From 2d8d8bb4d5e161482a9b580e069dc6f480899755 Mon Sep 17 00:00:00 2001
From: Jonathan Foucher <jfoucher@gmail.com>
Date: Fri, 29 Nov 2024 11:39:10 +0100
Subject: [PATCH] Fi https://gitlab.adullact.net/soluris/madis/-/issues/981

---
 config/packages/security.yaml                              | 2 +-
 src/Domain/Documentation/Controller/DocumentController.php | 4 ----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index ffde78779..a949353b6 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -78,7 +78,7 @@ security:
         - { path: ^/modele-analyse, roles: ROLE_ADMIN }
         - { path: ^/mesure-protection, roles: ROLE_ADMIN }
         - { path: ^/espace-documentaire/creer$, roles: ROLE_ADMIN }
-        - { path: ^/espace-documentaire/telecharger, roles: ROLE_USER }
+        - { path: ^/espace-documentaire/telecharger, roles: ROLE_PREVIEW }
         - { path: ^/espace-documentaire/modifier/.+$, roles: ROLE_ADMIN }
         - { path: ^/espace-documentaire/supprimer/.+$, roles: ROLE_ADMIN }
         - { path: ^/espace-documentaire/categorie, roles: ROLE_ADMIN }
diff --git a/src/Domain/Documentation/Controller/DocumentController.php b/src/Domain/Documentation/Controller/DocumentController.php
index 162c06925..631a8d465 100644
--- a/src/Domain/Documentation/Controller/DocumentController.php
+++ b/src/Domain/Documentation/Controller/DocumentController.php
@@ -305,10 +305,6 @@ class DocumentController extends CRUDController
         if (!$doc) {
             throw new NotFoundHttpException('Document introuvable');
         }
-        // check if user is creator or admin
-        if (!$this->authorizationChecker->isGranted('ROLE_ADMIN') && $this->userProvider->getAuthenticatedUser() !== $doc->getCreator()) {
-            throw new NotFoundHttpException('Document introuvable');
-        }
 
         if ($doc->getIsLink()) {
             return $this->redirect($doc->getUrl());
-- 
GitLab