Merge pull request #1232 from anandpdoshi/share-role-permission-manager

Share in Role Permissions Manager and Validation

frappe/core/page/permission_manager/permission_manager.js

@@ -277,7 +277,7 @@ frappe.PermissionEngine = Class.extend({
 	},
 
 	rights: ["read", "write", "create", "delete", "submit", "cancel", "amend",
-		"print", "email", "report", "import", "export", "set_user_permissions"],
+		"print", "email", "report", "import", "export", "set_user_permissions", "share"],
 
 	set_show_users: function(cell, role) {
 		cell.html("<a class='grey' href='#'>"+__(role)+"</a>")

frappe/permissions.py

@@ -44,17 +44,19 @@ def has_permission(doctype, ptype="read", doc=None, verbose=False, user=None):
 
 	def false_if_not_shared():
 		if ptype in ("read", "write", "share", "email", "print"):
+			shared = frappe.share.get_shared(doctype, user,
+				["read" if ptype in ("email", "print") else ptype])
+
 			if doc:
 				doc_name = doc if isinstance(doc, basestring) else doc.name
-				shared = frappe.share.get_shared(doctype, user,
-					["read" if ptype in ("email", "print") else ptype])
-
 				if doc_name in shared:
 					if verbose: print "Shared"
 					if ptype in ("read", "write", "share") or meta.permissions[0].get(ptype):
 						return True
 
-			else:
+			elif shared:
+				# if atleast one shared doc of that type, then return True
+				# this is used in db_query to check if permission on DocType
 				if verbose: print "Has a shared document"
 				return True
 

frappe/share.py

@@ -3,6 +3,7 @@
 
 from __future__ import unicode_literals
 import frappe
+from frappe import _
 from frappe.utils import cint
 
 @frappe.whitelist()
@@ -11,6 +12,8 @@ def add(doctype, name, user=None, read=1, write=0, share=0, everyone=0, flags=No
 	if not user:
 		user = frappe.session.user
 
+	check_share_permission(doctype, name)
+
 	share_name = get_share_name(doctype, name, user, everyone)
 
 	if share_name:
@@ -48,6 +51,8 @@ def remove(doctype, name, user, flags=None):
 @frappe.whitelist()
 def set_permission(doctype, name, user, permission_to, value=1, everyone=0):
 	"""Set share permission."""
+	check_share_permission(doctype, name)
+
 	share_name = get_share_name(doctype, name, user, everyone)
 	value = int(value)
 
@@ -124,3 +129,7 @@ def get_share_name(doctype, name, user, everyone):
 
 	return share_name
 
+def check_share_permission(doctype, name):
+	"""Check if the user can share with other users"""
+	if not frappe.has_permission(doctype, ptype="share", doc=name):
+		frappe.throw(_("No permission to {0} {1} {2}".format("share", doctype, name)), frappe.PermissionError)