fixup! delete submissions

Chartman123 · Chartman123 · commit 9b0bde41eb96 · 2025-04-24T20:32:55.000+02:00
Signed-off-by: Christian Hartmann &lt;chris-hartmann@gmx.de&gt;
diff --git a/lib/Controller/ApiController.php b/lib/Controller/ApiController.php
@@ -1474,7 +1474,10 @@ public function deleteSubmission(int $formId, int $submissionId): DataResponse {
 			throw new OCSBadRequestException('Submission doesn\'t belong to given form');
 		}
 
-		if ($this->currentUser->getUID() !== $submission->getUserId()) {
+		if (
+			!in_array(Constants::PERMISSION_RESULTS, $this->formsService->getPermissions($form)) 
+			&& $this->currentUser->getUID() !== $submission->getUserId()
+		) {
 			throw new OCSForbiddenException('Can only delete your own submissions');
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -1474,7 +1474,10 @@ public function deleteSubmission(int $formId, int $submissionId): DataResponse {`
`1474`	`1474`	`throw new OCSBadRequestException('Submission doesn\'t belong to given form');`
`1475`	`1475`	`}`
`1476`	`1476`
`1477`		`- if ($this->currentUser->getUID() !== $submission->getUserId()) {`
	`1477`	`+ if (`
	`1478`	`+ !in_array(Constants::PERMISSION_RESULTS, $this->formsService->getPermissions($form))`
	`1479`	`+ && $this->currentUser->getUID() !== $submission->getUserId()`
	`1480`	`+ ) {`
`1478`	`1481`	`throw new OCSForbiddenException('Can only delete your own submissions');`
`1479`	`1482`	`}`
`1480`	`1483`