From 3d0de86d2f716bc64277fb5aa20c3d85c9c0eb06 Mon Sep 17 00:00:00 2001
From: Graham Dixon <graham@gitcoin.co>
Date: Thu, 3 Jun 2021 20:49:04 +0100
Subject: [PATCH] permissions on activity (#8992)

Co-authored-by: owocki <ksowocki@gmail.com>
---
 app/townsquare/views.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/townsquare/views.py b/app/townsquare/views.py
index d55cc6fc847..eadf3757969 100644
--- a/app/townsquare/views.py
+++ b/app/townsquare/views.py
@@ -573,7 +573,14 @@ def api(request, activity_id):
 
     # deletion request
     if request.POST.get('method') == 'delete':
-        activity.delete()
+        has_perms = False
+        if request.user.is_authenticated:
+            if activity.profile and request.user.profile.pk == activity.profile.pk:
+                has_perms = True
+            if activity.other_profile and request.user.other_profile.pk == activity.other_profile.pk:
+                has_perms = True
+        if has_perms:
+            activity.delete()
 
     # deletion request
     if request.POST.get('method') == 'vote':