from rest_framework.permissions import BasePermission


class HasUserPermission(BasePermission):
    """
    Ensure the request user has the proper permissions.

    Usage:

    class MyView(APIView):
        permission_classes = [HasUserPermission]
        required_permissions = ['federation']
    """

    def has_permission(self, request, view):
        if not hasattr(request, "user") or not request.user:
            return False
        if request.user.is_anonymous:
            return False
        operator = getattr(view, "permission_operator", "and")
        return request.user.has_permissions(
            *view.required_permissions, operator=operator
        )