[Data Stories]: users can delete stories that they didn't publish
Opened this issue · 0 comments
CriMenghini commented
Subject of the issue
A user is able to delete stories he didn't produce.
Expected behaviour
I expect to be able to remove only the stories that belong to me.
Actual behaviour
I can remove stories I didn't create.