from django.contrib.admin.views.decorators import staff_member_required
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404, redirect, render
from .models import Candidate, Comment
@@ -53,6 +54,8 @@ def create_comment(request, slug):
@staff_member_required
def edit_comment(request, comment_id):
comment = get_object_or_404(Comment, id=comment_id)
if request.user != comment.user and not request.user.has_perm('usethesource.change_comment'):
raise PermissionDenied
if request.method == 'GET':
form = CommentForm(instance=comment)
else:
@@ -72,8 +75,11 @@ def view_comment(request, comment_id, show_add):
def delete_comment(request, comment_id, show_add):
if request.user != comment.user and not request.user.has_perm('usethesource.delete_comment'):
comment.delete()
show_add = show_add == 'true'
Comment.objects.filter(id=comment_id).delete()
return render(request, 'usethesource/comment_deleted.html', {'comment': None, 'add': show_add})