From 3a80d44dda064457d704ecb0342adb6d9b27afd9 Mon Sep 17 00:00:00 2001
From: Gani Georgiev <gani.georgiev@gmail.com>
Date: Mon, 1 Jul 2024 21:43:20 +0300
Subject: [PATCH] manually unset the verified state on drysubmit

---
 apis/record_crud.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apis/record_crud.go b/apis/record_crud.go
index 106570e1..9fce86fc 100644
--- a/apis/record_crud.go
+++ b/apis/record_crud.go
@@ -185,6 +185,11 @@ func (api *recordApi) create(c echo.Context) error {
 			return NewBadRequestError("Failed to load the submitted data due to invalid formatting.", err)
 		}
 
+		// force unset the verified state to prevent ManageRule misuse
+		if !hasFullManageAccess {
+			testForm.Verified = false
+		}
+
 		createRuleFunc := func(q *dbx.SelectQuery) error {
 			if *collection.CreateRule == "" {
 				return nil // no create rule to resolve