"""
Custom Permissions for Role-Based Access Control
"""
from rest_framework import permissions


class IsAdminUser(permissions.BasePermission):
    """Only admins can access"""
    
    def has_permission(self, request, view):
        return request.user and request.user.is_authenticated and request.user.is_admin


class IsStaffUser(permissions.BasePermission):
    """Only staff members can access"""
    
    def has_permission(self, request, view):
        return request.user and request.user.is_authenticated and request.user.is_staff_member


class IsInventoryManager(permissions.BasePermission):
    """Only inventory managers can access"""
    
    def has_permission(self, request, view):
        return (
            request.user and
            request.user.is_authenticated and
            request.user.role in ['ADMIN', 'STAFF_ADMIN', 'INVENTORY']
        )


class IsSalesManager(permissions.BasePermission):
    """Only sales managers can access"""
    
    def has_permission(self, request, view):
        return (
            request.user and
            request.user.is_authenticated and
            request.user.role in ['ADMIN', 'STAFF_ADMIN', 'SALES']
        )


class IsContentManager(permissions.BasePermission):
    """Only content managers can access"""
    
    def has_permission(self, request, view):
        return (
            request.user and
            request.user.is_authenticated and
            request.user.role in ['ADMIN', 'STAFF_ADMIN', 'CONTENT']
        )


class IsOwnerOrReadOnly(permissions.BasePermission):
    """
    Object-level permission to only allow owners to edit
    """
    
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        
        return obj.user == request.user