from rest_framework import permissions
from .models import RolePermission

class HasAPIPermission(permissions.BasePermission):
    """
    Checks if the user has the specific API permission required by the view.
    The view must define `required_permission = 'api:something'` or a dictionary mapping methods to permissions:
    `required_permissions = {'GET': 'api:read', 'POST': 'api:write'}`
    """
    def has_permission(self, request, view):
        if not request.user or not request.user.is_authenticated:
            return False
            
        if getattr(request.user, 'is_superuser', False):
            return True

        method = request.method
        required_perm = None
        
        if hasattr(view, 'required_permissions') and isinstance(view.required_permissions, dict):
            required_perm = view.required_permissions.get(method)
        elif hasattr(view, 'required_permission'):
            required_perm = view.required_permission
            
        if not required_perm:
            # If no permission is required, default to IsAdminUser logic for safety, 
            # or True if you want it open. Let's require staff status by default for admin views.
            return request.user.is_staff

        user_perms = RolePermission.objects.filter(role__userrole__user=request.user).values_list('permission__code', flat=True)
        return required_perm in user_perms