user can update image from website (#2089)

frappe/__init__.py

@@ -500,11 +500,15 @@ def has_website_permission(doctype, ptype="read", doc=None, user=None, verbose=F
 	if not user:
 		user = session.user
 
+	if isinstance(doc, basestring):
+		doc = get_doc(doctype, doc)
+
+	# check permission in controller
+	if hasattr(doc, 'has_website_permission'):
+		return doc.has_website_permission(ptype, verbose=verbose)
+
 	hooks = (get_hooks("has_website_permission") or {}).get(doctype, [])
 	if hooks:
-		if isinstance(doc, basestring):
-			doc = get_doc(doctype, doc)
-
 		for method in hooks:
 			result = call(method, doc=doc, ptype=ptype, user=user, verbose=verbose)
 			# if even a single permission check is Falsy

frappe/core/doctype/user/user.py

@@ -70,6 +70,10 @@ class User(Document):
 		frappe.clear_cache(user=self.name)
 		self.send_password_notification(self.__new_password)
 
+	def has_website_permission(self, ptype, verbose=False):
+		"""Returns true if current user is the session user"""
+		return self.name == frappe.session.user
+
 	def check_demo(self):
 		if frappe.session.user == 'demo@erpnext.com':
 			frappe.throw('Cannot change user details in demo. Please signup for a new account at https://erpnext.com', title='Not Allowed')

frappe/core/web_form/edit_profile/edit_profile.js

@@ -0,0 +1,3 @@
+frappe.ready(function() {
+	// bind events here
+})

frappe/core/web_form/edit_profile/edit_profile.json

@@ -0,0 +1,117 @@
+{
+ "allow_comments": 0, 
+ "allow_delete": 0, 
+ "allow_edit": 1, 
+ "allow_multiple": 0, 
+ "creation": "2016-09-19 05:16:59.242754", 
+ "doc_type": "User", 
+ "docstatus": 0, 
+ "doctype": "Web Form", 
+ "idx": 0, 
+ "is_standard": 1, 
+ "login_required": 1, 
+ "modified": "2016-09-23 03:08:15.206534", 
+ "modified_by": "Administrator", 
+ "module": "Core", 
+ "name": "edit-profile", 
+ "owner": "Administrator", 
+ "published": 1, 
+ "route": "update-profile", 
+ "sidebar_items": [], 
+ "success_message": "Profile updated successfully.", 
+ "success_url": "/me", 
+ "title": "Update Profile", 
+ "web_form_fields": [
+  {
+   "fieldname": "first_name", 
+   "fieldtype": "Data", 
+   "hidden": 0, 
+   "label": "First Name", 
+   "read_only": 0, 
+   "reqd": 1
+  }, 
+  {
+   "fieldname": "middle_name", 
+   "fieldtype": "Data", 
+   "hidden": 0, 
+   "label": "Middle Name (Optional)", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "fieldname": "last_name", 
+   "fieldtype": "Data", 
+   "hidden": 0, 
+   "label": "Last Name", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "description": "", 
+   "fieldname": "user_image", 
+   "fieldtype": "Attach", 
+   "hidden": 0, 
+   "label": "User Image", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "fieldtype": "Section Break", 
+   "hidden": 0, 
+   "label": "More Information", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "fieldname": "phone", 
+   "fieldtype": "Data", 
+   "hidden": 0, 
+   "label": "Phone", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "fieldname": "gender", 
+   "fieldtype": "Select", 
+   "hidden": 0, 
+   "label": "Gender", 
+   "options": "\nMale\nFemale\nOther", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "description": "", 
+   "fieldname": "language", 
+   "fieldtype": "Link", 
+   "hidden": 0, 
+   "label": "Language", 
+   "options": "Language", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "fieldname": "birth_date", 
+   "fieldtype": "Date", 
+   "hidden": 0, 
+   "label": "Birth Date", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "fieldname": "location", 
+   "fieldtype": "Data", 
+   "hidden": 0, 
+   "label": "Location", 
+   "read_only": 0, 
+   "reqd": 0
+  }, 
+  {
+   "fieldname": "bio", 
+   "fieldtype": "Text", 
+   "hidden": 0, 
+   "label": "Bio", 
+   "read_only": 0, 
+   "reqd": 0
+  }
+ ]
+}

frappe/core/web_form/edit_profile/edit_profile.py

@@ -0,0 +1,7 @@
+from __future__ import unicode_literals
+
+import frappe
+
+def get_context(context):
+	# do your magic here
+	pass

frappe/utils/user.py

@@ -215,11 +215,12 @@ def get_user_fullname(user):
 	return fullname and fullname[0][0] or ''
 
 def get_fullname_and_avatar(user):
-	first_name, last_name, avatar = frappe.db.get_value("User",
-		user, ["first_name", "last_name", "user_image"])
+	first_name, last_name, avatar, name = frappe.db.get_value("User",
+		user, ["first_name", "last_name", "user_image", "name"])
 	return _dict({
 		"fullname": " ".join(filter(None, [first_name, last_name])),
-		"avatar": avatar
+		"avatar": avatar,
+		"name": name
 	})
 
 def get_system_managers(only_name=False):
@@ -292,7 +293,6 @@ def is_website_user():
 def is_system_user(username):
 	return frappe.db.get_value("User", {"name": username, "enabled": 1, "user_type": "System User"})
 
-
 def get_users():
 	from frappe.core.doctype.user.user import get_system_users
 	users = []

frappe/website/context.py

@@ -124,6 +124,7 @@ def add_sidebar_data(context):
 	info = get_fullname_and_avatar(frappe.session.user)
 	context["fullname"] = info.fullname
 	context["user_image"] = info.avatar
+	context["user"] = info.name
 
 
 def add_metatags(context):

frappe/www/edit-profile.html

@@ -1,62 +0,0 @@
-{% extends "templates/web.html" %}
-
-{% block title %} {{ "Edit Profile" }} {% endblock %}
-
-{% block header %}<h2>{{ _("Edit Profile") }}</h2>{% endblock %}
-
-{% block page_content %}
-<div class="user-content" style="max-width: 500px; padding: 50px 0px;">
-	<div class="alert alert-warning message" style="display: none;"></div>
-	<form role = "form">
-		<fieldset>
-			<label>{{ _("Full Name") }}</label>
-			<input class="form-control" type="text" id="fullname" value="{{ user.full_name or "" }}">
-		</fieldset>
-		<fieldset>
-			<label>{{ _("Phone") }}</label>
-			<input class="form-control" type="text" id="phone" value="{{ user.phone or "" }}">
-		</fieldset>
-		<button type="submit" class="btn btn-default" id="update_user">{{ _("Update") }}</button>
-	</form>
-</div>
-
-<script type="text/javascript">
-
-frappe.ready(function(){
-	$("#update_user").on("click",function(){
-		var name = document.getElementById("fullname").value;
-		var phone = document.getElementById("phone").value;
-
-		frappe.call({
-			type: "POST",
-			method: "frappe.www.edit_profile.update_user",
-			btn: $("#update_user"),
-			args: {
-				fullname: name,
-				phone: phone
-			},
-			callback: function(r) {
-				if(r.message) {
-					frappe.msgprint(__(r.message));
-					setTimeout(function() {
-						window.location.href = "/edit-profile";
-					},2000);
-				}
-				if(r.exc) {
-					frappe.msgprint(r.exc);
-					setTimeout(function() {
-						window.location.href = "/me";
-					},2000);
-				}
-				
-			}
-
-		});
-		return false;
-
-	});
-
-});
-</script>
-
-{% endblock %}

frappe/www/edit_profile.py

@@ -1,30 +0,0 @@
-# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
-# License: GNU General Public License v3. See license.txt
-
-from __future__ import unicode_literals
-import frappe
-from frappe import _
-
-no_cache = 1
-no_sitemap = 1
-
-def get_context(context):
-	user = frappe.get_doc('User', frappe.session.user)
-	user.full_name = user.get_fullname()
-	context.user = user
-	context.show_sidebar=True
-
-@frappe.whitelist()
-def update_user(fullname, phone=None):
-	if not fullname:
-		return _("Name is required")
-
-	user = frappe.get_doc('User', frappe.session.user)
-	user.first_name = fullname
-	user.last_name = ''
-	user.phone = phone
-	user.save(ignore_permissions=True)
-
-	frappe.local.cookie_manager.set_cookie("full_name", fullname)
-
-	return _("Updated")

frappe/www/me.html

@@ -18,7 +18,7 @@
 					<li><a href="/update-password">
 						<h6 class="text-muted">{{ _("Reset Password") }}</h6>
 					</a></li>
-					<li><a href="/edit-profile">
+						<li><a href="/update-profile?name={{ user }}">
 						<h6 class="text-muted">{{ _("Edit Profile") }}</h6>
 					</a></li>
 
@@ -46,4 +46,3 @@
 	</ul>
 </div>
 {% endblock %}
-

frappe/www/profile.html

@@ -17,7 +17,7 @@
 					<li><a href="/update-password">
 						<h6 class="text-muted">{{ _("Reset Password") }}</h6>
 					</a></li>
-					<li><a href="/edit-profile">
+					<li><a href="/update-profile?name={{ user }}">
 						<h6 class="text-muted">{{ _("Edit Profile") }}</h6>
 					</a></li>