from rest_framework import permissions


class IsCreator(permissions.BasePermission):
    """
    Grant permission if request.user same as obj.creator
    """

    def has_object_permission(self, request, view, obj):
        if obj is not None:
            # allow if authenticated and method is safe
            if request.method in permissions.SAFE_METHODS:
                return True

            # admins always have permission
            if request.user.is_staff is True:
                return True
            # permission if user is the object's creator
            return obj.creator == request.user
        return False


class IsStaff(permissions.BasePermission):
    """
    Grant permission if request.user.is_staff is True
    """

    def has_object_permission(self, request, view, obj):
        if obj is not None:
            if request.user.is_staff is True:
                return True
        return False


class ReadOnly(permissions.BasePermission):
    def has_permission(self, request, view):
        return request.method in permissions.SAFE_METHODS


class CustomUserPermissions(permissions.BasePermission):
    """
    Custom permissions for managing custom user instances
    """
    def has_permission(self, request, view):
        # allow anon users to create new CustomUser (inactive)
        if request.method == 'POST' and request.user.is_anonymous is True:
            return True

        # only admins can change or delete
        if request.user.is_staff is True:
            return True

        # for everything else
        return False