| 12345678910111213141516171819202122232425262728293031323334353637 |
- from django.contrib import messages
- from django.contrib.auth.decorators import login_required
- from django.core.exceptions import PermissionDenied
- from django.shortcuts import get_object_or_404, redirect
- from django.urls import reverse
- from tickets.models import Attachment
- from tickets.utils import remove_attachment_file
- @login_required
- def remove_attachment(request, attachment_id):
- if request.method == "POST":
- attachment = get_object_or_404(Attachment, pk=attachment_id)
- # Permissions
- is_admin_or_staff = request.user.is_superuser or request.user.is_staff
- is_attachment_accessible = (
- attachment.added_by == request.user or
- attachment.ticket.created_by == request.user and (
- attachment.ticket.assigned_to == request.user or
- attachment.ticket.list.group in request.user.groups.all()
- )
- )
- if not (is_admin_or_staff or is_attachment_accessible):
- raise PermissionDenied
- if remove_attachment_file(attachment.id):
- messages.success(request, f"The attachment has been successfully deleted.")
- else:
- messages.error(request, f"Sorry, there was a problem deleting attachment.")
- return redirect(reverse("tickets:ticket_detail", kwargs={"pk": attachment.ticket.pk}))
- else:
- raise PermissionDenied
|
