| 123456789101112131415161718192021222324252627 |
- from django.contrib import messages
- from django.contrib.auth.decorators import login_required
- from django.core.exceptions import PermissionDenied
- from django.shortcuts import get_object_or_404, redirect
- from django.urls import reverse
- from tickets.models import Attachment
- from tickets.utils import remove_attachment_file
- @login_required
- def remove_attachment(request, attachment_id):
- if request.method == "POST":
- attachment = get_object_or_404(Attachment, pk=attachment_id)
- if not (attachment.added_by == request.user or attachment.ticket.created_by == request.user) and (attachment.ticket.list.group in request.user.groups.all()):
- raise PermissionDenied
- if remove_attachment_file(attachment.id):
- messages.success(request, f"The attachment has been successfully deleted.")
- else:
- messages.error(request, f"Sorry, there was a problem deleting attachment.")
- return redirect(reverse("tickets:ticket_detail", kwargs={"pk": attachment.ticket.pk}))
- else:
- raise PermissionDenied
|
