anoopmb
/
frappe
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

fix #478

version-14
Rushabh Mehta 11 years ago
parent
16a36a0321
commit
bcc2dc99f4
2 changed files with 16 additions and 15 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      frappe/model/bean.py
  2. +15
    -14
      frappe/permissions.py

+ 1
- 1
frappe/model/bean.py View File

@@ -482,7 +482,7 @@ class Bean:
has_restricted_data = False has_restricted_data = False
for d in self.doclist: for d in self.doclist:
if not frappe.permissions.has_unrestricted_access(frappe.get_doctype(d.doctype), d):
if not frappe.permissions.has_unrestricted_access(d):
has_restricted_data = True has_restricted_data = True
if has_restricted_data: if has_restricted_data:


+ 15
- 14
frappe/permissions.py View File

@@ -14,7 +14,7 @@ def check_admin_or_system_manager():
(frappe.session.user!="Administrator"): (frappe.session.user!="Administrator"):
msgprint("Only Allowed for Role System Manager or Administrator", raise_exception=True) msgprint("Only Allowed for Role System Manager or Administrator", raise_exception=True)
def has_permission(doctype, ptype="read", refdoc=None, verbose=True):
def has_permission(doctype, ptype="read", doc=None, verbose=True):
"""check if user has permission""" """check if user has permission"""
if frappe.is_table(doctype): if frappe.is_table(doctype):
return True return True
@@ -34,14 +34,14 @@ def has_permission(doctype, ptype="read", refdoc=None, verbose=True):
if not get_user_perms(meta).get(ptype): if not get_user_perms(meta).get(ptype):
return False return False
if refdoc:
if isinstance(refdoc, basestring):
refdoc = frappe.doc(meta.name, refdoc)
if doc:
if isinstance(doc, basestring):
doc = frappe.doc(meta.name, doc)
if not has_unrestricted_access(meta, refdoc, verbose=verbose):
if not has_unrestricted_access(doc, verbose=verbose):
return False return False
if not has_controller_permissions(refdoc):
if not has_controller_permissions(doc):
return False return False


return True return True
@@ -66,12 +66,13 @@ def get_user_perms(meta, user=None):


return frappe.local.user_perms[cache_key] return frappe.local.user_perms[cache_key]
def has_unrestricted_access(meta, refdoc, verbose=True):
def has_unrestricted_access(doc, verbose=True):
from frappe.defaults import get_restrictions from frappe.defaults import get_restrictions
restrictions = get_restrictions() restrictions = get_restrictions()
meta = frappe.get_meta(doc.get("doctype"))

if get_user_perms(meta).restricted: if get_user_perms(meta).restricted:
if refdoc.owner == frappe.session.user:
if doc.owner == frappe.session.user:
# owner is always allowed for restricted permissions # owner is always allowed for restricted permissions
return True return True
elif not restrictions: elif not restrictions:
@@ -85,15 +86,15 @@ def has_unrestricted_access(meta, refdoc, verbose=True):
has_restricted_data = False has_restricted_data = False
for df in fields_to_check: for df in fields_to_check:
if refdoc.get(df.fieldname) and refdoc.get(df.fieldname) not in restrictions[df.options]:
if doc.get(df.fieldname) and doc.get(df.fieldname) not in restrictions[df.options]:
if verbose: if verbose:
msg = "{not_allowed}: {doctype} {having} {label} = {value}".format( msg = "{not_allowed}: {doctype} {having} {label} = {value}".format(
not_allowed=_("Sorry, you are not allowed to access"), doctype=_(df.options), not_allowed=_("Sorry, you are not allowed to access"), doctype=_(df.options),
having=_("having"), label=_(df.label), value=refdoc.get(df.fieldname))
having=_("having"), label=_(df.label), value=doc.get(df.fieldname))
if refdoc.parentfield:
msg = "{doctype}, {row} #{idx}, ".format(doctype=_(refdoc.doctype),
row=_("Row"), idx=refdoc.idx) + msg
if doc.parentfield:
msg = "{doctype}, {row} #{idx}, ".format(doctype=_(doc.doctype),
row=_("Row"), idx=doc.idx) + msg
msgprint(msg) msgprint(msg)


Write Preview
Loading…
Cancel
Save