Check authorization before deleting application

api/application.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"errors"
 	"log"
 	"net/http"
 
@@ -80,6 +81,13 @@ func (h *ApplicationHandler) DeleteApplication(ctx *gin.Context) {
 		return
 	}
 
+	user := authentication.GetUser(ctx)
+
+	if user.ID != application.ID {
+		ctx.AbortWithError(http.StatusForbidden, errors.New("only owner can delete application"))
+		return
+	}
+
 	log.Printf("Deleting application %s.\n", application.Name)
 
 	if success := successOrAbort(ctx, http.StatusInternalServerError, h.Dispatcher.DeregisterApplication(application)); !success {