Fix(SOAP): Add missing permission check to prevent moving objects from foreign containers

Signed-off-by: Releasemanager <webmaster@ilias.de>

Author: sKarki999

components/ILIAS/soap/classes/class.ilSoapObjectAdministration.php

@@ -1047,6 +1047,10 @@ public function moveObject(string $sid, int $ref_id, int $target_id)
             return $this->raiseError('No valid target given.', 'Client');
         }
 
+        if(!$rbacsystem->checkAccess('move', $ref_id)) {
+            return $this->raiseError("No permission to move object with id: $ref_id", 'Client');
+        }
+
         // check for trash
         if (ilObject::_isInTrash($ref_id)) {
             return $this->raiseError('Object is trashed.', 'Client');