from typing import Callable
from django.http import HttpResponseForbidden, HttpRequest, HttpResponse
from django.contrib.auth.models import User
from django.template import loader, Template


def custom_forbidden_response(
    message: str = "Доступ заборонено. Тільки для адміністраторів."
) -> HttpResponseForbidden:
    template = loader.get_template('response/403.html')
    result = template.render({"message": message})
    return HttpResponseForbidden(result)


class AuthedHttpRequest(HttpRequest):
    user: User


class FilebrowserAccess:

    def __init__(self, get_response: Callable[[HttpRequest], HttpResponse]):
        self.get_response = get_response
        self.filebrowser_user_dirs = [
            '_versions',
            'uploads',
            'icons',
        ]

    def __call__(self, request: AuthedHttpRequest) -> HttpResponse:
        response = self.get_response(request)

        is_filebrowser = request.path.startswith('/admin/filebrowser/browse/')
        if is_filebrowser:
            filebrowser_dir = request.GET.get('dir', None)
            if filebrowser_dir:
                directory = filebrowser_dir.split('/')[0]
                if directory not in self.filebrowser_user_dirs and not request.user.is_superuser:
                    return custom_forbidden_response()

        return response