Update views.py

apps/activity/views.py

@@ -9,7 +9,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
 from django.db.models import F, Q
-from django.http import HttpResponse
+from django.http import HttpResponse,JsonResponse
 from django.urls import reverse_lazy
 from django.utils import timezone
 from django.utils.decorators import method_decorator
@@ -153,6 +153,9 @@ class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
         return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
 
 class ActivityDeleteView(View):
+    """
+    Deletes an Activity
+    """
     def delete(self, request, pk):
         try:
             activity = Activity.objects.get(pk=pk)
@@ -162,7 +165,18 @@ class ActivityDeleteView(View):
             return JsonResponse({"error": "Activity not found"}, status=404)
 
     def dispatch(self, *args, **kwargs):
-        # Optionnel : restreindre à utilisateur connecté ou permissions
+        """
+        Don't display the delete button if the user has no right to delete.
+        """
+        if not self.request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        activity = Activity.objects.get(pk=self.kwargs["pk"])
+        if not PermissionBackend.check_perm(self.request, "activity.delete_activity", activity):
+            raise PermissionDenied(_("You are not allowed to delete this activity."))
+
+        if activity.valid:
+            raise PermissionDenied(_("This activity is valid."))
         return super().dispatch(*args, **kwargs)