From 98ac177ed098987e58e5009884407de899fd2964 Mon Sep 17 00:00:00 2001
From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com>
Date: Sun, 22 Jan 2023 21:32:27 +0100
Subject: [PATCH] add possibility for users to delete their own appreciations

---
 Controllers/ApprController.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/Controllers/ApprController.php b/Controllers/ApprController.php
index 94ca408..ffc1453 100644
--- a/Controllers/ApprController.php
+++ b/Controllers/ApprController.php
@@ -19,11 +19,21 @@ final class ApprController
 
     public function deleteAction(Array $A_urlParams = null, Array $A_postParams = null)
     {
-        Session::admin_or_die();
+        Session::login_or_die();
 
         $I_appr_id = $A_urlParams[0];
 
         $O_apprModel = new ApprModel();
+        $A_appr = $O_apprModel->getApprById($I_appr_id);
+
+        if ($A_appr === null) {
+            echo "404";
+            return;
+        }
+        
+        if ($A_appr["AUTHOR_ID"] !== $_SESSION["ID"]) {
+            Session::admin_or_die();
+        }
 
         $O_apprModel->deleteAppr($I_appr_id);