def validate(self):
from erpnext.controllers.status_updater import validate_status
validate_status(self.status, ["Active", "Temporary Leave", "Left"])
self.employee = self.name
self.set_employee_name()
self.validate_date()
self.validate_email()
self.validate_status()
self.validate_reports_to()
self.validate_preferred_email()
if self.job_applicant:
self.validate_onboarding_process()
if self.user_id:
self.validate_user_details()
else:
existing_user_id = frappe.db.get_value("Employee", self.name, "user_id")
if existing_user_id:
remove_user_permission(
"Employee", self.name, existing_user_id)
def test_insert_if_owner_with_user_permissions(self):
"""If `If Owner` is checked for a Role, check if that document
is allowed to be read, updated, submitted, etc. except be created,
even if the document is restricted based on User Permissions."""
frappe.delete_doc('Blog Post', '-test-blog-post-title')
self.if_owner_setup()
frappe.set_user("*****@*****.**")
doc = frappe.get_doc({
"doctype": "Blog Post",
"blog_category": "_Test Blog Category",
"blogger": "_Test Blogger 1",
"title": "_Test Blog Post Title",
"content": "_Test Blog Post Content"
})
self.assertRaises(frappe.PermissionError, doc.insert)
frappe.set_user('*****@*****.**')
add_user_permission("Blog Category", "_Test Blog Category",
"*****@*****.**")
frappe.set_user("*****@*****.**")
doc.insert()
frappe.set_user("Administrator")
remove_user_permission("Blog Category", "_Test Blog Category",
"*****@*****.**")
frappe.set_user("*****@*****.**")
doc = frappe.get_doc(doc.doctype, doc.name)
self.assertTrue(doc.has_permission("read"))
self.assertTrue(doc.has_permission("write"))
self.assertFalse(doc.has_permission("create"))
# delete created record
frappe.set_user("Administrator")
frappe.delete_doc('Blog Post', '-test-blog-post-title')
def test_insert_if_owner_with_user_permissions(self):
"""If `If Owner` is checked for a Role, check if that document
is allowed to be read, updated, submitted, etc. except be created,
even if the document is restricted based on User Permissions."""
frappe.delete_doc('Blog Post', '-test-blog-post-title')
self.if_owner_setup()
frappe.set_user("*****@*****.**")
doc = frappe.get_doc({
"doctype": "Blog Post",
"blog_category": "-test-blog-category",
"blogger": "_Test Blogger 1",
"title": "_Test Blog Post Title",
"content": "_Test Blog Post Content"
})
self.assertRaises(frappe.PermissionError, doc.insert)
frappe.set_user('*****@*****.**')
add_user_permission("Blog Category", "-test-blog-category",
"*****@*****.**")
frappe.set_user("*****@*****.**")
doc.insert()
frappe.set_user("Administrator")
remove_user_permission("Blog Category", "-test-blog-category",
"*****@*****.**")
frappe.set_user("*****@*****.**")
doc = frappe.get_doc(doc.doctype, doc.name)
self.assertTrue(doc.has_permission("read"))
self.assertTrue(doc.has_permission("write"))
self.assertFalse(doc.has_permission("create"))
# delete created record
frappe.set_user("Administrator")
frappe.delete_doc('Blog Post', '-test-blog-post-title')
def validate(self):
from erpnext.controllers.status_updater import validate_status
validate_status(self.status, ["Active", "Temporary Leave", "Left"])
self.employee = self.name
self.set_employee_name()
self.validate_date()
self.validate_email()
self.validate_status()
self.validate_reports_to()
self.validate_preferred_email()
if self.job_applicant:
self.validate_onboarding_process()
if self.user_id:
self.validate_for_enabled_user_id()
self.validate_duplicate_user_id()
else:
existing_user_id = frappe.db.get_value("Employee", self.name,
"user_id")
if existing_user_id:
remove_user_permission("Employee", self.name, existing_user_id)
def test_ignore_user_permissions_if_missing(self):
"""If there are no user permissions, then allow as per role"""
add_user_permission("Blog Category", "_Test Blog Category",
"*****@*****.**")
frappe.set_user("*****@*****.**")
doc = frappe.get_doc({
"doctype": "Blog Post",
"blog_category": "_Test Blog Category 2",
"blogger": "_Test Blogger 1",
"title": "_Test Blog Post Title",
"content": "_Test Blog Post Content"
})
self.assertFalse(doc.has_permission("write"))
frappe.set_user("Administrator")
remove_user_permission("Blog Category", "_Test Blog Category",
"*****@*****.**")
frappe.set_user("*****@*****.**")
self.assertTrue(doc.has_permission('write'))
def test_ignore_user_permissions_if_missing(self):
"""If there are no user permissions, then allow as per role"""
add_user_permission("Blog Category", "_Test Blog Category",
"*****@*****.**")
frappe.set_user("*****@*****.**")
doc = frappe.get_doc({
"doctype": "Blog Post",
"blog_category": "_Test Blog Category 2",
"blogger": "_Test Blogger 1",
"title": "_Test Blog Post Title",
"content": "_Test Blog Post Content"
})
self.assertFalse(doc.has_permission("write"))
frappe.set_user("Administrator")
remove_user_permission("Blog Category", "_Test Blog Category",
"*****@*****.**")
frappe.set_user("*****@*****.**")
self.assertTrue(doc.has_permission('write'))
def test_warehouse_user(self):
add_user_permission("Warehouse", "_Test Warehouse 1 - _TC",
"*****@*****.**")
add_user_permission("Warehouse", "_Test Warehouse 2 - _TC1",
"*****@*****.**")
add_user_permission("Company", "_Test Company 1", "*****@*****.**")
test_user = frappe.get_doc("User", "*****@*****.**")
test_user.add_roles("Sales User", "Sales Manager", "Stock User")
test_user.remove_roles("Stock Manager", "System Manager")
frappe.get_doc("User", "*****@*****.**")\
.add_roles("Sales User", "Sales Manager", "Stock User", "Stock Manager")
st1 = frappe.copy_doc(test_records[0])
st1.company = "_Test Company 1"
set_perpetual_inventory(0, st1.company)
frappe.set_user("*****@*****.**")
st1.get("items")[0].t_warehouse = "_Test Warehouse 2 - _TC1"
self.assertRaises(frappe.PermissionError, st1.insert)
test_user.add_roles("System Manager")
frappe.set_user("*****@*****.**")
st1 = frappe.copy_doc(test_records[0])
st1.company = "_Test Company 1"
st1.get("items")[0].t_warehouse = "_Test Warehouse 2 - _TC1"
st1.get("items")[0].expense_account = "Stock Adjustment - _TC1"
st1.get("items")[0].cost_center = "Main - _TC1"
st1.set_stock_entry_type()
st1.insert()
st1.submit()
frappe.set_user("Administrator")
remove_user_permission("Warehouse", "_Test Warehouse 1 - _TC",
"*****@*****.**")
remove_user_permission("Warehouse", "_Test Warehouse 2 - _TC1",
"*****@*****.**")
remove_user_permission("Company", "_Test Company 1",
"*****@*****.**")
def remove(user, name, defkey, defvalue):
if not can_set_user_permissions(defkey, defvalue):
frappe.throw(_("Cannot remove permission for DocType: {0} and Name: {1}").format(
defkey, defvalue), frappe.PermissionError)
remove_user_permission(defkey, defvalue, user, name)
