From a45be38c6d18a5bc17281cd2ff71a19bb2b63615 Mon Sep 17 00:00:00 2001
From: Miguel Angel <miguelangeldev@icloud.com>
Date: Tue, 2 Sep 2025 14:58:09 -0400
Subject: [PATCH] fix: enhance start event validation by introducing checks for
 email start events

---
 .../Http/Controllers/Api/ProcessController.php   | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ProcessMaker/Http/Controllers/Api/ProcessController.php b/ProcessMaker/Http/Controllers/Api/ProcessController.php
index b9b14d3f11..5182534e11 100644
--- a/ProcessMaker/Http/Controllers/Api/ProcessController.php
+++ b/ProcessMaker/Http/Controllers/Api/ProcessController.php
@@ -332,14 +332,20 @@ public function startEvents(Request $request, Process $process)
         $currentUser = Auth::user();
         foreach ($process->start_events as $event) {
             if (count($event['eventDefinitions']) === 0) {
+                $isEmailStartEvent = false;
+
                 if (array_key_exists('config', $event)) {
-                    $webEntry = json_decode($event['config'])->web_entry;
+                    $config = json_decode($event['config']);
+                    $webEntry = $config->web_entry ?? null;
                     $event['webEntry'] = $webEntry;
+
+                    $isEmailStartEvent = is_object($config) && property_exists($config, 'email_start');
                 }
-                if (
-                    $this->checkUserCanStartProcess($event, $currentUser->id, $process, $request) ||
-                    Auth::user()->is_administrator
-                ) {
+
+                $canStart = $this->checkUserCanStartProcess($event, $currentUser->id, $process, $request);
+                $isAdmin = Auth::user()->is_administrator;
+
+                if (($canStart || $isAdmin) && !$isEmailStartEvent) {
                     $startEvents[] = $event;
                 }
             }