feat: implement sealed letter protection in backend

2026-05-04 08:56:52 +00:00 · 2026-04-15 03:33:52 +05:30
parent a1735e4011
commit 87dd1fd1f5
2 changed files with 44 additions and 4 deletions
@@ -36,6 +36,10 @@ class LetterDetailView(generics.RetrieveUpdateDestroyAPIView):
        # upsert: create if doesn't exist, else update
        letter, created = Letter.objects.get_or_create(public_id=public_id, user=request.user)

+        # check if already sealed
+        if not created and letter.status == Letter.Status.SEALED:
+            return Response({"error": "Sealed letters cannot be modified."}, status=400)
+
        # request.data handles both JSON and Multipart automatically in DRF
        serializer = self.get_serializer(letter, data=request.data, partial=True)
        serializer.is_valid(raise_exception=True)
@@ -43,7 +47,11 @@ class LetterDetailView(generics.RetrieveUpdateDestroyAPIView):

        # Note: image_files is a list of binary files in request.FILES
        if "image_files" in request.FILES:
-            letter.images.all().delete()
+            # Delete old image files from storage and database
+            for old_image in letter.images.all():
+                old_image.file.delete(save=False)
+                old_image.delete()
+
            for image_file in request.FILES.getlist("image_files"):
                LetterImage.objects.create(letter=letter, file=image_file, file_name=image_file.name)