fix(report): Allow report export only if user has export permission on ref doctype (#7458)

* fix: Allow export only if user has export permission on reference doctype * fix: Show only custom "no permission" error * fix: while saving employee user getting user permissions error
6 years ago · 1bcdc0b7cb
--- a/frappe/desk/query_report.py
+++ b/frappe/desk/query_report.py
@@ -282,6 +282,10 @@ def export_query():
 		filters = json.loads(data["filters"])
 	if isinstance(data.get("report_name"), string_types):
 		report_name = data["report_name"]
 		frappe.permissions.can_export(
 			frappe.get_cached_value('Report', report_name, 'ref_doctype'),
 			raise_exception=True
 		)
 	if isinstance(data.get("file_format_type"), string_types):
 		file_format_type = data["file_format_type"]

--- a/frappe/model/rename_doc.py
+++ b/frappe/model/rename_doc.py
@@ -161,7 +161,7 @@ def validate_rename(doctype, new, meta, merge, force, ignore_permissions):
 	if (not merge) and exists:
 		frappe.msgprint(_("Another {0} with name {1} exists, select another name").format(doctype, new), raise_exception=1)

 	if not (ignore_permissions or frappe.has_permission(doctype, "write")):
 	if not (ignore_permissions or frappe.permissions.has_permission(doctype, "write", raise_exception=False)):
 		frappe.msgprint(_("You need write permission to rename"), raise_exception=1)

 	if not (force or ignore_permissions) and not meta.allow_rename:
--- a/frappe/permissions.py
+++ b/frappe/permissions.py
@@ -25,16 +25,18 @@ def print_has_permission_check_logs(func):
 		frappe.flags['has_permission_check_logs'] = []
 		result = func(*args, **kwargs)
 		self_perm_check = True if not kwargs.get('user') else kwargs.get('user') == frappe.session.user
 		raise_exception = False if kwargs.get('raise_exception') == False else True

 		# print only if access denied
 		# and if user is checking his own permission
 		if not result and self_perm_check:
 		if not result and self_perm_check and raise_exception:
 			msgprint(('<br>').join(frappe.flags.get('has_permission_check_logs')))
 		frappe.flags.pop('has_permission_check_logs', None)
 		return result
 	return inner

@print_has_permission_check_logs
 def has_permission(doctype, ptype="read", doc=None, verbose=False, user=None):
 def has_permission(doctype, ptype="read", doc=None, verbose=False, user=None, raise_exception=True):
 	"""Returns True if user has permission `ptype` for given `doctype`.
 	If `doc` is passed, it also checks user, share and owner permissions.

--- a/frappe/public/js/frappe/views/reports/query_report.js
+++ b/frappe/public/js/frappe/views/reports/query_report.js
@@ -970,6 +970,7 @@ frappe.views.QueryReport = class QueryReport extends frappe.views.BaseList {
 			{
 				label: __('Export'),
 				action: () => this.export_report(),
 				condition: () => frappe.model.can_export(this.report_doc.ref_doctype),
 				standard: true
 			},
 			{