From 3d0de86d2f716bc64277fb5aa20c3d85c9c0eb06 Mon Sep 17 00:00:00 2001
From: Graham Dixon <graham@gitcoin.co>
Date: Thu, 3 Jun 2021 20:49:04 +0100
Subject: [PATCH 1/2] permissions on activity (#8992)

Co-authored-by: owocki <ksowocki@gmail.com>
---
 app/townsquare/views.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/townsquare/views.py b/app/townsquare/views.py
index d55cc6fc847..eadf3757969 100644
--- a/app/townsquare/views.py
+++ b/app/townsquare/views.py
@@ -573,7 +573,14 @@ def api(request, activity_id):
 
     # deletion request
     if request.POST.get('method') == 'delete':
-        activity.delete()
+        has_perms = False
+        if request.user.is_authenticated:
+            if activity.profile and request.user.profile.pk == activity.profile.pk:
+                has_perms = True
+            if activity.other_profile and request.user.other_profile.pk == activity.other_profile.pk:
+                has_perms = True
+        if has_perms:
+            activity.delete()
 
     # deletion request
     if request.POST.get('method') == 'vote':

From 2302e82481e5d80deca8d5029ea5c9d654e928df Mon Sep 17 00:00:00 2001
From: Graham Dixon <graham@gdixon.co.uk>
Date: Thu, 3 Jun 2021 09:51:22 +0100
Subject: [PATCH 2/2] Ensures that all tokens are considered and not just the
 token with the lowest id

---
 app/dashboard/utils.py | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/app/dashboard/utils.py b/app/dashboard/utils.py
index 779f07d94b8..089e44472ca 100644
--- a/app/dashboard/utils.py
+++ b/app/dashboard/utils.py
@@ -463,7 +463,7 @@ def get_poap_transfers(uri, address):
 
 def get_poap_earliest_owned_token_timestamp(network, address):
     # returning None when no tokens are held for address
-    timestamp = None
+    tokens_timestamps = []
     # must query the graph using lowercase address
     address = address.lower()
 
@@ -483,9 +483,9 @@ def get_poap_earliest_owned_token_timestamp(network, address):
             pass
         else:
             # flatten tokenIds into a dict
-            tokens_dict = list()
+            tokens_list = []
             for token in poap_tokens:
-                tokens_dict.append(token['id'])
+                tokens_list.append(token['id'])
 
             # pull the transfers so that we can check timestamps
             poap_transfers = get_poap_transfers(uri, address)
@@ -494,15 +494,18 @@ def get_poap_earliest_owned_token_timestamp(network, address):
             # check the earliest received token that is still owned by the address
             for token in tokens_transfered:
                 # token still owned by the address?
-                if token['id'] in tokens_dict:
+                if token['id'] in tokens_list:
                     # use timestamp of most recent transfer
-                    timestamp = int(token['transfers'][0]['timestamp'])
-                    break
+                    tokens_timestamps.append(int(token['transfers'][0]['timestamp']))
     except:
         # returning 0 will print a failed (try again) error
-        timestamp = 0
+        tokens_timestamps[0] = 0
+
+    # sort to discover earliest
+    tokens_timestamps.sort()
 
-    return timestamp
+    # return the earliest timestamp
+    return tokens_timestamps[0] if len(tokens_timestamps) else None
 
 
 def get_ens_contract_addresss(network, legacy=False):