This is far from ideal as some apps use the API's return status to update their state or not.
For example Moneybuster will not act in the same way if a 404 is returned: https://gitlab.com/eneiluj/moneybuster/-/issues/99#note_1676835401 and will delete the bill locally (which is wrong since it was disabled in the project settings).
Hi,
The current behaviour when the bill deletion is disabled on a project and a bill deletion is requested is to send a "Forbidden" error message with a HTTP 404 status: https://github.com/julien-nc/cospend-nc/blob/main/lib/Service/ProjectService.php#L1128.
This is far from ideal as some apps use the API's return status to update their state or not. For example Moneybuster will not act in the same way if a 404 is returned: https://gitlab.com/eneiluj/moneybuster/-/issues/99#note_1676835401 and will delete the bill locally (which is wrong since it was disabled in the project settings).