diff --git a/src/app/document/controllers/DocumentController.php b/src/app/document/controllers/DocumentController.php
index 7aa497efa38a764cafdeb6999f58a915242ac0ac..12132c82a4dd28dabd7fd7b7026a6771aececb2d 100755
--- a/src/app/document/controllers/DocumentController.php
+++ b/src/app/document/controllers/DocumentController.php
@@ -1033,58 +1033,47 @@ class DocumentController
         ValidatorModel::intVal($args, ['id', 'userId']);
         ValidatorModel::boolType($args, ['readOnly']);
 
-        $readOnly = $args['readOnly'] ?? false;
-        $args['id'] = (int)$args['id'];
+        $args['readOnly'] = $args['readOnly'] ?? false;
+        $args['id']       = (int)$args['id'];
+        $args['userId']   = (int)$args['userId'];
 
         $document = DocumentModel::getById(['select' => ['typist'], 'id' => $args['id']]);
-        if ($document['typist'] == $GLOBALS['id']) {
+        if (!empty($document['typist']) && $document['typist'] == $GLOBALS['id']) {
             return true;
         }
 
-        if (!$readOnly) {
-            $workflow = WorkflowModel::getCurrentStep(['select' => ['user_id'], 'documentId' => $args['id']]);
-            if (empty($workflow)) {
+        if (!$args['readOnly']) {
+            $currentStep = WorkflowModel::getCurrentStep(['select' => ['user_id'], 'documentId' => $args['id']]);
+            if (empty($currentStep)) {
                 return false;
             }
 
-            if ($workflow['user_id'] != $args['userId']) {
-                $user = UserModel::getById(['id' => $workflow['user_id'], 'select' => ['substitute']]);
-                if ($user['substitute'] != $args['userId']) {
-                    return false;
-                }
-            }
-        } else {
-            $circuitUsers = WorkflowModel::get([
-                'select'  => ['user_id', '(process_date is not null) as processed'],
-                'where'   => ['main_document_id = ?'],
-                'data'    => [$args['id']],
-                'orderBy' => ['"order" asc']
-            ]);
-            $previousAndOneUsers = [];
-            foreach ($circuitUsers as $user) {
-                if ($user['processed']) {
-                    $previousAndOneUsers[] = $user['user_id'];
-                    continue;
-                }
-                $previousAndOneUsers[] = $user['user_id'];
-                break;
-            }
-            $circuitUsers = $previousAndOneUsers;
-            unset($previousAndOneUsers);
-            if (!empty($circuitUsers)) {
-                $circuitSubstitutes = array_column(UserModel::get([
-                    'select' => ['substitute'],
-                    'where'  => ['substitute is not null', 'id in (?)'],
-                    'data'   => [$circuitUsers],
-                ]), 'substitute');
-                $circuitUsers = array_merge($circuitUsers, $circuitSubstitutes);
-            }
-            if (!in_array($args['userId'], $circuitUsers)) {
-                return false;
+            if ($currentStep['user_id'] == $args['userId']) {
+                return true;
+            } else {
+                $user = UserModel::getById(['id' => $currentStep['user_id'], 'select' => ['substitute']]);
+                return $currentStep['user_id'] == $user['substitute'];
             }
         }
 
-        return true;
+        $canReadOnly = WorkflowModel::get([
+            'select' => [1],
+            'where'  => [
+                'main_document_id = ?',
+                '(process_date IS NOT NULL AND user_id = ?)
+                OR (
+                    process_date IS NULL
+                    AND user_id IN (
+                        SELECT (SELECT ?::int) UNION (SELECT id FROM users WHERE substitute = ?)
+                    )
+                    AND "order" = (
+                        SELECT min(ws2."order") FROM workflows ws2 WHERE ws2.main_document_id = main_document_id
+                    )
+                )'
+            ],
+            'data' => [$args['id'], $args['userId'], $args['userId'], $args['userId']]
+        ]);
+        return !empty($canReadOnly);
     }
 
     public static function getEncodedDocumentFromEncodedZip(array $args)
diff --git a/src/app/search/controllers/SearchController.php b/src/app/search/controllers/SearchController.php
index e4fe9264c6abf8fc5765852090fd07128a7168d4..5c329c1091a23768a4d117c2f579cc6124f1d711 100755
--- a/src/app/search/controllers/SearchController.php
+++ b/src/app/search/controllers/SearchController.php
@@ -37,14 +37,22 @@ class SearchController
         $data  = [];
         $hasFullRights = PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents']);
         if (!$hasFullRights) {
-            $substitutedUsers = UserModel::get(['select' => ['id'], 'where' => ['substitute = ?'], 'data' => [$GLOBALS['id']]]);
-            $users = [$GLOBALS['id']];
-            foreach ($substitutedUsers as $value) {
-                $users[] = $value['id'];
-            }
-
-            $where = ["(id IN (SELECT main_document_id FROM workflows WHERE user_id IN (?)) OR typist = ?)"];
-            $data  = [$users, $GLOBALS['id']];
+            $where = ['id IN (
+                SELECT DISTINCT ws1.main_document_id
+                FROM workflows ws1
+                WHERE typist = ?
+                OR (ws1.process_date IS NOT NULL AND ws1.user_id = ?)
+                OR (
+                    ws1.process_date IS NULL
+                    AND ws1.user_id IN (
+                        SELECT (SELECT ?::int) UNION (SELECT id FROM users WHERE substitute = ?)
+                    )
+                    AND ws1."order" = (
+                        SELECT min(ws2."order") FROM workflows ws2 WHERE ws2.main_document_id = ws1.main_document_id
+                    )
+                )
+            )'];
+            $data = [$GLOBALS['id'], $GLOBALS['id'], $GLOBALS['id'], $GLOBALS['id']];
         }
 
         $whereWorkflow = [];