from rest_framework import permissions


class IsAdminToAllowCRUD(permissions.BasePermission):
    def has_permission(self, request, view):
        # allow all POST requests
        if request.method == "GET":
            return True

        # Otherwise, only allow authenticated requests
        return (
            request.user and request.user.is_authenticated and request.user.is_superuser
        )


class AdminOrPostOnlyPermission(permissions.BasePermission):
    """
    Custom permission to allow admins to perform any action and normal users only to create.
    """

    def has_permission(self, request, view):
        # Allow POST requests for all users
        if request.method == "POST":
            return True

            # Otherwise, only allow authenticated requests
        return (
            request.user and request.user.is_authenticated and request.user.is_superuser
        )


class AdminOrPostDeleteOnlyPermission(permissions.BasePermission):
    """
    Custom permission to allow admins to perform any action and normal users only to create, update and delete.
    """

    def has_permission(self, request, view):
        # Allow POST requests for all users
        if request.method in ["POST", "DELETE"]:
            return True

            # Otherwise, only allow authenticated requests and admin user
        return (
            request.user and request.user.is_authenticated and request.user.is_superuser
        )