# permissions.py
from functools import wraps
from django.http import HttpResponseForbidden
from django.contrib.auth.decorators import user_passes_test
from django.shortcuts import render


def permission_required(permission_codename, template_name='403.html'):
    """
    Decorator that checks permissions and renders a custom 403 template if denied.
    
    Args:
        permission_codename (str): The permission to check (format: 'app_label.permission_codename')
        template_name (str): Path to your custom 403 template (default: '403.html')
    """
    def decorator(view_func):
        @wraps(view_func)
        def _wrapped_view(request, *args, **kwargs):
            if request.user.has_perm(permission_codename) or request.user.is_superuser:
                return view_func(request, *args, **kwargs)
            return render(request, template_name, status=403)
        return _wrapped_view
    return decorator
def superuser_required(view_func):
    """
    Decorator that checks if user is a superuser.
    Returns 403 Forbidden for all non-superusers (authenticated or not).
    """
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        if not (request.user.is_authenticated and request.user.is_superuser):
            return render(request, '403.html', status=403)
        return view_func(request, *args, **kwargs)
    
    return _wrapped_view