Bypass password confirmation via Context-dependent access control (CDCA)

## Summary: Hi Team, After some testing in nextcloud server, i found Context-dependent access control when i delete workflow at ``` /nextcloud/index.php/settings/user/workflow ``` the server ask for password confirmation but it can be bypassed if i directly request the delete endpoint. CDCA is a security mechanism that restricts access to resources based on the context of the request. If CDCA is broken, an attacker can exploit this flaw to gain unauthorized access to resources. This can have serious consequences, such as data breaches, theft of credentials, and denial of service attacks. ## Steps To Reproduce: [add details for how we can reproduce the issue] - go to /nextcloud/index.php/settings/user/workflow and create workflow. {F2626834} - now click on Delete button, the Password require for confirmation {F2626842} - A Broken Context-dependent access control happen when user can bypass password confirmation by send the folowing request ``` DELETE /nextcloud/ocs/v2.php/apps/workflowengine/api/v1/workflows/user/3?format=json``` {F2626845} - as you can see, user bypass password confirmation and the workflow succssufilly deleted. {F2626858} ## Supporting Material/References: https://www.geeksforgeeks.org/how-to-prevent-broken-access-control ## Impact bypass password confirmation delete workflow without password confirmation