from rest_framework.permissions import BasePermission, SAFE_METHODS

class TargetIsStaff(BasePermission):
    message = "Hanya bisa memodifikasi user staff."

    def has_permission(self, request, view):
        if request.method in SAFE_METHODS:
            return bool(request.user and request.user.is_authenticated)

        return bool(request.user and request.user.is_staff)
    
    def has_object_permission(self, request, view, obj):
        return bool(request.user.is_staff and obj.is_staff)