from rolepermissions.permissions import register_object_checker
from rolepermissions.checkers import has_permission, has_role
from users.roles import SuperAdminRole, ManagerRole, EmployeeRole, AuthenticatedUser, CustomerRole
from rest_framework.permissions import BasePermission, SAFE_METHODS


class IsSuperAdmin(BasePermission):
    """
    Allows Super admin and higher priviledge users to access object.
    """

    def has_permission(self, request, view):
        result = has_role(request.user, SuperAdminRole) and has_role(
            request.user, ManagerRole) and has_role(
                request.user, EmployeeRole) and has_role(
                    request.user, CustomerRole) and has_role(
                        request.user, AuthenticatedUser)
        return bool(request.user and request.user.is_authenticated and result)


class IsManager(BasePermission):
    """
    Allows manager and higher priviledge users to access object.
    """

    def has_permission(self, request, view):
        result = has_role(request.user, ManagerRole) and has_role(
            request.user, EmployeeRole) and has_role(
                request.user, CustomerRole) and has_role(
                    request.user, AuthenticatedUser)
        return bool(request.user and request.user.is_authenticated and result)


class IsEmployee(BasePermission):
    """
    Allows employee and higher priviledge users to access object.
    """

    def has_permission(self, request, view):
        result = has_role(request.user, EmployeeRole) and has_role(
            request.user, CustomerRole) and has_role(request.user,
                                                     AuthenticatedUser)
        return bool(request.user and request.user.is_authenticated and result)


class IsCustomer(BasePermission):
    """
    Allows Customer and higher priviledge users to access object.
    """

    def has_permission(self, request, view):
        result = has_role(request.user, CustomerRole) and has_role(
            request.user, AuthenticatedUser)
        return bool(request.user and request.user.is_authenticated and result)


class IsAuthenticated(BasePermission):
    """
    Allows Authenticated users and higher priviledge users to access object.
    """

    def has_permission(self, request, view):
        result = has_role(request.user, AuthenticatedUser)
        return bool(request.user and request.user.is_authenticated and result)


class AllowAny(BasePermission):
    """
    Allows Authenticated users and higher priviledge users to access object.
    """

    def has_permission(self, request, view):
        return bool(True)


class IsOwnerOrReadOnly(BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it.
    Assumes the model instance has an `owner` attribute.
    """

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in SAFE_METHODS:
            return True

        # Instance must have an attribute named `owner`.
        return obj.owner == request.user


class ReadOnly(BasePermission):
    def has_permission(self, request, view):
        return request.method in SAFE_METHODS


# @register_object_checker()
# def access_employee(role, user, customer):
#         result = has_role(user, SuperAdminRole) or  has_role(user, ManagerRole) or has_role(user, EmployeeRole)

#     if role == SuperAdminRole:
#         return True
#     return False


@register_object_checker()
def is_daccount_owner(role, user, daccount):
    if (user.customer_details == daccount.customer) and role == CustomerRole:
        return True
    return False