from rest_framework import permissions

def has_permission(self, request, view):
    if request.user.is_authenticated:
        try:
            employee = request.user.employee
            return employee is not None and employee.role is not None
        except Employee.DoesNotExist:
            return False
    return False
from .models import Employee

class EmployeeAPIPermission(permissions.BasePermission):
    def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True  # Allow GET requests for all users

        user = request.user
        if user.is_authenticated and user.role:
            role_name = user.role.name
            if role_name == 'Admin':
                return True  # Allow CRUD operations for Admin role
            elif role_name == 'Employee' and request.method in ['GET', 'PUT']:
                return True  # Allow GET and PUT requests for Employee role

        return False

from rest_framework import permissions


class GoogleAuthenticatedPermission(permissions.BasePermission):
    def has_permission(self, request, view):
        # Check if the user is authenticated
        if not request.user.is_authenticated:
            return False

        # Check if the user is authenticated with a Google account
        if 'email' not in request.session:
            return False

        # Perform additional checks if needed
        # For example, verify the email in request.session with the email from id_token_data

        return True