[debug] show where permission is failing (#3264)

* [debug] show where permission is failing

* [fix] document.py

frappe/app.py

@@ -125,7 +125,12 @@ def handle_exception(e):
 	http_status_code = getattr(e, "http_status_code", 500)
 	return_as_message = False
 
-	if (http_status_code==500
+	if frappe.local.is_ajax or 'application/json' in frappe.local.request.headers.get('Accept', ''):
+		# handle ajax responses first
+		# if the request is ajax, send back the trace or error message
+		response = frappe.utils.response.report_error(http_status_code)
+
+	elif (http_status_code==500
 		and isinstance(e, MySQLdb.OperationalError)
 		and e.args[0] in (1205, 1213)):
 			# 1205 = lock wait timeout
@@ -133,13 +138,13 @@ def handle_exception(e):
 			# code 409 represents conflict
 			http_status_code = 508
 
-	if http_status_code==401:
+	elif http_status_code==401:
 		frappe.respond_as_web_page(_("Session Expired"),
 			_("Your session has expired, please login again to continue."),
 			http_status_code=http_status_code,  indicator_color='red')
 		return_as_message = True
 
-	if http_status_code==403:
+	elif http_status_code==403:
 		frappe.respond_as_web_page(_("Not Permitted"),
 			_("You do not have enough permissions to complete the action"),
 			http_status_code=http_status_code,  indicator_color='red')
@@ -151,10 +156,6 @@ def handle_exception(e):
 			http_status_code=http_status_code,  indicator_color='red')
 		return_as_message = True
 
-
-	elif frappe.local.is_ajax or 'application/json' in frappe.local.request.headers.get('Accept', ''):
-		response = frappe.utils.response.report_error(http_status_code)
-
 	else:
 		traceback = "<pre>"+frappe.get_traceback()+"</pre>"
 		if frappe.local.flags.disable_traceback:

frappe/core/page/desktop/desktop.js

@@ -71,6 +71,9 @@ $.extend(frappe.desktop, {
 		// 		route: 'usage-info'
 		// 	}
 
+		// TEMP: test activiation without this message.
+		return;
+
 		if(!frappe.user.has_role('System Manager')) {
 			return;
 		}

frappe/desk/form/load.py

@@ -33,6 +33,7 @@ def getdoc(doctype, name, user=None):
 		run_onload(doc)
 
 		if not doc.has_permission("read"):
+			frappe.flags.error_message = _('Insufficient Permission for {0}').format(frappe.bold(doctype + ' ' + name))
 			raise frappe.PermissionError, ("read", doctype, name)
 
 		doc.apply_fieldlevel_read_permissions()

frappe/model/db_query.py

@@ -33,6 +33,7 @@ class DatabaseQuery(object):
 		ignore_ifnull=False, save_user_settings=False, save_user_settings_fields=False,
 		update=None, add_total_row=None, user_settings=None):
 		if not ignore_permissions and not frappe.has_permission(self.doctype, "read", user=user):
+			frappe.flags.error_message = _('Insufficient Permission for {0}').format(frappe.bold(self.doctype))
 			raise frappe.PermissionError, self.doctype
 
 		# fitlers and fields swappable
@@ -198,6 +199,7 @@ class DatabaseQuery(object):
 		self.tables.append(table_name)
 		doctype = table_name[4:-1]
 		if (not self.flags.ignore_permissions) and (not frappe.has_permission(doctype)):
+			frappe.flags.error_message = _('Insufficient Permission for {0}').format(frappe.bold(doctype))
 			raise frappe.PermissionError, doctype
 
 	def set_field_tables(self):

frappe/model/document.py

@@ -156,9 +156,8 @@ class Document(BaseDocument):
 
 	def raise_no_permission_to(self, perm_type):
 		"""Raise `frappe.PermissionError`."""
-		msg = _("No permission to {0} {1} {2}".format(perm_type, self.doctype, self.name or ""))
-		frappe.msgprint(msg)
-		raise frappe.PermissionError(msg)
+		frappe.flags.error_message = _('Insufficient Permission for {0}').format(self.doctype)
+		raise frappe.PermissionError
 
 	def insert(self, ignore_permissions=None, ignore_if_duplicate=False, ignore_mandatory=None):
 		"""Insert the document in the database (as a new document).

frappe/public/js/frappe/request.js

@@ -82,6 +82,14 @@ frappe.request.call = function(opts) {
 				// session expired
 				frappe.app.handle_session_expired();
 			}
+			else if(xhr.responseJSON && xhr.responseJSON._error_message) {
+				frappe.msgprint({
+					title:__("Not permitted"), indicator:'red',
+					message: xhr.responseJSON._error_message
+				});
+
+				xhr.responseJSON._server_messages = null;
+			}
 			else if (xhr.responseJSON && xhr.responseJSON._server_messages) {
 				var _server_messages = JSON.parse(xhr.responseJSON._server_messages);
 
@@ -314,7 +322,8 @@ frappe.request.report_error = function(xhr, request_opts) {
 	if (exc) {
 		var error_report_email = (frappe.boot.error_report_email || []).join(", ");
 		var error_message = '<div>\
-			<pre style="max-height: 300px; margin-top: 7px;">' + exc + '</pre>'
+			<pre style="max-height: 300px; margin-top: 7px;">'
+				+ exc.replace(/</g, '&lt;').replace(/>/g, '&gt;') + '</pre>'
 			+'<p class="text-right"><a class="btn btn-primary btn-sm report-btn">'
 			+ __("Report this issue") + '</a></p>'
 			+'</div>';

frappe/utils/response.py

@@ -20,7 +20,10 @@ from frappe.core.doctype.file.file import check_file_permission
 from frappe.website.render import render
 
 def report_error(status_code):
-	if (status_code!=404 or frappe.conf.logging) and not frappe.local.flags.disable_traceback:
+	'''Build error. Show traceback in developer mode'''
+	if (frappe.conf.developer_mode
+		and (status_code!=404 or frappe.conf.logging)
+		and not frappe.local.flags.disable_traceback):
 		frappe.errprint(frappe.utils.get_traceback())
 
 	response = build_response("json")
@@ -92,6 +95,9 @@ def make_logs(response = None):
 	if frappe.debug_log and frappe.conf.get("logging") or False:
 		response['_debug_messages'] = json.dumps(frappe.local.debug_log)
 
+	if frappe.flags.error_message:
+		response['_error_message'] = frappe.flags.error_message
+
 def json_handler(obj):
 	"""serialize non-serializable data for json"""
 	# serialize date