from rest_framework.permissions import BasePermission
# from drf_keycloak_auth.authentication import KeycloakAuthentication
from django.conf import settings


class UserPermission(BasePermission):
    def has_permission(self, request, view):
        kk_profile = request.auth
        kk_roles = kk_profile.get('realm_access', {}).get('roles', [])
        if request.method not in ['GET']:
            # if view.action in [
            #     'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
            #     'update', 'partial_update', 'destroy', 'create',
            # ]:
            return settings.KK_EDITOR_ROLE in kk_roles
        else:
            return settings.KK_EDITOR_ROLE in kk_roles or settings.KK_VIEWER_ROLE in kk_roles