def get_roles_and_doctypes(): dataent.only_for("System Manager") send_translations(dataent.get_lang_dict("doctype", "DocPerm")) active_domains = dataent.get_active_domains() doctypes = dataent.get_all("DocType", filters={ "istable": 0, "name": ("not in", ",".join(not_allowed_in_permission_manager)), }, or_filters={ "ifnull(restrict_to_domain, '')": "", "restrict_to_domain": ("in", active_domains) }, fields=["name"]) roles = dataent.get_all("Role", filters={ "name": ("not in", "Administrator"), "disabled": 0, }, or_filters={ "ifnull(restrict_to_domain, '')": "", "restrict_to_domain": ("in", active_domains) }, fields=["name"]) doctypes_list = [ {"label":_(d.get("name")), "value":d.get("name")} for d in doctypes] roles_list = [ {"label":_(d.get("name")), "value":d.get("name")} for d in roles] return { "doctypes": sorted(doctypes_list, key=lambda d: d['label']), "roles": sorted(roles_list, key=lambda d: d['label']) }
def delete_company_transactions(company_name): dataent.only_for("System Manager") doc = dataent.get_doc("Company", company_name) if dataent.session.user != doc.owner: dataent.throw( _("Transactions can only be deleted by the creator of the Company" ), dataent.PermissionError) delete_bins(company_name) delete_lead_addresses(company_name) for doctype in dataent.db.sql_list("""select parent from tabDocField where fieldtype='Link' and options='Company'"""): if doctype not in ("Account", "Cost Center", "Warehouse", "Budget", "Party Account", "Employee", "Sales Taxes and Charges Template", "Purchase Taxes and Charges Template", "POS Profile", 'BOM'): delete_for_doctype(doctype, company_name) # reset company values doc.total_monthly_sales = 0 doc.sales_monthly_history = None doc.save() # Clear notification counts clear_notifications()
def check_applicable_doc_perm(user, doctype, docname): dataent.only_for('System Manager') applicable = [] doc_exists = dataent.get_all('User Permission', fields=['name'], filters={ "user": user, "allow": doctype, "for_value": docname, "apply_to_all_doctypes": 1, }, limit=1) if doc_exists: applicable = get_linked_doctypes(doctype).keys() else: data = dataent.get_all('User Permission', fields=['applicable_for'], filters={ "user": user, "allow": doctype, "for_value": docname, }) for d in data: applicable.append(d.applicable_for) return applicable
def get_users_with_role(role): dataent.only_for("System Manager") return [p[0] for p in dataent.db.sql("""select distinct tabUser.name from `tabHas Role`, tabUser where `tabHas Role`.role=%s and tabUser.name != "Administrator" and `tabHas Role`.parent = tabUser.name and tabUser.enabled=1""", role)]
def get_password(doctype, name, fieldname): '''Return a password type property. Only applicable for System Managers :param doctype: DocType of the document that holds the password :param name: `name` of the document that holds the password :param fieldname: `fieldname` of the password property ''' dataent.only_for("System Manager") return dataent.get_doc(doctype, name).get_password(fieldname)
def download_backup(path): try: dataent.only_for(("System Manager", "Administrator")) except dataent.PermissionError: raise Forbidden( _("You need to be logged in and have System Manager Role to be able to access backups." )) return send_private_file(path)
def get_standard_permissions(doctype): dataent.only_for("System Manager") meta = dataent.get_meta(doctype) if meta.custom: doc = dataent.get_doc('DocType', doctype) return [p.as_dict() for p in doc.permissions] else: # also used to setup permissions via patch path = get_file_path(meta.module, "DocType", doctype) return read_doc_from_file(path).get("permissions")
def clear_user_permissions(user, for_doctype): dataent.only_for('System Manager') total = dataent.db.count('User Permission', filters=dict(user=user, allow=for_doctype)) if total: dataent.db.sql( 'DELETE FROM `tabUser Permission` WHERE user=%s AND allow=%s', (user, for_doctype)) dataent.clear_cache() return total
def update_icons(hidden_list, user=None): """update modules""" if not user: dataent.only_for('System Manager') set_hidden_list(hidden_list, user) dataent.msgprint(dataent._('Updated'), indicator='green', title=_('Success'), alert=True)
def remove(doctype, role, permlevel): dataent.only_for("System Manager") setup_custom_perms(doctype) name = dataent.get_value('Custom DocPerm', dict(parent=doctype, role=role, permlevel=permlevel)) dataent.db.sql('delete from `tabCustom DocPerm` where name=%s', name) if not dataent.get_all('Custom DocPerm', dict(parent=doctype)): dataent.throw(_('There must be atleast one permission rule.'), title=_('Cannot Remove')) validate_permissions_for_doctype(doctype, for_remove=True)
def on_trash(doc): if doc.communication_type != "Comment": return if doc.reference_doctype == "Message": return if (doc.comment_type or "Comment") != "Comment": dataent.only_for("System Manager") _comments = get_comments_from_parent(doc) for c in _comments: if c.get("name") == doc.name: _comments.remove(c) update_comments_in_parent(doc.reference_doctype, doc.reference_name, _comments)
def get_module_icons(user=None): if user != dataent.session.user: dataent.only_for('System Manager') if not user: icons = dataent.db.get_all('Desktop Icon', fields='*', filters={'standard': 1}, order_by='idx') else: dataent.cache().hdel('desktop_icons', user) icons = get_user_icons(user) for icon in icons: icon.value = dataent.db.escape(_(icon.label or icon.module_name)) return {'icons': icons, 'user': user}
def get_permissions(doctype=None, role=None): dataent.only_for("System Manager") if role: out = get_all_perms(role) if doctype: out = [p for p in out if p.parent == doctype] else: out = dataent.get_all('Custom DocPerm', fields='*', filters=dict(parent = doctype), order_by="permlevel") if not out: out = dataent.get_all('DocPerm', fields='*', filters=dict(parent = doctype), order_by="permlevel") linked_doctypes = {} for d in out: if not d.parent in linked_doctypes: linked_doctypes[d.parent] = get_linked_doctypes(d.parent) d.linked_doctypes = linked_doctypes[d.parent] meta = dataent.get_meta(d.parent) if meta: d.is_submittable = meta.is_submittable return out
def add_user_permissions(data): ''' Add and update the user permissions ''' dataent.only_for('System Manager') if isinstance(data, dataent.string_types): data = json.loads(data) data = dataent._dict(data) d = check_applicable_doc_perm(data.user, data.doctype, data.docname) exists = dataent.db.exists( "User Permission", { "user": data.user, "allow": data.doctype, "for_value": data.docname, "apply_to_all_doctypes": 1 }) if data.apply_to_all_doctypes == 1 and not exists: remove_applicable(d, data.user, data.doctype, data.docname) insert_user_perm(data.user, data.doctype, data.docname, apply_to_all=1) return 1 elif len(data.applicable_doctypes) > 0 and data.apply_to_all_doctypes != 1: remove_apply_to_all(data.user, data.doctype, data.docname) update_applicable(d, data.applicable_doctypes, data.user, data.doctype, data.docname) for applicable in data.applicable_doctypes: if applicable not in d: insert_user_perm(data.user, data.doctype, data.docname, applicable=applicable) elif exists: insert_user_perm(data.user, data.doctype, data.docname, applicable=applicable) return 1 return 0
def replace_abbr(company, old, new): new = new.strip() if not new: dataent.throw(_("Abbr can not be blank or space")) dataent.only_for("System Manager") dataent.db.set_value("Company", company, "abbr", new) def _rename_record(doc): parts = doc[0].rsplit(" - ", 1) if len(parts) == 1 or parts[1].lower() == old.lower(): dataent.rename_doc(dt, doc[0], parts[0] + " - " + new) def _rename_records(dt): # rename is expensive so let's be economical with memory usage doc = (d for d in dataent.db.sql("select name from `tab%s` where company=%s" % (dt, '%s'), company)) for d in doc: _rename_record(d) for dt in ["Warehouse", "Account", "Cost Center", "Department", "Sales Taxes and Charges Template", "Purchase Taxes and Charges Template"]: _rename_records(dt) dataent.db.commit()
def install_app(name, verbose=False, set_as_patched=True): dataent.flags.in_install = name dataent.flags.ignore_in_install = False dataent.clear_cache() app_hooks = dataent.get_hooks(app_name=name) installed_apps = dataent.get_installed_apps() # install pre-requisites if app_hooks.required_apps: for app in app_hooks.required_apps: install_app(app) dataent.flags.in_install = name dataent.clear_cache() if name not in dataent.get_all_apps(): raise Exception("App not in apps.txt") if name in installed_apps: dataent.msgprint(_("App {0} already installed").format(name)) return print("\nInstalling {0}...".format(name)) if name != "dataent": dataent.only_for("System Manager") for before_install in app_hooks.before_install or []: out = dataent.get_attr(before_install)() if out == False: return if name != "dataent": add_module_defs(name) sync_for(name, force=True, sync_everything=True, verbose=verbose, reset_permissions=True) sync_from_app(name) add_to_installed_apps(name) dataent.get_doc('Portal Settings', 'Portal Settings').sync_menu() if set_as_patched: set_all_patches_as_completed(name) for after_install in app_hooks.after_install or []: dataent.get_attr(after_install)() sync_fixtures(name) sync_customizations(name) for after_sync in app_hooks.after_sync or []: dataent.get_attr(after_sync)() # dataent.flags.in_install = False
def clear_error_logs(): '''Flush all Error Logs''' dataent.only_for('System Manager') dataent.db.sql('''delete from `tabError Log`''')
def reset(doctype): dataent.only_for("System Manager") reset_perms(doctype) clear_permissions_cache(doctype)
def clear_all_sessions(reason=None): """This effectively logs out all users""" dataent.only_for("Administrator") if not reason: reason = "Deleted All Active Session" for sid in dataent.db.sql_list("select sid from `tabSessions`"): delete_session(sid, reason=reason)
def update(doctype, role, permlevel, ptype, value=None): dataent.only_for("System Manager") out = update_permission_property(doctype, role, permlevel, ptype, value) return 'refresh' if out else None
def add(parent, role, permlevel): dataent.only_for("System Manager") add_permission(parent, role, permlevel)