from rest_framework import permissions
from relay.utils.authentication import APITokenUser

class HasValidAPIToken(permissions.BasePermission):
    """
    Custom permission to only allow access to API token authenticated users.
    """
    
    def has_permission(self, request, view):
        # Check if user is authenticated via API token
        return (
            request.user and 
            isinstance(request.user, APITokenUser) and 
            request.user.is_authenticated
        )