From 49b43876268c69842b0368e951c9c2ae6a9566d9 Mon Sep 17 00:00:00 2001
From: ppound <paul.pound@gmail.com>
Date: Wed, 8 Sep 2021 09:38:20 -0300
Subject: [PATCH] added case for user to only delete their own reservations

---
 src/ReserveReservationAccessControlHandler.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ReserveReservationAccessControlHandler.php b/src/ReserveReservationAccessControlHandler.php
index 7aab60e..fc01557 100644
--- a/src/ReserveReservationAccessControlHandler.php
+++ b/src/ReserveReservationAccessControlHandler.php
@@ -36,6 +36,9 @@ class ReserveReservationAccessControlHandler extends EntityAccessControlHandler
 
       case 'delete':
         $access =  AccessResult::allowedIfHasPermission($account, 'delete any reservation');
+        if (!$access->isAllowed() && $account->hasPermission('delete own reservation')) {
+          $access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId())->cachePerUser()->addCacheableDependency($entity));
+        }
         break;
 
       // Unknown operation, no opinion.