Update views.py

2025-11-04 01:12:08 +01:00 · 2025-05-08 19:38:40 +02:00
parent 71ef3aedd8
commit 3065eacc96
1 changed files with 16 additions and 2 deletions
--- a/apps/activity/views.py
+++ b/apps/activity/views.py
@@ -9,7 +9,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
 from django.db.models import F, Q
-from django.http import HttpResponse
+from django.http import HttpResponse,JsonResponse
 from django.urls import reverse_lazy
 from django.utils import timezone
 from django.utils.decorators import method_decorator
@@ -153,6 +153,9 @@ class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
        return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})

 class ActivityDeleteView(View):
+    """
+    Deletes an Activity
+    """
    def delete(self, request, pk):
        try:
            activity = Activity.objects.get(pk=pk)
@@ -162,7 +165,18 @@ class ActivityDeleteView(View):
            return JsonResponse({"error": "Activity not found"}, status=404)

    def dispatch(self, *args, **kwargs):
-        # Optionnel : restreindre à utilisateur connecté ou permissions
+        """
+        Don't display the delete button if the user has no right to delete.
+        """
+        if not self.request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        activity = Activity.objects.get(pk=self.kwargs["pk"])
+        if not PermissionBackend.check_perm(self.request, "activity.delete_activity", activity):
+            raise PermissionDenied(_("You are not allowed to delete this activity."))
+
+        if activity.valid:
+            raise PermissionDenied(_("This activity is valid."))
        return super().dispatch(*args, **kwargs)