diff --git a/frappe/core/doctype/communication/communication.py b/frappe/core/doctype/communication/communication.py index 182ad60b00..ada190ca58 100644 --- a/frappe/core/doctype/communication/communication.py +++ b/frappe/core/doctype/communication/communication.py @@ -118,7 +118,7 @@ def send_comm_email(d, name, sent_via=None, print_html=None, attachments='[]', s footer = set_portal_link(sent_via, d) send_print_in_body = frappe.db.get_value("Outgoing Email Settings", None, "send_print_in_body_and_attachment") - if not send_print_in_body: + if print_html and not send_print_in_body: d.content += "

Please see attachment for document details.

" mail = get_email(d.recipients, sender=d.sender, subject=d.subject, diff --git a/frappe/core/page/user_properties/user_properties.py b/frappe/core/page/user_properties/user_properties.py index 47f58cec35..303329dc62 100644 --- a/frappe/core/page/user_properties/user_properties.py +++ b/frappe/core/page/user_properties/user_properties.py @@ -18,17 +18,17 @@ def get_users_and_links(): def get_properties(parent=None, defkey=None, defvalue=None): if defkey and not frappe.permissions.can_restrict(defkey, defvalue): raise frappe.PermissionError - + conditions, values = _build_conditions(locals()) - - properties = frappe.db.sql("""select name, parent, defkey, defvalue + + properties = frappe.db.sql("""select name, parent, defkey, defvalue from tabDefaultValue where parent not in ('__default', '__global') and substr(defkey,1,1)!='_' and parenttype='Restriction' {conditions} order by parent, defkey""".format(conditions=conditions), values, as_dict=True) - + if not defkey: out = [] doctypes = get_restrictable_doctypes() @@ -36,9 +36,9 @@ def get_properties(parent=None, defkey=None, defvalue=None): if p.defkey in doctypes: out.append(p) properties = out - + return properties - + def _build_conditions(filters): conditions = [] values = {} @@ -46,7 +46,7 @@ def _build_conditions(filters): if filters.get(key): conditions.append("and `{key}`=%({key})s".format(key=key)) values[key] = value - + return "\n".join(conditions), values @frappe.whitelist() @@ -54,35 +54,35 @@ def remove(user, name, defkey, defvalue): if not frappe.permissions.can_restrict_user(user, defkey, defvalue): raise frappe.PermissionError("Cannot Remove Restriction for User: {user} on DocType: {doctype} and Name: {name}".format( user=user, doctype=defkey, name=defvalue)) - - frappe.defaults.clear_default(name=name) - + + frappe.defaults.clear_default(key=defkey, value=defvalue, parent=user, name=name) + def clear_restrictions(doctype): frappe.defaults.clear_default(parenttype="Restriction", key=doctype) - + @frappe.whitelist() def add(user, defkey, defvalue): if not frappe.permissions.can_restrict_user(user, defkey, defvalue): raise frappe.PermissionError("Cannot Restrict User: {user} for DocType: {doctype} and Name: {name}".format( user=user, doctype=defkey, name=defvalue)) - + # check if already exists - d = frappe.db.sql("""select name from tabDefaultValue + d = frappe.db.sql("""select name from tabDefaultValue where parent=%s and parenttype='Restriction' and defkey=%s and defvalue=%s""", (user, defkey, defvalue)) - + if not d: frappe.defaults.add_default(defkey, defvalue, user, "Restriction") - + def get_restrictable_doctypes(): user_roles = frappe.get_roles() condition = "" values = [] if "System Manager" not in user_roles: - condition = """and exists(select `tabDocPerm`.name from `tabDocPerm` + condition = """and exists(select `tabDocPerm`.name from `tabDocPerm` where `tabDocPerm`.parent=`tabDocType`.name and `tabDocPerm`.`restrict`=1 and `tabDocPerm`.role in ({roles}))""".format(roles=", ".join(["%s"]*len(user_roles))) values = user_roles - - return frappe.db.sql_list("""select name from tabDocType + + return frappe.db.sql_list("""select name from tabDocType where ifnull(issingle,0)=0 and ifnull(istable,0)=0 {condition}""".format(condition=condition), tuple(values)) diff --git a/frappe/permissions.py b/frappe/permissions.py index 0663e11f8f..466318cd4f 100644 --- a/frappe/permissions.py +++ b/frappe/permissions.py @@ -71,11 +71,12 @@ def has_unrestricted_access(doc, verbose=True): restrictions = get_restrictions() meta = frappe.get_meta(doc.get("doctype")) + user_perms = get_user_perms(meta) if get_user_perms(meta).restricted: if doc.owner == frappe.session.user: # owner is always allowed for restricted permissions return True - elif not restrictions: + elif not (restrictions and restrictions.get(doc.get("doctype"))): return False else: if not restrictions: diff --git a/frappe/templates/pages/website_script.js b/frappe/templates/pages/website_script.js index 63a4634248..3b84bdd084 100644 --- a/frappe/templates/pages/website_script.js +++ b/frappe/templates/pages/website_script.js @@ -10,4 +10,4 @@ m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) ga('create', '{{ google_analytics_id }}', 'auto'); ga('send', 'pageview'); -{%- endif %} \ No newline at end of file +{%- endif %} diff --git a/frappe/website/doctype/blog_post/blog_post.json b/frappe/website/doctype/blog_post/blog_post.json index 22b4cc68cd..269e5427df 100644 --- a/frappe/website/doctype/blog_post/blog_post.json +++ b/frappe/website/doctype/blog_post/blog_post.json @@ -1,7 +1,7 @@ { "allow_attach": 1, "allow_import": 1, - "creation": "2013-03-28 10:35:30.000000", + "creation": "2013-03-28 10:35:30", "docstatus": 0, "doctype": "DocType", "fields": [ @@ -95,7 +95,7 @@ "icon": "icon-quote-left", "idx": 1, "max_attachments": 5, - "modified": "2014-02-20 12:55:07.000000", + "modified": "2014-05-05 04:00:24.210166", "modified_by": "Administrator", "module": "Website", "name": "Blog Post", @@ -104,7 +104,7 @@ { "cancel": 0, "create": 1, - "delete": 0, + "delete": 1, "email": 1, "permlevel": 0, "print": 1, diff --git a/frappe/website/doctype/blog_post/test_blog_post.py b/frappe/website/doctype/blog_post/test_blog_post.py index ceda432045..8d692d1e8c 100644 --- a/frappe/website/doctype/blog_post/test_blog_post.py +++ b/frappe/website/doctype/blog_post/test_blog_post.py @@ -105,7 +105,7 @@ class TestBlogPost(unittest.TestCase): self.assertRaises(frappe.PermissionError, add, "test2@example.com", "Blog Post", "_test-blog-post") - def test_not_allowed_to_restrict(self): + def test_not_allowed_on_restrict(self): self.add_restriction_to_user2() frappe.set_user("test2@example.com")