fix(permissions): 🐛 Improved the security around the role "Manage Own Requests" (#4397)

* Secure ManageOwnRequests API paths

Fixes #4391

* Hide delete request option if user is not allowed

* Refactor CheckOwnRequests

* Fix deleteRequest test

* Improve performance and clean up code

* Fix manageOwnRequests check

* Refactor CheckCanManageRequest

src/Ombi.Core/Engine/MovieRequestEngine.cs

@@ -654,11 +654,20 @@ namespace Ombi.Core.Engine
         /// </summary>
         /// <param name="requestId">The request identifier.</param>
         /// <returns></returns>
-        public async Task RemoveMovieRequest(int requestId)
+        public async Task<RequestEngineResult> RemoveMovieRequest(int requestId)
         {
             var request = await MovieRepository.GetAll().FirstOrDefaultAsync(x => x.Id == requestId);
+
+            var result = await CheckCanManageRequest(request);
+            if (result.IsError)
+                return result;
+                
             await MovieRepository.Delete(request);
             await _mediaCacheService.Purge();
+            return new RequestEngineResult
+            {
+                Result = true,
+            };
         }
 
         public async Task RemoveAllMovieRequests()