# permissions.py
from rest_framework.permissions import BasePermission
from projects.models import Project, ProjectTeamList
from portfolios.models import Portfolio

from .services import NocodetoolObjectMapService

UNSAFE_REQUEST = ["POST", "PUT", "PATCH", "DELETE"]

class IsNotPublished(BasePermission):
    def has_permission(self, request, view):
        if request.method not in UNSAFE_REQUEST:
            return True

        related_type = request.query_params.get("type")
        related_id = request.query_params.get("id")

        if not related_type or not related_id:
            return False

        if obj := NocodetoolObjectMapService.mapping_model_instance(related_type, related_id):
            if not obj.is_published:
                return True
        return False

class IsOwnerOrMemberInCreateAndUpdateAndDelete(BasePermission):
    def has_permission(self, request, view):
        if request.method not in UNSAFE_REQUEST:
            return True

        related_type = request.query_params.get("type")
        related_id = request.query_params.get("id")

        if not related_type or not related_id:
            return False

        user = request.user

        if related_type == "project":
            return ProjectTeamList.objects.filter(project=related_id, user=user).exists()
        elif related_type == "portfolio":
            return Portfolio.objects.filter(id=related_id, owner=user).exists()
        else:
            return False