Example #1
0
    def validate_ip_address(self):
        """check if IP Address is valid"""
        user = dataent.get_doc("User", self.user)
        ip_list = user.get_restricted_ip_list()
        if not ip_list:
            return

        bypass_restrict_ip_check = 0
        # check if two factor auth is enabled
        enabled = int(
            dataent.get_system_settings('enable_two_factor_auth') or 0)
        if enabled:
            #check if bypass restrict ip is enabled for all users
            bypass_restrict_ip_check = int(
                dataent.get_system_settings(
                    'bypass_restrict_ip_check_if_2fa_enabled') or 0)
            if not bypass_restrict_ip_check:
                #check if bypass restrict ip is enabled for login user
                bypass_restrict_ip_check = int(
                    dataent.db.get_value(
                        'User', self.user,
                        'bypass_restrict_ip_check_if_2fa_enabled') or 0)
        for ip in ip_list:
            if dataent.local.request_ip.startswith(
                    ip) or bypass_restrict_ip_check:
                return

        dataent.throw(_("Not allowed from this IP Address"),
                      dataent.AuthenticationError)
Example #2
0
	def add_code(self):
		if self.custom:
			return

		path = os.path.join(get_module_path(self.module), 'doctype', scrub(self.name))
		def _get_path(fname):
			return os.path.join(path, scrub(fname))

		system_country = dataent.get_system_settings("country")

		self._add_code(_get_path(self.name + '.js'), '__js')
		if system_country:
			self._add_code(_get_path(os.path.join('regional', system_country + '.js')), '__js')

		self._add_code(_get_path(self.name + '.css'), "__css")
		self._add_code(_get_path(self.name + '_list.js'), '__list_js')
		if system_country:
			self._add_code(_get_path(os.path.join('regional', system_country + '_list.js')), '__list_js')

		self._add_code(_get_path(self.name + '_calendar.js'), '__calendar_js')
		self._add_code(_get_path(self.name + '_tree.js'), '__tree_js')

		listview_template = _get_path(self.name + '_list.html')
		if os.path.exists(listview_template):
			self.set("__listview_template", get_html_format(listview_template))

		self.add_code_via_hook("doctype_js", "__js")
		self.add_code_via_hook("doctype_list_js", "__list_js")
		self.add_code_via_hook("doctype_tree_js", "__tree_js")
		self.add_code_via_hook("doctype_calendar_js", "__calendar_js")
		self.add_html_templates(path)
Example #3
0
def get_context(context):
	redirect_to = dataent.local.request.args.get("redirect-to")

	if dataent.session.user != "Guest":
		if not redirect_to:
			redirect_to = "/" if dataent.session.data.user_type=="Website User" else "/desk"
		dataent.local.flags.redirect_location = redirect_to
		raise dataent.Redirect

	# get settings from site config
	context.no_header = True
	context.for_test = 'login.html'
	context["title"] = "Login"
	context["provider_logins"] = []
	context["disable_signup"] = dataent.utils.cint(dataent.db.get_value("Website Settings", "Website Settings", "disable_signup"))
	providers = [i.name for i in dataent.get_all("Social Login Key", filters={"enable_social_login":1})]
	for provider in providers:
		client_id, base_url = dataent.get_value("Social Login Key", provider, ["client_id", "base_url"])
		client_secret = get_decrypted_password("Social Login Key", provider, "client_secret")
		icon = get_icon_html(dataent.get_value("Social Login Key", provider, "icon"), small=True)
		if (get_oauth_keys(provider) and client_secret and client_id and base_url):
			context.provider_logins.append({
				"name": provider,
				"provider_name": dataent.get_value("Social Login Key", provider, "provider_name"),
				"auth_url": get_oauth2_authorize_url(provider, redirect_to),
				"icon": icon
			})
			context["social_login"] = True
	ldap_settings = LDAPSettings.get_ldap_client_settings()
	context["ldap_settings"] = ldap_settings

	login_name_placeholder = [_("Email address")]

	if dataent.utils.cint(dataent.get_system_settings("allow_login_using_mobile_number")):
		login_name_placeholder.append(_("Mobile number"))

	if dataent.utils.cint(dataent.get_system_settings("allow_login_using_user_name")):
		login_name_placeholder.append(_("Username"))

	context['login_name_placeholder'] = ' {0} '.format(_('or')).join(login_name_placeholder)

	return context
Example #4
0
def get_region(company=None):
    '''Return the default country based on flag, company or global settings

	You can also set global company flag in `dataent.flags.company`
	'''
    if company or dataent.flags.company:
        return dataent.get_cached_value('Company', company
                                        or dataent.flags.company, 'country')
    elif dataent.flags.country:
        return dataent.flags.country
    else:
        return dataent.get_system_settings('country')
Example #5
0
    def add_user_permissions(self, user_permissions):
        meta = dataent.get_meta(self.doctype)
        doctype_link_fields = []
        doctype_link_fields = meta.get_link_fields()
        doctype_link_fields.append(
            dict(
                options=self.doctype,
                fieldname='name',
            ))
        # appended current doctype with fieldname as 'name' to
        # and condition on doc name if user permission is found for current doctype

        match_filters = {}
        match_conditions = []
        for df in doctype_link_fields:
            user_permission_values = user_permissions.get(
                df.get('options'), {})

            if df.get('ignore_user_permissions'): continue

            empty_value_condition = 'ifnull(`tab{doctype}`.`{fieldname}`, "")=""'.format(
                doctype=self.doctype, fieldname=df.get('fieldname'))

            if user_permission_values:
                docs = []
                if dataent.get_system_settings(
                        "apply_strict_user_permissions"):
                    condition = ""
                else:
                    condition = empty_value_condition + " or "

                for permission in user_permission_values:
                    if not permission.get('applicable_for'):
                        docs.append(permission.get('doc'))

                    # append docs based on user permission applicable on reference doctype

                    # This is useful when getting list of doc from a link field
                    # in this case parent doctype of the link will be the
                    # will be the reference doctype

                    elif df.get(
                            'fieldname') == 'name' and self.reference_doctype:
                        if permission.get(
                                'applicable_for') == self.reference_doctype:
                            docs.append(permission.get('doc'))

                    elif permission.get('applicable_for') == self.doctype:
                        docs.append(permission.get('doc'))

                if docs:
                    condition += "`tab{doctype}`.`{fieldname}` in ({values})".format(
                        doctype=self.doctype,
                        fieldname=df.get('fieldname'),
                        values=", ".join([
                            ('"' + dataent.db.escape(doc, percent=False) + '"')
                            for doc in docs
                        ]))

                    match_conditions.append(
                        "({condition})".format(condition=condition))
                    match_filters[df.get('options')] = docs

        if match_conditions:
            self.match_conditions.append(" and ".join(match_conditions))

        if match_filters:
            self.match_filters.append(match_filters)
Example #6
0
def has_user_permission(doc, user=None):
    '''Returns True if User is allowed to view considering User Permissions'''
    from dataent.core.doctype.user_permission.user_permission import get_user_permissions
    user_permissions = get_user_permissions(user)

    if not user_permissions:
        # no user permission rules specified for this doctype
        return True

    # user can create own role permissions, so nothing applies
    if get_role_permissions('User Permission', user=user).get('write'):
        return True

    apply_strict_user_permissions = dataent.get_system_settings(
        'apply_strict_user_permissions')

    doctype = doc.get('doctype')
    docname = doc.get('name')

    # STEP 1: ---------------------
    # check user permissions on self
    if doctype in user_permissions:
        allowed_docs = get_allowed_docs_for_doctype(
            user_permissions.get(doctype, []), doctype)

        # if allowed_docs is empty it states that there is no applicable permission under the current doctype

        # only check if allowed_docs is not empty
        if allowed_docs and docname not in allowed_docs:
            # no user permissions for this doc specified
            push_perm_check_log(
                _('Not allowed for {0}: {1}').format(_(doctype), docname))
            return False

    # STEP 2: ---------------------------------
    # check user permissions in all link fields

    def check_user_permission_on_link_fields(d):
        # check user permissions for all the link fields of the given
        # document object d
        #
        # called for both parent and child records

        meta = dataent.get_meta(d.get("doctype"))

        # check all link fields for user permissions
        for field in meta.get_link_fields():

            if field.ignore_user_permissions: continue

            # empty value, do you still want to apply user permissions?
            if not d.get(
                    field.fieldname) and not apply_strict_user_permissions:
                # nah, not strict
                continue

            if field.options not in user_permissions:
                continue

            # get the list of all allowed values for this link
            allowed_docs = get_allowed_docs_for_doctype(
                user_permissions.get(field.options, []), doctype)

            if allowed_docs and d.get(field.fieldname) not in allowed_docs:
                # restricted for this link field, and no matching values found
                # make the right message and exit
                if d.get('parentfield'):
                    # "Not allowed for Company = Restricted Company in Row 3. Restricted field: reference_type"
                    msg = _(
                        'Not allowed for {0}: {1} in Row {2}. Restricted field: {3}'
                    ).format(_(field.options), d.get(field.fieldname), d.idx,
                             field.fieldname)
                else:
                    # "Not allowed for Company = Restricted Company. Restricted field: reference_type"
                    msg = _('Not allowed for {0}: {1}. Restricted field: {2}'
                            ).format(_(field.options), d.get(field.fieldname),
                                     field.fieldname)

                push_perm_check_log(msg)

                return False

        return True

    if not check_user_permission_on_link_fields(doc):
        return False

    for d in doc.get_all_children():
        if not check_user_permission_on_link_fields(d):
            return False

    return True