From ddae68b433874c72f354d8c9b4fdea4b9f9728c4 Mon Sep 17 00:00:00 2001
From: Viswamedha Nalabotu <vxn217@student.bham.ac.uk>
Date: Sun, 8 Mar 2026 12:20:13 +0000
Subject: [PATCH] Added common permission classes and validator methods

---
 apps/accounts/permissions.py | 37 ++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 apps/accounts/permissions.py

diff --git a/apps/accounts/permissions.py b/apps/accounts/permissions.py
new file mode 100644
index 0000000..f2170b8
--- /dev/null
+++ b/apps/accounts/permissions.py
@@ -0,0 +1,37 @@
+from rest_framework.permissions import BasePermission
+
+from apps.accounts.models import Organization
+
+def get_organization_from_object(obj):
+    if isinstance(obj, Organization):
+        return obj
+
+    organization = getattr(obj, 'organization', None)
+    if isinstance(organization, Organization):
+        return organization
+
+    role = getattr(obj, 'role', None)
+    organization = getattr(role, 'organization', None)
+    if isinstance(organization, Organization):
+        return organization
+
+    return None
+
+def can_manage_organization(user, organization):
+    if organization is None:
+        return False
+
+    is_owner = organization.owner.id == user.id
+    is_member_manager = bool(user.is_manager) and organization.members.filter(id=user.id).exists()
+    return is_owner or is_member_manager
+
+class IsOrganizationOwnerOrMember(BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if not isinstance(obj, Organization):
+            return False
+        return request.user.is_member_of(obj) or request.user.is_owner_of(obj)
+
+class CanManageOrganization(BasePermission):
+    def has_object_permission(self, request, view, obj):
+        organization = get_organization_from_object(obj)
+        return can_manage_organization(request.user, organization)