Added the condition to handle analysis creation based on another one …

…with readonly access.

src/Middleware/AnrValidationMiddleware.php

@@ -74,7 +74,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             return $result;
         }
 
-        /* Ensure the record in the anr is presented in the table, means at least read permissions are allowed.
+        /* Ensure the record of the anr is presented in the table, means at least read permissions are allowed.
          * It's necessary e.g. for the "monarc_api_duplicate_client_anr" route. */
         $userAnr = $this->userAnrTable->findByAnrAndUser($anr, $this->connectedUser);
         if (($userAnr === null && !$anr->isAnrSnapshot())
@@ -128,8 +128,9 @@ private function isPostAuthorizedForRoute(string $routeName, string $method)
         return $method === Request::METHOD_POST
             && ($routeName === 'monarc_api_global_client_anr/export' // export ANR
                 || $routeName === 'monarc_api_global_client_anr/instance_export' // export Instance
-                || $routeName === 'monarc_api_global_client_anr/objects_export' // export  Object
-                || $routeName === 'monarc_api_global_client_anr/deliverable' // generate a report
+                || $routeName === 'monarc_api_global_client_anr/objects_export' // export Object
+                || $routeName === 'monarc_api_global_client_anr/deliverable' // generate Report
+                || $routeName === 'monarc_api_duplicate_client_anr' // duplicate anr when read only access.
             );
     }