From 5b852a5fb70845e53d50a35767ad01b043115d5e Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Wed, 6 Nov 2024 11:58:02 -0400
Subject: [PATCH] feat: check for destroy_playlist permssion or ownership to
 delete

---
 program/views.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/program/views.py b/program/views.py
index 99b19f2f..ea69e683 100644
--- a/program/views.py
+++ b/program/views.py
@@ -1689,9 +1689,11 @@ class APIPlaylistViewSet(viewsets.ModelViewSet):
 
     def destroy(self, request, *args, **kwargs):
         playlist = self.get_object()
+
         user = request.user
+        user_is_owner = user in playlist.show.owners.all()
 
-        if user not in playlist.show.owners.all():
+        if not (user.has_perm("program.destroy_playlist") or user_is_owner):
             raise exceptions.PermissionDenied("You are not allowed to delete this playlist.")
 
         playlist.delete()
-- 
GitLab