from rest_framework import permissions

from apps.projects.models import ProjectMembership
from apps.workspaces.services import (
    PROJECTS_EDIT,
    PROJECTS_VIEW,
    PROJECT_MEMBERS_CHANGE_ROLE,
    has_project_capability,
)


def get_project_from_obj(obj):
    """Helper to extract the project from different model types."""
    # If the object is a Project, it will have a 'workspace' attribute. 
    # Otherwise, it's a related model (Membership, Rate) and has a 'project' attribute.
    return obj if hasattr(obj, "workspace") else obj.project


class IsProjectMember(permissions.BasePermission):
    """
    Allows access only to users who have an active membership in the project.
    """
    message = "شما عضو این پروژه نیستید."

    def has_object_permission(self, request, view, obj):
        if not request.user or not request.user.is_authenticated:
            return False

        project = get_project_from_obj(obj)
        return has_project_capability(request.user, project, PROJECTS_VIEW)


class IsProjectManager(permissions.BasePermission):
    """
    Allows access only to users who are active MANAGERs of the project.
    """
    message = "فقط مدیران پروژه مجاز به انجام این عملیات هستند."

    def has_object_permission(self, request, view, obj):
        if not request.user or not request.user.is_authenticated:
            return False

        project = get_project_from_obj(obj)
        return has_project_capability(request.user, project, PROJECTS_EDIT)


class CanManageProjectMembers(permissions.BasePermission):
    message = "Only authorized users can manage project memberships."

    def has_object_permission(self, request, view, obj):
        if not request.user or not request.user.is_authenticated:
            return False

        project = get_project_from_obj(obj)
        return has_project_capability(
            request.user,
            project,
            PROJECT_MEMBERS_CHANGE_ROLE,
        )