from rest_framework import permissions

from apps.workspaces.services import (
    PROJECTS_EDIT,
    PROJECTS_VIEW,
    has_workspace_capability,
)


def get_project_from_obj(obj):
    """Helper to extract the project from different model types."""
    # If the object is a Project, it will have a 'workspace' attribute. 
    # Otherwise, it's a related model (Membership, Rate) and has a 'project' attribute.
    return obj if hasattr(obj, "workspace") else obj.project


class IsProjectMember(permissions.BasePermission):
    """
    Allows access to users who can view projects in the parent workspace.
    """
    message = "شما عضو این پروژه نیستید."

    def has_object_permission(self, request, view, obj):
        if not request.user or not request.user.is_authenticated:
            return False

        project = get_project_from_obj(obj)
        return has_workspace_capability(request.user, project.workspace, PROJECTS_VIEW)


class IsProjectManager(permissions.BasePermission):
    """
    Allows access to users who can manage projects in the parent workspace.
    """
    message = "فقط مدیران پروژه مجاز به انجام این عملیات هستند."

    def has_object_permission(self, request, view, obj):
        if not request.user or not request.user.is_authenticated:
            return False

        project = get_project_from_obj(obj)
        return has_workspace_capability(request.user, project.workspace, PROJECTS_EDIT)