from rest_framework.exceptions import PermissionDenied

from apps.logs.services import WORKSPACE_LOGS_VIEW
from apps.workspaces.services import has_workspace_capability


def enforce_workspace_log_access(user, workspace) -> None:
    if not user or not user.is_authenticated:
        raise PermissionDenied("Authentication credentials were not provided.")
    if not has_workspace_capability(user, workspace, WORKSPACE_LOGS_VIEW):
        raise PermissionDenied("You do not have permission to view workspace logs.")