# coding=utf-8

from rest_framework import permissions
from django.utils import timezone

from apps.staff.models import User

class IsStaff(permissions.BasePermission):
    def has_permission(self, request, view):
        if not request.user or not request.user.is_authenticated:
            return False

        User.objects.filter(pk=request.user.pk).select_for_update().update(last_refresh=timezone.now())
        return request.user.is_staff()

class IsAdministrator(permissions.BasePermission):
    def has_permission(self, request, view):
        if not request.user or not request.user.is_authenticated:
            return False

        User.objects.filter(pk=request.user.pk).select_for_update().update(last_refresh=timezone.now())
        return request.user.is_administrator()