Browse Source
fix for write share permission #1996 (#2016)
* add write perm as cascade has been removed * remove cascade permission from docshare to allow read only access to share * remove cascade permission for write permission * check existing shares for write permission * unset permissions on readversion-14
RobertSchouten
8 years ago
committed by
Rushabh Mehta
Rushabh Mehta
6 changed files with 8 additions and 12 deletions
Unified View
Diff Options
-
+0 -2frappe/core/doctype/docshare/docshare.py
-
+4 -4frappe/core/doctype/docshare/test_docshare.py
-
+1 -1frappe/core/doctype/user/user.py
-
+1 -1frappe/patches/v5_0/update_shared.py
-
+2 -2frappe/public/js/frappe/form/templates/set_sharing.html
-
+0 -2frappe/share.py
+ 0
- 2
frappe/core/doctype/docshare/docshare.py
View File
| @@ -19,8 +19,6 @@ class DocShare(Document): | |||||
| self.get_doc().run_method("validate_share", self) | self.get_doc().run_method("validate_share", self) | ||||
| def cascade_permissions_downwards(self): | def cascade_permissions_downwards(self): | ||||
| if self.share: | |||||
| self.write = 1 | |||||
| if self.write: | if self.write: | ||||
| self.read = 1 | self.read = 1 | ||||
+ 4
- 4
frappe/core/doctype/docshare/test_docshare.py
View File
| @@ -34,7 +34,7 @@ class TestDocShare(unittest.TestCase): | |||||
| self.assertTrue(self.event.has_permission()) | self.assertTrue(self.event.has_permission()) | ||||
| def test_share_permission(self): | def test_share_permission(self): | ||||
| frappe.share.add("Event", self.event.name, self.user, share=1) | |||||
| frappe.share.add("Event", self.event.name, self.user, write=1, share=1) | |||||
| frappe.set_user(self.user) | frappe.set_user(self.user) | ||||
| self.assertTrue(self.event.has_permission("share")) | self.assertTrue(self.event.has_permission("share")) | ||||
| @@ -60,14 +60,14 @@ class TestDocShare(unittest.TestCase): | |||||
| self.assertRaises(frappe.PermissionError, frappe.share.add, "Event", self.event.name, self.user) | self.assertRaises(frappe.PermissionError, frappe.share.add, "Event", self.event.name, self.user) | ||||
| frappe.set_user("Administrator") | frappe.set_user("Administrator") | ||||
| frappe.share.add("Event", self.event.name, self.user, share=1) | |||||
| frappe.share.add("Event", self.event.name, self.user, write=1, share=1) | |||||
| # test not raises | # test not raises | ||||
| frappe.set_user(self.user) | frappe.set_user(self.user) | ||||
| frappe.share.add("Event", self.event.name, "test1@example.com", share=1) | |||||
| frappe.share.add("Event", self.event.name, "test1@example.com", write=1, share=1) | |||||
| def test_remove_share(self): | def test_remove_share(self): | ||||
| frappe.share.add("Event", self.event.name, self.user, share=1) | |||||
| frappe.share.add("Event", self.event.name, self.user, write=1, share=1) | |||||
| frappe.set_user(self.user) | frappe.set_user(self.user) | ||||
| self.assertTrue(self.event.has_permission("share")) | self.assertTrue(self.event.has_permission("share")) | ||||
+ 1
- 1
frappe/core/doctype/user/user.py
View File
| @@ -178,7 +178,7 @@ class User(Document): | |||||
| def share_with_self(self): | def share_with_self(self): | ||||
| if self.user_type=="System User": | if self.user_type=="System User": | ||||
| frappe.share.add(self.doctype, self.name, self.name, share=1, | |||||
| frappe.share.add(self.doctype, self.name, self.name, write=1, share=1, | |||||
| flags={"ignore_share_permission": True}) | flags={"ignore_share_permission": True}) | ||||
| else: | else: | ||||
| frappe.share.remove(self.doctype, self.name, self.name, | frappe.share.remove(self.doctype, self.name, self.name, | ||||
+ 1
- 1
frappe/patches/v5_0/update_shared.py
View File
| @@ -13,7 +13,7 @@ def execute(): | |||||
| users = frappe.get_all("User", filters={"user_type": "System User"}) | users = frappe.get_all("User", filters={"user_type": "System User"}) | ||||
| usernames = [user.name for user in users] | usernames = [user.name for user in users] | ||||
| for user in usernames: | for user in usernames: | ||||
| frappe.share.add("User", user, user, share=1) | |||||
| frappe.share.add("User", user, user, write=1, share=1) | |||||
| # move event user to shared | # move event user to shared | ||||
| if frappe.db.exists("DocType", "Event User"): | if frappe.db.exists("DocType", "Event User"): | ||||
+ 2
- 2
frappe/public/js/frappe/form/templates/set_sharing.html
View File
| @@ -12,7 +12,7 @@ | |||||
| <div class="col-xs-2"><input type="checkbox" name="read" | <div class="col-xs-2"><input type="checkbox" name="read" | ||||
| {% if(cint(everyone.read)) { %}checked{% } %} class="edit-share"></div> | {% if(cint(everyone.read)) { %}checked{% } %} class="edit-share"></div> | ||||
| <div class="col-xs-2"><input type="checkbox" name="write" | <div class="col-xs-2"><input type="checkbox" name="write" | ||||
| {% if(cint(everyone.write)) { %}checked{% } %} class="edit-share"></div> | |||||
| {% if(cint(everyone.write)) { %}checked{% } %} class="edit-share"{% if (!frm.perm[0].write){ %} disabled="disabled"{% } %}></div> | |||||
| <div class="col-xs-2"><input type="checkbox" name="share" | <div class="col-xs-2"><input type="checkbox" name="share" | ||||
| {% if(cint(everyone.share)) { %}checked{% } %} class="edit-share"></div> | {% if(cint(everyone.share)) { %}checked{% } %} class="edit-share"></div> | ||||
| </div> | </div> | ||||
| @@ -25,7 +25,7 @@ | |||||
| <div class="col-xs-2"><input type="checkbox" name="read" | <div class="col-xs-2"><input type="checkbox" name="read" | ||||
| {% if(cint(s.read)) { %}checked{% } %} class="edit-share"></div> | {% if(cint(s.read)) { %}checked{% } %} class="edit-share"></div> | ||||
| <div class="col-xs-2"><input type="checkbox" name="write" | <div class="col-xs-2"><input type="checkbox" name="write" | ||||
| {% if(cint(s.write)) { %}checked{% } %} class="edit-share"></div> | |||||
| {% if(cint(s.write)) { %}checked{% } %} class="edit-share"{% if (!frm.perm[0].write){ %} disabled="disabled"{% } %}></div> | |||||
| <div class="col-xs-2"><input type="checkbox" name="share" | <div class="col-xs-2"><input type="checkbox" name="share" | ||||
| {% if(cint(s.share)) { %}checked{% } %} class="edit-share"></div> | {% if(cint(s.share)) { %}checked{% } %} class="edit-share"></div> | ||||
| </div> | </div> | ||||
+ 0
- 2
frappe/share.py
View File
| @@ -73,8 +73,6 @@ def set_permission(doctype, name, user, permission_to, value=1, everyone=0): | |||||
| # un-set higher-order permissions too | # un-set higher-order permissions too | ||||
| if permission_to=="read": | if permission_to=="read": | ||||
| share.read = share.write = share.share = 0 | share.read = share.write = share.share = 0 | ||||
| elif permission_to=="write": | |||||
| share.write = share.share = 0 | |||||
| share.save() | share.save() | ||||