anoopmb
/
frappe
1
0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 활동
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2074 커밋
1 브렌치
314 MiB
 
 
 
 
 
 
트리: 872620b8af
브랜치 태그
${ item.name }
${ searchTerm } 브랜치 생성
from '872620b8af'
${ noResults }
frappe/core/page/permission_manager/permission_manager.js

457 lines
14 KiB
Raw Blame 히스토리 

  1. wn.pages['permission-manager'].onload = function(wrapper) { 

  2. 	wn.ui.make_app_page({

  3. 		parent: wrapper,

  4. 		title: 'Permission Manager',

  5. 		single_column: true

  6. 	});

  7. 	$(wrapper).find(".layout-main").html("<div class='perm-engine'></div>\

  8. 	<table class='table table-bordered' style='background-color: #f9f9f9;'>\

  9. 	<tr><td>\

  10. 	<h4><i class='icon-question-sign'></i> Quick Help for Setting Permissions:</h4>\

  11. 	<ol>\

  12. 	<li>Permissions are set on Roles and Document Types (called DocTypes) by restricting \

  13. 		read, write, create, submit, cancel and amend rights.</li>\

  14. 	<li>Permissions translate to Users based on what Role they are assigned.</li>\

  15. 	<li>To set user roles, just go to <a href='#List/Profile'>Setup > Users</a> \

  16. 		and click on the user to assign roles.</li>\

  17. 	<li>The system provides pre-defined roles, but you can <a href='#List/Role'>add new roles</a>\

  18. 		to set finer permissions.</li>\

  19. 	<li>Permissions are automatically translated to Standard Reports and Searches.</li>\

  20. 	<li>As a best practice, do not assign the same set of permission rule to different Roles\

  21. 		instead set multiple Roles to the User.</li>\

  22. 	</ol>\

  23. 	</tr></td>\

  24. 	<tr><td>\

  25. 	<h4><i class='icon-hand-right'></i> Meaning of Submit, Cancel, Amend:</h4>\

  26. 	<ol>\

  27. 	<li>Certain documents should not be changed once final, like an\

  28. 		Invoice for example. The final state for such documents is called <b>Submitted</b>.\

  29. 		You can restrict which roles can Submit.</li>\

  30. 	<li><b>Cancel</b> allows you change Submitted documents by cancelling them and amending them.\

  31. 		Cancel permissions also allows the user to delete a document (if it is not linked to any other document).</li>\

  32. 	<li>When you <b>Amend</b> a document after cancel and save it, it will get a new number that is\

  33. 		a version of the old number. For example if you cancel and amend 'INV004' it will become a new\

  34. 		document 'INV004-1'. This helps you to keep track of each amendment.</li>\

  35. 	</ol>\

  36. 	</tr></td>\

  37. 	<tr><td>\

  38. 	<h4><i class='icon-user'></i> Restricting By User:</h4>\

  39. 	<ol>\

  40. 		<li>To restrict a User of a particular Role to documents that are only self-created,\

  41. 			Click on button in the 'Condition' column and select the option 'User is the creator of the document'.</li>\

  42. 		<li>To restrict a User of a particular Role to documents that are explicitly assigned to them,\

  43. 			create a Custom Field of type Link (Profile) and then use the 'Condition' settings\

  44. 			to map that field to the Permission rule.\

  45. 	</ol>\

  46. 	</tr></td>\

  47. 	<tr><td>\

  48. 	<h4><i class='icon-cog'></i> Advanced Settings:</h4>\

  49. 	<p>To further restrict permissions based on certain values in a document, use the\

  50. 	'Condition' settings. <br><br>For example: You want to restrict users to transactions marked\

  51. 	with a certain property called 'Territory':</p>\

  52. 	<ol>\

  53. 		<li>Make sure that the transactions you want to restrict have a Link \

  54. 			field 'territory' that maps to a 'Territory' master. If not, create a\

  55. 			<a href='#List/Custom Field'>Custom Field</a> of type Link.</li>\

  56. 		<li>In the Permission Manager, click on the button in the 'Condition' column\

  57. 			for the Role you want to restrict.</li>\

  58. 		<li>A new pop will open that will ask you to select further conditions. \

  59. 			If the 'territory' Link Field exists, it will give you an option to select \

  60. 			it.</li>\

  61. 		<li>Go to Setup > <a href='#user-properties'>User Properties</a> to set \

  62. 			'territory' for diffent Users.</li>\

  63. 	</ol>\

  64. 	<p>Once you have set this, the users will only be able access documents with that property</p>\

  65. 	<hr>\

  66. 	<p>If these instructions where not helpful, please add in your suggestions at\

  67. 	<a href='https://github.com/webnotes/wnframework/issues'>GitHub Issues</a></p>\

  68. 	</tr></td>\

  69. 	</table>");

  70. 	wrapper.permission_engine = new wn.PermissionEngine(wrapper);

  71. }

  72. wn.pages['permission-manager'].refresh = function(wrapper) { 

  73. 	wrapper.permission_engine.set_from_route();

  74. }

  75. 

  76. wn.PermissionEngine = Class.extend({

  77. 	init: function(wrapper) {

  78. 		this.wrapper = wrapper;

  79. 		this.body = $(this.wrapper).find(".perm-engine");

  80. 		this.make();

  81. 		this.refresh();

  82. 		this.add_check_events();

  83. 	},

  84. 	make: function() {

  85. 		var me = this;

  86. 		

  87. 		me.make_reset_button();

  88. 		wn.call({

  89. 			module:"core",

  90. 			page:"permission_manager",

  91. 			method: "get_roles_and_doctypes",

  92. 			callback: function(r) {

  93. 				me.options = r.message;

  94. 				me.doctype_select 

  95. 					= me.wrapper.appframe.add_select("doctypes", 

  96. 						["Select Document Type..."].concat(r.message.doctypes))

  97. 						.css("width", "200px")

  98. 						.change(function() {

  99. 							wn.set_route("permission-manager", $(this).val())

  100. 						});

  101. 				me.role_select 

  102. 					= me.wrapper.appframe.add_select("roles", 

  103. 						["Select Role..."].concat(r.message.roles))

  104. 						.css("width", "200px")

  105. 						.change(function() {

  106. 							me.refresh();

  107. 						});

  108. 				me.set_from_route();

  109. 			}

  110. 		});

  111. 	},

  112. 	set_from_route: function() {

  113. 		if(wn.get_route()[1] && this.doctype_select) {

  114. 			this.doctype_select.val(wn.get_route()[1]);

  115. 			this.refresh();

  116. 		} else {

  117. 			this.refresh();

  118. 		}

  119. 	},

  120. 	make_reset_button: function() {

  121. 		var me = this;

  122. 		me.reset_button = me.wrapper.appframe.add_button("Reset Permissions", function() {

  123. 			if(wn.confirm("Reset Permissions for " + me.get_doctype() + "?", function() {

  124. 					wn.call({

  125. 						module:"core",

  126. 						page:"permission_manager",

  127. 						method:"reset",

  128. 						args: {

  129. 							doctype:me.get_doctype(),

  130. 						},

  131. 						callback: function() { me.refresh(); }

  132. 					});

  133. 				}));

  134. 			}, 'icon-retweet').toggle(false);

  135. 	},

  136. 	get_doctype: function() {

  137. 		var doctype = this.doctype_select.val();

  138. 		return doctype=="Select Document Type..." ? null : doctype;

  139. 	},

  140. 	get_role: function() {

  141. 		var role = this.role_select.val();

  142. 		return role=="Select Role..." ? null : role;

  143. 	},

  144. 	refresh: function() {

  145. 		var me = this;

  146. 		if(!me.doctype_select) {

  147. 			this.body.html("<div class='alert'>Loading...</div>");

  148. 			return;

  149. 		}

  150. 		if(!me.get_doctype() && !me.get_role()) {

  151. 			this.body.html("<div class='alert'>Select Document Type or Role to start.</div>");

  152. 			return;

  153. 		}

  154. 		// get permissions

  155. 		wn.call({

  156. 			module: "core",

  157. 			page: "permission_manager",

  158. 			method: "get_permissions",

  159. 			args: {

  160. 				doctype: me.get_doctype(),

  161. 				role: me.get_role()

  162. 			},

  163. 			callback: function(r) {

  164. 				me.render(r.message);

  165. 			}

  166. 		});

  167. 		me.reset_button.toggle(me.get_doctype() ? true : false);

  168. 	},

  169. 	render: function(perm_list) {

  170. 		this.body.empty();

  171. 		this.perm_list = perm_list;

  172. 		if(!perm_list.length) {

  173. 			this.body.html("<div class='alert'>No Permissions set for this criteria.</div>");

  174. 		} else {

  175. 			this.show_permission_table(perm_list);

  176. 		}

  177. 		this.show_add_rule();

  178. 	},

  179. 	show_permission_table: function(perm_list) {

  180. 		var me = this;

  181. 		this.table = $("<table class='table table-bordered'>\

  182. 			<thead><tr></tr></thead>\

  183. 			<tbody></tbody>\

  184. 		</table>").appendTo(this.body);

  185. 		

  186. 		$.each([["Document Type", 150], ["Role", 100], ["Level",50], 

  187. 			["Read", 50], ["Write", 50], ["Create", 50], 

  188. 			["Submit", 50], ["Cancel", 50], ["Amend", 50], 

  189. 			["Condition", 150], ["", 50]], function(i, col) {

  190. 			$("<th>").html(col[0]).css("width", col[1]+"px")

  191. 				.appendTo(me.table.find("thead tr"));

  192. 		});

  193. 

  194. 		var add_cell = function(row, d, fieldname, is_check) {

  195. 			var cell = $("<td>").appendTo(row).attr("data-fieldname", fieldname);

  196. 			if(is_check) {

  197. 				if(d.permlevel > 0 && ["read", "write"].indexOf(fieldname)==-1) {

  198. 					cell.html("-");

  199. 				} else {

  200. 					var input = $("<input type='checkbox'>")

  201. 						.attr("checked", d[fieldname] ? "checked": null)

  202. 						.attr("data-ptype", fieldname)

  203. 						.attr("data-name", d.name)

  204. 						.attr("data-doctype", d.parent)

  205. 						.appendTo(cell);

  206. 				}

  207. 			} else {

  208. 				cell.html(d[fieldname]);

  209. 			}

  210. 			return cell;

  211. 		}

  212. 				

  213. 		$.each(perm_list, function(i, d) {

  214. 			if(!d.permlevel) d.permlevel = 0;

  215. 			var row = $("<tr>").appendTo(me.table.find("tbody"));

  216. 			add_cell(row, d, "parent");

  217. 			me.set_show_users(add_cell(row, d, "role"), d.role);

  218. 			

  219. 			var cell = add_cell(row, d, "permlevel");

  220. 			if(d.permlevel==0) {

  221. 				cell.css("font-weight", "bold");

  222. 				row.addClass("warning");

  223. 			}

  224. 			add_cell(row, d, "read", true);

  225. 			add_cell(row, d, "write", true);

  226. 			add_cell(row, d, "create", true);

  227. 			add_cell(row, d, "submit", true);

  228. 			add_cell(row, d, "cancel", true);

  229. 			add_cell(row, d, "amend", true);

  230. 						

  231. 			// buttons

  232. 			me.add_match_button(row, d);

  233. 			me.add_delete_button(row, d);

  234. 		});

  235. 	},

  236. 	set_show_users: function(cell, role) {

  237. 		cell.html("<a href='#'>"+role+"</a>")

  238. 			.find("a")

  239. 			.attr("data-role", role)

  240. 			.click(function() {

  241. 				var role = $(this).attr("data-role");

  242. 				wn.call({

  243. 					module: "core",

  244. 					page: "permission_manager",

  245. 					method: "get_users_with_role",

  246. 					args: {

  247. 						role: role

  248. 					},

  249. 					callback: function(r) {

  250. 						r.message = $.map(r.message, function(p) {

  251. 							return '<a href="#Form/Profile/'+p+'">'+p+'</a>';

  252. 						})

  253. 						msgprint("<h4>Users with role "+role+":</h4>" 

  254. 							+ r.message.join("<br>"));

  255. 					}

  256. 				})

  257. 				return false;

  258. 			})

  259. 	},

  260. 	add_match_button: function(row, d) {

  261. 		var me = this;

  262. 		if(d.permlevel > 0) {

  263. 			$("<td>-</td>").appendTo(row);

  264. 			return;

  265. 		}

  266. 		var btn = $("<button class='btn btn-small'></button>")

  267. 			.html(d.match ? d.match : "For All Users")

  268. 			.appendTo($("<td>").appendTo(row))

  269. 			.attr("data-name", d.name)

  270. 			.click(function() {

  271. 				me.show_match_manager($(this).attr("data-name"));

  272. 			});

  273. 		if(d.match) btn.addClass("btn-inverse");

  274. 	},

  275. 	add_delete_button: function(row, d) {

  276. 		var me = this;

  277. 		$("<button class='btn btn-small'><i class='icon-remove'></i></button>")

  278. 			.appendTo($("<td>").appendTo(row))

  279. 			.attr("data-name", d.name)

  280. 			.attr("data-doctype", d.parent)

  281. 			.click(function() {

  282. 				wn.call({

  283. 					module: "core",

  284. 					page: "permission_manager",

  285. 					method: "remove",

  286. 					args: {

  287. 						name: $(this).attr("data-name"),

  288. 						doctype: $(this).attr("data-doctype")

  289. 					},

  290. 					callback: function(r) {

  291. 						if(r.exc) {

  292. 							msgprint("Did not remove.");

  293. 						} else {

  294. 							me.refresh();

  295. 						}

  296. 					}

  297. 				})

  298. 			});

  299. 	},

  300. 	add_check_events: function() {

  301. 		var me = this;

  302. 		this.body.on("click", "input[type='checkbox']", function() {

  303. 			var chk = $(this);

  304. 			var args = {

  305. 				name: chk.attr("data-name"),

  306. 				doctype: chk.attr("data-doctype"),

  307. 				ptype: chk.attr("data-ptype"),

  308. 				value: chk.is(":checked") ? 1 : 0

  309. 			}

  310. 			wn.call({

  311. 				module: "core",

  312. 				page: "permission_manager",

  313. 				method: "update",

  314. 				args: args,

  315. 				callback: function(r) {

  316. 					if(r.exc) {

  317. 						// exception: reverse

  318. 						chk.attr("checked", chk.is(":checked") ? null : "checked");

  319. 					} else {

  320. 						me.get_perm(args.name)[args.ptype]=args.value; 

  321. 					}

  322. 				}

  323. 			})

  324. 		})

  325. 	},

  326. 	show_add_rule: function() {

  327. 		var me = this;

  328. 		$("<button class='btn btn-info'>Add A New Rule</button>")

  329. 			.appendTo($("<p>").appendTo(this.body))

  330. 			.click(function() {

  331. 				var d = new wn.ui.Dialog({

  332. 					title: "Add New Permission Rule",

  333. 					fields: [

  334. 						{fieldtype:"Select", label:"Document Type",

  335. 							options:me.options.doctypes, reqd:1, fieldname:"parent"},

  336. 						{fieldtype:"Select", label:"Role",

  337. 							options:me.options.roles, reqd:1},

  338. 						{fieldtype:"Select", label:"Permission Level",

  339. 							options:[0,1,2,3,4,5,6,7,8,9], reqd:1, fieldname: "permlevel",

  340. 							description:"Level 0 is for document level permissions, higher levels for field level permissions."},

  341. 						{fieldtype:"Button", label:"Add"},

  342. 					]

  343. 				});

  344. 				if(me.get_doctype()) {

  345. 					d.set_value("parent", me.get_doctype());

  346. 					d.get_input("parent").attr("disabled", true);

  347. 				}

  348. 				if(me.get_role()) {

  349. 					d.set_value("role", me.get_role());

  350. 					d.get_input("role").attr("disabled", true);

  351. 				}

  352. 				d.set_value("permlevel", "0");

  353. 				d.get_input("add").click(function() {

  354. 					var args = d.get_values();

  355. 					if(!args) {

  356. 						return;

  357. 					}

  358. 					wn.call({

  359. 						module: "core",

  360. 						page: "permission_manager",

  361. 						method: "add",

  362. 						args: args,

  363. 						callback: function(r) {

  364. 							if(r.exc) {

  365. 								msgprint("Did not add.");

  366. 							} else {

  367. 								me.refresh();

  368. 							}

  369. 						}

  370. 					})

  371. 					d.hide();

  372. 				});

  373. 				d.show();

  374. 			});

  375. 	},

  376. 	get_perm: function(name) {

  377. 		return $.map(this.perm_list, function(d) { if(d.name==name) return d; })[0];		

  378. 	},

  379. 	show_match_manager:function(name) {

  380. 		var perm = this.get_perm(name);

  381. 		var me = this;

  382. 		

  383. 		wn.model.with_doctype(perm.parent, function() {

  384. 			var dialog = new wn.ui.Dialog({

  385. 				title: "Applies for Users",

  386. 			});

  387. 			$(dialog.body).html("<h4>Rule Applies to Following Users:</h4>\

  388. 			<label class='radio'>\

  389. 			<input name='perm-rule' type='radio' value=''> All users with role <b>"+perm.role+"</b>.\

  390. 			</label>\

  391. 			<label class='radio'>\

  392. 			<input name='perm-rule' type='radio' value='owner'> The user is the creator of the document.\

  393. 			</label>").css("padding", "15px");

  394. 

  395. 			// profile fields

  396. 			$.each(me.get_profile_fields(perm.parent), function(i, d) {

  397. 				$("<label class='radio'>\

  398. 				<input name='perm-rule' type='radio' value='"+d.fieldname

  399. 					+":user'>Value of field <b>"+d.label+"</b> is the User.\

  400. 				</label>").appendTo(dialog.body);

  401. 			});

  402. 

  403. 			// add options for all link fields

  404. 			$.each(me.get_link_fields(perm.parent), function(i, d) {

  405. 				$("<label class='radio'>\

  406. 				<input name='perm-rule' type='radio' value='"+d.fieldname

  407. 					+"'><b>"+d.label+"</b> in <b>"+d.parent+"</b> matches <a href='#user-properties'>User Property</a> <b>"

  408. 					+d.fieldname+"</b>.\

  409. 				</label>").appendTo(dialog.body);

  410. 			});

  411. 			

  412. 			// button

  413. 			$("<button class='btn btn-info'>Update</button>")

  414. 				.appendTo($("<p>").appendTo(dialog.body))

  415. 				.attr("data-name", perm.name)

  416. 				.click(function() {

  417. 					var match_value = $(dialog.wrapper).find(":radio:checked").val();

  418. 					var perm = me.get_perm($(this).attr('data-name'))

  419. 					wn.call({

  420. 						module: "core",

  421. 						page: "permission_manager",

  422. 						method: "update_match",

  423. 						args: {

  424. 							name: perm.name,

  425. 							doctype: perm.parent,

  426. 							match: match_value

  427. 						},

  428. 						callback: function() {

  429. 							dialog.hide();

  430. 							me.refresh();

  431. 						}

  432. 					})

  433. 				});

  434. 			dialog.show();

  435. 			

  436. 			// select

  437. 			if(perm.match) {

  438. 				$(dialog.wrapper).find("[value='"+perm.match+"']").attr("checked", "checked").focus();

  439. 			} else {

  440. 				$(dialog.wrapper).find('[value=""]').attr("checked", "checked").focus();

  441. 			}

  442. 		});

  443. 	},

  444. 	get_profile_fields: function(doctype) {

  445. 		var profile_fields = wn.model.get("DocField", {parent:doctype, 

  446. 			fieldtype:"Link", options:"Profile"});

  447. 		

  448. 		profile_fields = profile_fields.concat(wn.model.get("DocField", {parent:doctype, 

  449. 				fieldtype:"Select", link_doctype:"Profile"}))

  450. 		

  451. 		return 	profile_fields	

  452. 	},

  453. 	get_link_fields: function(doctype) {

  454. 		return link_fields = wn.model.get("DocField", {parent:doctype, 

  455. 			fieldtype:"Link", options:["not in", ["Profile", '[Select]']]});

  456. 	}

  457. })