From deae7d3b598a64bf27fc35ef06e070f36457ef9c Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Wed, 22 Apr 2020 16:23:17 -0400 Subject: [PATCH] PMCORE-1254 --- .../src/ProcessMaker/BusinessModel/Cases.php | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 0c6fd2964..edf64d925 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -1126,26 +1126,26 @@ class Cases Validator::isString($appUid, '$app_uid'); Validator::appUid($appUid, '$app_uid'); - // Review the permission for delete case - global $RBAC; - if ($RBAC->userCanAccess('PM_DELETECASE') != 1) { - throw new Exception(G::LoadTranslation('ID_NOT_ABLE_DELETE_CASES')); - } - // Review the status and user + // Review the status and owner $caseInfo = ModelApplication::getCase($appUid); - if (!empty($caseInfo)){ + if (!empty($caseInfo)) { + // Check if the requester is the owner + if ($caseInfo['APP_INIT_USER'] !== $usrUid) { + global $RBAC; + // If no we need to review if have the permission + if ($RBAC->userCanAccess('PM_DELETECASE') != 1) { + throw new Exception(G::LoadTranslation('ID_NOT_ABLE_DELETE_CASES')); + } + } + // Review the status if ($caseInfo['APP_STATUS'] != 'DRAFT') { throw new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_STATUS")); } - // Review the user requester - if ($caseInfo['APP_INIT_USER'] != $usrUid) { - throw new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_OWNER")); - } - } - $case = new ClassesCases(); - $case->removeCase($appUid); + $case = new ClassesCases(); + $case->removeCase($appUid); + } } /**