from rest_framework import viewsets, permissions

from upload.models import Upload
from upload.api.serializers import UploadSerializer

class UploadViewSet(viewsets.ModelViewSet):
    queryset = Upload.objects.all()
    serializer_class = UploadSerializer
    permission_classes = [permissions.IsAuthenticated]

    def get_queryset(self):
        # Les utilisateurs ne peuvent voir que leurs propres uploads
        if not self.request.user.is_staff:
            return Upload.objects.filter(user=self.request.user)
        # Les administrateurs peuvent voir tous les uploads
        return Upload.objects.all()

    def perform_create(self, serializer):
        serializer.save(user=self.request.user)