRANT'|'FORCE_DENIED'|'ABSTAIN'
      */
     public function isAllowedByWorkflowForReadOperation(object $entity): string
     {
-        $entityWorkflows = $this->entityWorkflowManager->findByRelatedEntity($entity);
+        if ($entity instanceof StoredObject) {
+            $attachments = $this->entityWorkflowAttachmentRepository->findByStoredObject($entity);
+            $entityWorkflows = array_map(static fn (EntityWorkflowAttachment $attachment) => $attachment->getEntityWorkflow(), $attachments);
+            $isAttached = true;
+        } else {
+            $entityWorkflows = $this->entityWorkflowManager->findByRelatedEntity($entity);
+            $isAttached = false;
+        }
+
+        if ([] === $entityWorkflows) {
+            return self::ABSTAIN;
+        }
 
         if ($this->isUserInvolvedInAWorkflow($entityWorkflows)) {
             return self::FORCE_GRANT;
         }
 
+        if ($isAttached) {
+            return self::ABSTAIN;
+        }
+
         // give a view permission if there is a Person signature pending, or in the 12 hours following
         // the signature last state
         foreach ($entityWorkflows as $workflow) {
@@ -100,33 +121,51 @@ class WorkflowRelatedEntityPermissionHelper
      */
     public function isAllowedByWorkflowForWriteOperation(object $entity): string
     {
-        $entityWorkflows = $this->entityWorkflowManager->findByRelatedEntity($entity);
-        $runningWorkflows = [];
+        if ($entity instanceof StoredObject) {
+            $attachments = $this->entityWorkflowAttachmentRepository->findByStoredObject($entity);
+            $entityWorkflows = array_map(static fn (EntityWorkflowAttachment $attachment) => $attachment->getEntityWorkflow(), $attachments);
+            $isAttached = true;
+        } else {
+            $entityWorkflows = $this->entityWorkflowManager->findByRelatedEntity($entity);
+            $isAttached = false;
+        }
 
-        // if a workflow is finalized positive, we are not allowed to edit to document any more
+        if ([] === $entityWorkflows) {
+            return self::ABSTAIN;
+        }
 
+        // if a workflow is finalized positive, anyone is allowed to edit the document anymore
         foreach ($entityWorkflows as $entityWorkflow) {
-            if ($entityWorkflow->isFinal()) {
-                $workflow = $this->registry->get($entityWorkflow, $entityWorkflow->getWorkflowName());
-                $marking = $workflow->getMarkingStore()->getMarking($entityWorkflow);
-                foreach ($marking->getPlaces() as $place => $int) {
-                    $placeMetadata = $workflow->getMetadataStore()->getPlaceMetadata($place);
-                    if (true === ($placeMetadata['isFinalPositive'] ?? false)) {
-                        // the workflow is final, and final positive, so we stop here.
-                        return self::FORCE_DENIED;
-                    }
+            $workflow = $this->registry->get($entityWorkflow, $entityWorkflow->getWorkflowName());
+            $marking = $workflow->getMarkingStore()->getMarking($entityWorkflow);
+            foreach ($marking->getPlaces() as $place => $int) {
+                $placeMetadata = $workflow->getMetadataStore()->getPlaceMetadata($place);
+                if (
+                    ($entityWorkflow->isFinal() && ($placeMetadata['isFinalPositive'] ?? false))
+                    || ($placeMetadata['isSentExternal'] ?? false)
+                ) {
+                    // the workflow is final, and final positive, or is sentExternal, so we stop here.
+                    return self::FORCE_DENIED;
+                }
+                if (
+                    // if not finalized positive
+                    $entityWorkflow->isFinal() && !($placeMetadata['isFinalPositive'] ?? false)
+                ) {
+                    return self::ABSTAIN;
                 }
-            } else {
-                $runningWorkflows[] = $entityWorkflow;
             }
         }
 
-        // if there is a signature on a **running workflow**, no one can edit the workflow any more
-        foreach ($runningWorkflows as $entityWorkflow) {
-            foreach ($entityWorkflow->getSteps() as $step) {
-                foreach ($step->getSignatures() as $signature) {
-                    if (EntityWorkflowSignatureStateEnum::SIGNED === $signature->getState()) {
-                        return self::FORCE_DENIED;
+        $runningWorkflows = array_filter($entityWorkflows, fn (EntityWorkflow $ew) => !$ew->isFinal());
+
+        // if there is a signature on a **running workflow**, no one is allowed edit the workflow anymore
+        if (!$isAttached) {
+            foreach ($runningWorkflows as $entityWorkflow) {
+                foreach ($entityWorkflow->getSteps() as $step) {
+                    foreach ($step->getSignatures() as $signature) {
+                        if (EntityWorkflowSignatureStateEnum::SIGNED === $signature->getState()) {
+                            return self::FORCE_DENIED;
+                        }
                     }
                 }
             }
@@ -137,7 +176,11 @@ class WorkflowRelatedEntityPermissionHelper
             return self::FORCE_GRANT;
         }
 
-        return self::ABSTAIN;
+        if ($isAttached) {
+            return self::ABSTAIN;
+        }
+
+        return self::FORCE_DENIED;
     }
 
     /**