From aff5babb2023cf22f979edcc62d4fc791c72394d Mon Sep 17 00:00:00 2001
From: Commander1024 <commander@commander1024.de>
Date: Wed, 12 Aug 2020 17:18:31 +0200
Subject: [PATCH] Added UserTestMixin to PlaceDeleteView.

---
 lostplaces/lostplaces_app/views.py | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/lostplaces/lostplaces_app/views.py b/lostplaces/lostplaces_app/views.py
index ab0b67b..5ee901c 100644
--- a/lostplaces/lostplaces_app/views.py
+++ b/lostplaces/lostplaces_app/views.py
@@ -7,6 +7,8 @@ from django.urls import reverse_lazy
 from django.views.generic.edit import CreateView, UpdateView, DeleteView
 from django.views import View
 from django.http import Http404
+from django.contrib import messages
+from django.contrib.auth.mixins import UserPassesTestMixin
 
 from .forms import (
     ExplorerCreationForm, 
@@ -95,9 +97,22 @@ class PlaceCreateView(View):
             )
             place_image.save()
 
-class PlaceDeleteView(DeleteView):
+class PlaceDeleteView(UserPassesTestMixin, DeleteView):
     template_name = 'place/place_delete.html'
     model = Place
+    success_url = reverse_lazy('place_list')
+    
+    def test_func(self):
+        """ Check if user is eligible to delete place. """
+        if self.request.user.is_superuser:
+            return True
+        
+        place_obj = self.get_object()
 
-    def get_success_url(self):
-        return reverse_lazy('place_list')
+        # Check if currently logged in user was the submitter
+        if self.request.user == place_obj.submitted_by:
+            return True
+
+        messages.error(
+            self.request, 'You do not have permission to delete this place.')
+        return False
\ No newline at end of file