from rest_framework import permissions
from service_ownership.models.service_ownership import ServiceOwnership, ServiceStatus
from .models.services import Services

class IsServiceOwnerOrAdmin(permissions.BasePermission):
    """
    Custom permission:
    - SAFE_METHODS (GET, HEAD, OPTIONS): allow everyone
    - Non-safe methods (PUT, PATCH, DELETE): only allow
        * Admins
        * Users with approved (CLAIMED) ownership of the service
    """

    def has_object_permission(self, request, view, obj: Services):
        # Admin can do anything
        if request.user and request.user.is_staff:
            return True

        # Allow safe methods (anyone can view)
        if request.method in permissions.SAFE_METHODS:
            return True

        # For modification, check ownership
        try:
            ownership = obj.service_ownership
            if (
                ownership.user == request.user and
                ownership.service_status == ServiceStatus.CLAIMED
            ):
                return True
        except ServiceOwnership.DoesNotExist:
            return False

        return False