From 3065eacc96431eadc01098cf9253bae98bfbf736 Mon Sep 17 00:00:00 2001 From: ehouarn Date: Thu, 8 May 2025 19:38:40 +0200 Subject: [PATCH] Update views.py --- apps/activity/views.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/apps/activity/views.py b/apps/activity/views.py index bebc7899..08e53077 100644 --- a/apps/activity/views.py +++ b/apps/activity/views.py @@ -9,7 +9,7 @@ from django.contrib.contenttypes.models import ContentType from django.core.exceptions import PermissionDenied from django.db import transaction from django.db.models import F, Q -from django.http import HttpResponse +from django.http import HttpResponse,JsonResponse from django.urls import reverse_lazy from django.utils import timezone from django.utils.decorators import method_decorator @@ -153,6 +153,9 @@ class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]}) class ActivityDeleteView(View): + """ + Deletes an Activity + """ def delete(self, request, pk): try: activity = Activity.objects.get(pk=pk) @@ -162,7 +165,18 @@ class ActivityDeleteView(View): return JsonResponse({"error": "Activity not found"}, status=404) def dispatch(self, *args, **kwargs): - # Optionnel : restreindre à utilisateur connecté ou permissions + """ + Don't display the delete button if the user has no right to delete. + """ + if not self.request.user.is_authenticated: + return self.handle_no_permission() + + activity = Activity.objects.get(pk=self.kwargs["pk"]) + if not PermissionBackend.check_perm(self.request, "activity.delete_activity", activity): + raise PermissionDenied(_("You are not allowed to delete this activity.")) + + if activity.valid: + raise PermissionDenied(_("This activity is valid.")) return super().dispatch(*args, **kwargs)