adjusted PUT /sample/{id}

src/routes/sample.ts

@@ -69,6 +69,9 @@ router.put('/sample/' + IdValidate.parameter(), (req, res, next) => {
     if (!sampleData) {
       return res.status(404).json({status: 'Not found'});
     }
+    if (sampleData.status === globals.status.deleted) {
+      return res.status(403).json({status: 'Forbidden'});
+    }
 
     // only maintain and admin are allowed to edit other user's data
     if (sampleData.user_id.toString() !== req.authDetails.id && !req.auth(res, ['maintain', 'admin'], 'basic')) return;