Closed rebkwok closed 1 month ago
If an output-checker doesn't have access to the request's workspace, they can create a comment, but can't delete it.
In group_comment_delete, the check for the comment author is there, but we should not check for workspace permission
group_comment_delete
If an output-checker doesn't have access to the request's workspace, they can create a comment, but can't delete it.
In
group_comment_delete, the check for the comment author is there, but we should not check for workspace permission