Merge pull request #9976 from RussWhitehead/eraseHistory640

HPCC-17599 Add security to deny users from erasing metadata WsDfu/EraseHistory

Reviewed-By: Kevin Wang <kevin.wang@lexisnexis.com>
Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>

esp/services/ws_dfu/ws_dfuService.cpp

@@ -5059,6 +5059,9 @@ bool CWsDfuEx::onEraseHistory(IEspContext &context, IEspEraseHistoryRequest &req
 {
     try
     {
+        if (!context.validateFeatureAccess(FEATURE_URL, SecAccess_Full, false))
+            throw MakeStringException(ECLWATCH_DFU_ACCESS_DENIED, "Failed to Erase History. Permission denied (requires Full).");
+
         StringBuffer username;
         context.getUserID(username);
         Owned<IUserDescriptor> userdesc;