from rest_framework import permissions
from account.models import UserRole, Role, User


class IsCommentModerator(permissions.IsAuthenticatedOrReadOnly):
    """
    Object-level permission to only allow owners of an object to edit it.
    Assumes the model instance has an `owner` attribute.
    """

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS or \
                obj.user == request.user or request.user.is_superuser:
            return True

        # Must have role
        role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
                                   country__languages__id=obj.language_id)\
            .first()  # 'Comments moderator'

        is_access = UserRole.objects.filter(user=request.user, role=role).exists()
        if obj.user != request.user and is_access:
            return True

        return False