From fc6014b37e2feaea1925a7df2a91b72f3ed76f5c Mon Sep 17 00:00:00 2001
From: netkas <netkas.nosial@gmail.com>
Date: Thu, 5 Jun 2025 15:16:12 -0400
Subject: [PATCH] Add permission check for managing entities in DeleteEntity
 request handler

---
 src/FederationServer/Methods/Entities/DeleteEntity.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/FederationServer/Methods/Entities/DeleteEntity.php b/src/FederationServer/Methods/Entities/DeleteEntity.php
index 29d70b7..725fa70 100644
--- a/src/FederationServer/Methods/Entities/DeleteEntity.php
+++ b/src/FederationServer/Methods/Entities/DeleteEntity.php
@@ -16,6 +16,12 @@
          */
         public static function handleRequest(): void
         {
+            $authenticatedOperator = FederationServer::getAuthenticatedOperator();
+            if(!$authenticatedOperator->canManageBlacklist())
+            {
+                throw new RequestException('Unauthorized: Insufficient permissions to manage entities', 401);
+            }
+
             if(!preg_match('#^/entities/([a-fA-F0-9\-]{36,})$#', FederationServer::getPath(), $matches))
             {
                 throw new RequestException('Bad Request: Entity UUID is required', 400);