Merge pull request #17721 from frappe/mergify/bp/version-14-hotfix/pr-17682

refactor: improve `frappe.only_for` (backport #17682)
2 yıl önce · 6f86f4288a
--- a/frappe/init.py
+++ b/frappe/init.py
@@ -818,23 +818,30 @@ def write_only():
 	return innfn


 def only_for(roles: list[str] | str, message=False):
 	"""Raise `frappe.PermissionError` if the user does not have any of the given **Roles**.
 def only_for(roles: list[str] | tuple[str] | str, message=False):
 	"""
 	Raises `frappe.PermissionError` if the user does not have any of the permitted roles.

 	:param roles: Permitted role(s)
 	"""

 	:param roles: List of roles to check."""
 	if local.flags.in_test:
 	if local.flags.in_test or local.session.user == "Administrator":
 		return

 	if not isinstance(roles, (tuple, list)):
 	if isinstance(roles, str):
 		roles = (roles,)
 	roles = set(roles)
 	myroles = set(get_roles())
 	if not roles.intersection(myroles):
 		if message:
 			msgprint(
 				_("This action is only allowed for {}").format(bold(", ".join(roles))), _("Not Permitted")
 			)
 		raise PermissionError

 	if not set(roles).intersection(get_roles()):
 		if not message:
 			raise PermissionError

 		throw(
 			_("This action is only allowed for {}").format(
 				", ".join(bold(_(role)) for role in roles),
 			),
 			PermissionError,
 			_("Not Permitted"),
 		)


 def get_domain_data(module):
--- a/frappe/core/report/permitted_documents_for_user/permitted_documents_for_user.py
+++ b/frappe/core/report/permitted_documents_for_user/permitted_documents_for_user.py
@@ -4,19 +4,18 @@
 import frappe
 import frappe.utils.user
 from frappe.model import data_fieldtypes
 from frappe.permissions import check_admin_or_system_manager, rights
 from frappe.permissions import rights


 def execute(filters=None):
 	frappe.only_for("System Manager")

 	user, doctype, show_permissions = (
 		filters.get("user"),
 		filters.get("doctype"),
 		filters.get("show_permissions"),
 	)

 	if not validate(user, doctype):
 		return [], []

 	columns, fields = get_columns_and_fields(doctype)
 	data = frappe.get_list(doctype, fields=fields, as_list=True, user=user)

@@ -30,12 +29,6 @@ def execute(filters=None):
 	return columns, data


 def validate(user, doctype):
 	# check if current user is System Manager
 	check_admin_or_system_manager()
 	return user and doctype


 def get_columns_and_fields(doctype):
 	columns = [f"Name:Link/{doctype}:200"]
 	fields = ["`name`"]
--- a/frappe/permissions.py
+++ b/frappe/permissions.py
@@ -28,6 +28,14 @@ rights = (


 def check_admin_or_system_manager(user=None):
 	from frappe.utils.commands import warn

 	warn(
 		"The function check_admin_or_system_manager will be deprecated in version 15."
 		'Please use frappe.only_for("System Manager") instead.',
 		category=PendingDeprecationWarning,
 	)

 	if not user:
 		user = frappe.session.user