Merge branch 'fix/23131/develop' into 'develop'

[23131] TMA - impossibilité de viser ou signer si une délégation en place

See merge request maarch/MaarchParapheur!183

src/app/document/controllers/DocumentController.php

@@ -817,6 +817,18 @@ class DocumentController
         }
 
         $workflow  = WorkflowModel::getCurrentStep(['select' => ['id', 'mode', 'user_id', 'signature_mode', 'digital_signature_id'], 'documentId' => $args['id']]);
+
+        if (empty($workflow)) {
+            return $response->withStatus(400)->withJson(['errors' => 'Workflow is over']);
+        }
+
+        $substitute = UserModel::getById(['id' => $workflow['user_id'], 'select' => ['substitute']]);
+
+        if ($GLOBALS['id'] != $workflow['user_id'] && $GLOBALS['id'] != $substitute['substitute']) {
+            return $response->withStatus(403)->withJson(['errors' => 'Current user unauthorized for this step']);
+        }
+
+
         $libDir    = CoreConfigModel::getLibrariesDirectory();
         $loadedXml = CoreConfigModel::getConfig();
         $tmpPath   = CoreConfigModel::getTmpPath();
@@ -1356,7 +1368,7 @@ class DocumentController
         $document = DocumentModel::getById(['select' => ['typist'], 'id' => $args['id']]);
 
         if (!empty($document['typist']) && $document['typist'] == $GLOBALS['id']) {
-            return true;
+            return true;    
         }
 
         if (!$args['readOnly']) {
@@ -1368,8 +1380,8 @@ class DocumentController
             if ($currentStep['user_id'] == $args['userId']) {
                 return true;
             } else {
-                $user = UserModel::getById(['id' => $args['userId'], 'select' => ['substitute']]);
-                return $currentStep['user_id'] == $user['substitute'];
+                $user = UserModel::getById(['id' => $currentStep['user_id'], 'select' => ['substitute']]);
+                return $user['substitute'] ?? null == $args['userId'];
             }
         }