def test_fieldlevel_permissions_in_load(self):
blog = frappe.get_doc({
"doctype": "Blog Post",
"blog_category": "-test-blog-category-1",
"blog_intro": "Test Blog Intro",
"blogger": "_Test Blogger 1",
"content": "Test Blog Content",
"title": "_Test Blog Post {}".format(frappe.utils.now()),
"published": 0
})
blog.insert()
user = frappe.get_doc('User', '*****@*****.**')
user_roles = frappe.get_roles()
user.remove_roles(*user_roles)
user.add_roles('Blogger')
blog_post_property_setter = make_property_setter('Blog Post', 'published', 'permlevel', 1, 'Int')
reset('Blog Post')
add('Blog Post', 'Website Manager', 1)
update('Blog Post', 'Website Manager', 1, 'write', 1)
frappe.set_user(user.name)
blog_doc = get_blog(blog.name)
self.assertEqual(blog_doc.name, blog.name)
# since published field has higher permlevel
self.assertEqual(blog_doc.published, None)
# this will be ignored because user does not
# have write access on `published` field (or on permlevel 1 fields)
blog_doc.published = 1
blog_doc.save()
# since published field has higher permlevel
self.assertEqual(blog_doc.published, 0)
frappe.set_user('Administrator')
user.add_roles('Website Manager')
frappe.set_user(user.name)
doc = frappe.get_doc('Blog Post', blog.name)
doc.published = 1
doc.save()
blog_doc = get_blog(blog.name)
# now user should be allowed to read field with higher permlevel
# (after adding Website Manager role)
self.assertEqual(blog_doc.published, 1)
frappe.set_user('Administrator')
# reset user roles
user.remove_roles('Blogger', 'Website Manager')
user.add_roles(*user_roles)
blog_doc.delete()
frappe.delete_doc(blog_post_property_setter.doctype, blog_post_property_setter.name)
def test_reportview_get(self):
user = frappe.get_doc("User", "*****@*****.**")
add_child_table_to_blog_post()
user_roles = frappe.get_roles()
user.remove_roles(*user_roles)
user.add_roles("Blogger")
make_property_setter("Blog Post", "published", "permlevel", 1, "Int")
reset("Blog Post")
add("Blog Post", "Website Manager", 1)
update("Blog Post", "Website Manager", 1, "write", 1)
frappe.set_user(user.name)
frappe.local.request = frappe._dict()
frappe.local.request.method = "POST"
frappe.local.form_dict = frappe._dict({
"doctype":
"Blog Post",
"fields": ["published", "title", "`tabTest Child`.`test_field`"],
})
# even if * is passed, fields which are not accessible should be filtered out
response = execute_cmd("frappe.desk.reportview.get")
self.assertListEqual(response["keys"], ["title"])
frappe.local.form_dict = frappe._dict({
"doctype": "Blog Post",
"fields": ["*"],
})
response = execute_cmd("frappe.desk.reportview.get")
self.assertNotIn("published", response["keys"])
frappe.set_user("Administrator")
user.add_roles("Website Manager")
frappe.set_user(user.name)
frappe.set_user("Administrator")
# Admin should be able to see access all fields
frappe.local.form_dict = frappe._dict({
"doctype":
"Blog Post",
"fields": ["published", "title", "`tabTest Child`.`test_field`"],
})
response = execute_cmd("frappe.desk.reportview.get")
self.assertListEqual(response["keys"],
["published", "title", "test_field"])
# reset user roles
user.remove_roles("Blogger", "Website Manager")
user.add_roles(*user_roles)
def test_fieldlevel_permissions_in_load_for_child_table(self):
contact = frappe.new_doc('Contact')
contact.first_name = '_Test Contact 1'
contact.append('phone_nos', {'phone': '123456'})
contact.insert()
user = frappe.get_doc('User', '*****@*****.**')
user_roles = frappe.get_roles()
user.remove_roles(*user_roles)
user.add_roles('Accounts User')
make_property_setter('Contact Phone', 'phone', 'permlevel', 1, 'Int')
reset('Contact Phone')
add('Contact', 'Sales User', 1)
update('Contact', 'Sales User', 1, 'write', 1)
frappe.set_user(user.name)
contact = frappe.get_doc('Contact', '_Test Contact 1')
contact.phone_nos[0].phone = '654321'
contact.save()
self.assertEqual(contact.phone_nos[0].phone, '123456')
frappe.set_user('Administrator')
user.add_roles('Sales User')
frappe.set_user(user.name)
contact.phone_nos[0].phone = '654321'
contact.save()
contact = frappe.get_doc('Contact', '_Test Contact 1')
self.assertEqual(contact.phone_nos[0].phone, '654321')
frappe.set_user('Administrator')
# reset user roles
user.remove_roles('Accounts User', 'Sales User')
user.add_roles(*user_roles)
contact.delete()
def test_fieldlevel_permissions_in_load_for_child_table(self):
contact = frappe.new_doc("Contact")
contact.first_name = "_Test Contact 1"
contact.append("phone_nos", {"phone": "123456"})
contact.insert()
user = frappe.get_doc("User", "*****@*****.**")
user_roles = frappe.get_roles()
user.remove_roles(*user_roles)
user.add_roles("Accounts User")
make_property_setter("Contact Phone", "phone", "permlevel", 1, "Int")
reset("Contact Phone")
add("Contact", "Sales User", 1)
update("Contact", "Sales User", 1, "write", 1)
frappe.set_user(user.name)
contact = frappe.get_doc("Contact", "_Test Contact 1")
contact.phone_nos[0].phone = "654321"
contact.save()
self.assertEqual(contact.phone_nos[0].phone, "123456")
frappe.set_user("Administrator")
user.add_roles("Sales User")
frappe.set_user(user.name)
contact.phone_nos[0].phone = "654321"
contact.save()
contact = frappe.get_doc("Contact", "_Test Contact 1")
self.assertEqual(contact.phone_nos[0].phone, "654321")
frappe.set_user("Administrator")
# reset user roles
user.remove_roles("Accounts User", "Sales User")
user.add_roles(*user_roles)
contact.delete()
