Merged in bugfix/PMCORE-1254-A (pull request #7326)

PMCORE-1254

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>

workflow/engine/src/ProcessMaker/BusinessModel/Cases.php

@@ -1126,26 +1126,26 @@ class Cases
         Validator::isString($appUid, '$app_uid');
         Validator::appUid($appUid, '$app_uid');
 
-        // Review the permission for delete case
+        // Review the status and owner
-        global $RBAC;
-        if ($RBAC->userCanAccess('PM_DELETECASE') != 1) {
-            throw new Exception(G::LoadTranslation('ID_NOT_ABLE_DELETE_CASES'));
-        }
-        // Review the status and user
         $caseInfo = ModelApplication::getCase($appUid);
-        if (!empty($caseInfo)){
+        if (!empty($caseInfo)) {
+            // Check if the requester is the owner
+            if ($caseInfo['APP_INIT_USER'] !== $usrUid) {
+                global $RBAC;
+                // If no we need to review if have the permission
+                if ($RBAC->userCanAccess('PM_DELETECASE') != 1) {
+                    throw new Exception(G::LoadTranslation('ID_NOT_ABLE_DELETE_CASES'));
+                }
+            }
+
             // Review the status
             if ($caseInfo['APP_STATUS'] != 'DRAFT') {
                 throw new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_STATUS"));
             }
-            // Review the user requester
-            if ($caseInfo['APP_INIT_USER'] != $usrUid) {
-                throw new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_OWNER"));
-            }
-        }
 
-        $case = new ClassesCases();
+            $case = new ClassesCases();
-        $case->removeCase($appUid);
+            $case->removeCase($appUid);
+        }
     }
 
     /**