From 05eb3bab08cd4fd9bd6a3fc9be70431cc0bff566 Mon Sep 17 00:00:00 2001
From: Arthur de Moulins <arthurdemoulins@gmail.com>
Date: Fri, 15 Nov 2024 12:45:48 +0100
Subject: [PATCH] PS-727 fix collection delete permission

---
 databox/api/src/Security/Voter/AssetVoter.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/databox/api/src/Security/Voter/AssetVoter.php b/databox/api/src/Security/Voter/AssetVoter.php
index 4df8543a6..7f94db0a4 100644
--- a/databox/api/src/Security/Voter/AssetVoter.php
+++ b/databox/api/src/Security/Voter/AssetVoter.php
@@ -72,10 +72,7 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
                 return $isOwner()
                     || $this->security->isGranted(self::SCOPE_PREFIX.'DELETE')
                     || $this->hasAcl(PermissionInterface::DELETE, $subject, $token)
-                    || (
-                        null !== $subject->getReferenceCollection()
-                        && $this->hasAcl(PermissionInterface::DELETE, $subject->getReferenceCollection(), $token)
-                    );
+                    || $this->voteOnContainer($subject, AbstractVoter::DELETE);
             case self::EDIT_PERMISSIONS:
                 return $isOwner()
                     || $this->security->isGranted(self::SCOPE_PREFIX.'OWNER')