def check_stock_frozen_date(self): stock_frozen_upto = dataent.db.get_value('Stock Settings', None, 'stock_frozen_upto') or '' if stock_frozen_upto: stock_auth_role = dataent.db.get_value('Stock Settings', None, 'stock_auth_role') if getdate(self.posting_date) <= getdate( stock_frozen_upto ) and not stock_auth_role in dataent.get_roles(): dataent.throw( _("Stock transactions before {0} are frozen").format( formatdate(stock_frozen_upto)), StockFreezeError) stock_frozen_upto_days = int( dataent.db.get_value('Stock Settings', None, 'stock_frozen_upto_days') or 0) if stock_frozen_upto_days: stock_auth_role = dataent.db.get_value('Stock Settings', None, 'stock_auth_role') older_than_x_days_ago = (add_days(getdate( self.posting_date), stock_frozen_upto_days) <= date.today()) if older_than_x_days_ago and not stock_auth_role in dataent.get_roles( ): dataent.throw( _("Not allowed to update stock transactions older than {0}" ).format(stock_frozen_upto_days), StockFreezeError)
def get_expiry_message(): if "System Manager" not in dataent.get_roles(): return "" limits = get_limits() if not limits.expiry: return "" expires_on = getdate(get_limits().get("expiry")) today = now_datetime().date() message = "" if today > expires_on: message = _("Your subscription has expired.") else: days_to_expiry = (expires_on - today).days if days_to_expiry == 0: message = _("Your subscription will expire today.") elif days_to_expiry == 1: message = _("Your subscription will expire tomorrow.") elif days_to_expiry <= EXPIRY_WARNING_DAYS: message = _("Your subscription will expire on {0}.").format( formatdate(expires_on)) if message and limits.upgrade_url: upgrade_link = get_upgrade_link(limits.upgrade_url) message += ' ' + _('To renew, {0}.').format(upgrade_link) return message
def get_role_permissions(doctype_meta, user=None): """ Returns dict of evaluated role permissions like { "read": 1, "write": 0, // if "if_owner" is enabled "if_owner": { "read": 1, "write": 0 } } """ if isinstance(doctype_meta, string_types): doctype_meta = dataent.get_meta( doctype_meta) # assuming doctype name was passed if not user: user = dataent.session.user cache_key = (doctype_meta.name, user) if user == 'Administrator': return allow_everything() if not dataent.local.role_permissions.get(cache_key): perms = dataent._dict(if_owner={}) roles = dataent.get_roles(user) def is_perm_applicable(perm): return perm.role in roles and cint(perm.permlevel) == 0 def has_permission_without_if_owner_enabled(ptype): return any( p.get(ptype, 0) and not p.get('if_owner', 0) for p in applicable_permissions) applicable_permissions = list( filter(is_perm_applicable, getattr(doctype_meta, 'permissions', []))) has_if_owner_enabled = any( p.get('if_owner', 0) for p in applicable_permissions) for ptype in rights: pvalue = any(p.get(ptype, 0) for p in applicable_permissions) # check if any perm object allows perm type perms[ptype] = cint(pvalue) if (pvalue and has_if_owner_enabled and not has_permission_without_if_owner_enabled(ptype) and ptype != 'create'): perms['if_owner'][ptype] = 1 # has no access if not owner # only provide read access so that user is able to at-least access list # (and the documents will be filtered based on owner sin further checks) perms[ptype] = 1 if ptype == 'read' else 0 dataent.local.role_permissions[cache_key] = perms return dataent.local.role_permissions[cache_key]
def get_transitions(doc, workflow = None): '''Return list of possible transitions for the given doc''' doc = dataent.get_doc(dataent.parse_json(doc)) if doc.is_new(): return [] dataent.has_permission(doc, 'read', throw=True) roles = dataent.get_roles() if not workflow: workflow = get_workflow(doc.doctype) current_state = doc.get(workflow.workflow_state_field) if not current_state: dataent.throw(_('Workflow State not set'), WorkflowStateError) transitions = [] for transition in workflow.transitions: if transition.state == current_state and transition.allowed in roles: if transition.condition: # if condition, evaluate # access to dataent.db.get_value and dataent.db.get_list success = dataent.safe_eval(transition.condition, dict(dataent = dataent._dict( db = dataent._dict(get_value = dataent.db.get_value, get_list=dataent.db.get_list), session = dataent.session )), dict(doc = doc)) if not success: continue transitions.append(transition.as_dict()) return transitions
def bifurcate_based_on_type(self, doctype_name, total, av_dis, based_on, doc_obj, val, company): add_cond = '' auth_value = av_dis if val == 1: add_cond += " and system_user = '******'user'].replace( "'", "\\'") + "'" elif val == 2: add_cond += " and system_role IN %s" % ( "('" + "','".join(dataent.get_roles()) + "')") else: add_cond += " and ifnull(system_user,'') = '' and ifnull(system_role,'') = ''" if based_on == 'Grand Total': auth_value = total elif based_on == 'Customerwise Discount': if doc_obj: if doc_obj.doctype == 'Sales Invoice': customer = doc_obj.customer else: customer = doc_obj.customer_name add_cond = " and master_name = '" + cstr(customer).replace( "'", "\\'") + "'" if based_on == 'Itemwise Discount': if doc_obj: for t in doc_obj.get("items"): self.validate_auth_rule(doctype_name, t.discount_percentage, based_on, add_cond, company, t.item_code) else: self.validate_auth_rule(doctype_name, auth_value, based_on, add_cond, company)
def validate_party_frozen_disabled(party_type, party_name): if party_type and party_name: if party_type in ("Customer", "Supplier"): party = dataent.get_cached_value(party_type, party_name, ["is_frozen", "disabled"], as_dict=True) if party.disabled: dataent.throw( _("{0} {1} is disabled").format(party_type, party_name), PartyDisabled) elif party.get("is_frozen"): frozen_accounts_modifier = dataent.db.get_single_value( 'Accounts Settings', 'frozen_accounts_modifier') if not frozen_accounts_modifier in dataent.get_roles(): dataent.throw( _("{0} {1} is frozen").format(party_type, party_name), PartyFrozen) elif party_type == "Employee": if dataent.db.get_value("Employee", party_name, "status") == "Left": dataent.msgprint(_("{0} {1} is not active").format( party_type, party_name), alert=True)
def get_events(start, end, filters=None): events = [] employee = dataent.db.get_value("Employee", {"user_id": dataent.session.user}, ["name", "company"], as_dict=True) if employee: employee, company = employee.name, employee.company else: employee = '' company = dataent.db.get_value("Global Defaults", None, "default_company") from dataent.desk.reportview import get_filters_cond conditions = get_filters_cond("Leave Application", filters, []) # show department leaves for employee if "Employee" in dataent.get_roles(): add_department_leaves(events, start, end, employee, company) add_leaves(events, start, end, conditions) add_block_dates(events, start, end, employee, company) add_holidays(events, start, end, employee, company) return events
def compare_expense_with_budget(args, budget_amount, action_for, action, budget_against, amount=0): actual_expense = amount or get_actual_expense(args) if actual_expense > budget_amount: diff = actual_expense - budget_amount currency = dataent.get_cached_value('Company', args.company, 'default_currency') msg = _( "{0} Budget for Account {1} against {2} {3} is {4}. It will exceed by {5}" ).format(_(action_for), dataent.bold(args.account), args.budget_against_field, dataent.bold(budget_against), dataent.bold(fmt_money(budget_amount, currency=currency)), dataent.bold(fmt_money(diff, currency=currency))) if (dataent.flags.exception_approver_role and dataent.flags.exception_approver_role in dataent.get_roles( dataent.session.user)): action = "Warn" if action == "Stop": dataent.throw(msg, BudgetError) else: dataent.msgprint(msg, indicator='orange')
def onload(self): frozen_accounts_modifier = dataent.db.get_value( "Accounts Settings", "Accounts Settings", "frozen_accounts_modifier") if not frozen_accounts_modifier or frozen_accounts_modifier in dataent.get_roles( ): self.set_onload("can_freeze_account", True)
def get_customers_suppliers(doctype, user): customers = [] suppliers = [] meta = dataent.get_meta(doctype) if has_common(["Supplier", "Customer"], dataent.get_roles(user)): contacts = dataent.db.sql(""" select `tabContact`.email_id, `tabDynamic Link`.link_doctype, `tabDynamic Link`.link_name from `tabContact`, `tabDynamic Link` where `tabContact`.name=`tabDynamic Link`.parent and `tabContact`.email_id =%s """, user, as_dict=1) customers = [c.link_name for c in contacts if c.link_doctype == 'Customer'] \ if meta.get_field("customer") else None suppliers = [c.link_name for c in contacts if c.link_doctype == 'Supplier'] \ if meta.get_field("supplier") else None elif dataent.has_permission(doctype, 'read', user=user): customers = [customer.name for customer in dataent.get_list("Customer")] \ if meta.get_field("customer") else None suppliers = [supplier.name for supplier in dataent.get_list("Customer")] \ if meta.get_field("supplier") else None return customers, suppliers
def _get_home_page(): home_page = None get_website_user_home_page = dataent.get_hooks( 'get_website_user_home_page') if get_website_user_home_page: home_page = dataent.get_attr(get_website_user_home_page[-1])( dataent.session.user) if not home_page: role_home_page = dataent.get_hooks("role_home_page") if role_home_page: for role in dataent.get_roles(): if role in role_home_page: home_page = role_home_page[role][-1] break if not home_page: home_page = dataent.get_hooks("home_page") if home_page: home_page = home_page[-1] if not home_page: home_page = dataent.db.get_value("Website Settings", None, "home_page") or "login" home_page = home_page.strip('/') return home_page
def validate_due_date(posting_date, due_date, party_type, party, company=None, bill_date=None, template_name=None): if getdate(due_date) < getdate(posting_date): dataent.throw( _("Due Date cannot be before Posting / Supplier Invoice Date")) else: if not template_name: return default_due_date = get_due_date_from_template( template_name, posting_date, bill_date).strftime("%Y-%m-%d") if not default_due_date: return if default_due_date != posting_date and getdate(due_date) > getdate( default_due_date): is_credit_controller = dataent.db.get_single_value( "Accounts Settings", "credit_controller") in dataent.get_roles() if is_credit_controller: msgprint( _("Note: Due / Reference Date exceeds allowed customer credit days by {0} day(s)" ).format(date_diff(due_date, default_due_date))) else: dataent.throw( _("Due / Reference Date cannot be after {0}").format( formatdate(default_due_date)))
def get_permission_query_conditions(user): if not user: user = dataent.session.user if "System Manager" in dataent.get_roles(user): return None else: return """(tabToDo.owner = '{user}' or tabToDo.assigned_by = '{user}')"""\ .format(user=dataent.db.escape(user))
def validate_frozen_accounts_modifier(self): old_value = dataent.db.get_value("Account", self.name, "freeze_account") if old_value and old_value != self.freeze_account: frozen_accounts_modifier = dataent.db.get_value( 'Accounts Settings', None, 'frozen_accounts_modifier') if not frozen_accounts_modifier or \ frozen_accounts_modifier not in dataent.get_roles(): throw(_("You are not authorized to set Frozen value"))
def validate_registerer(): if current_user == 'Administrator': dataent.throw(_('Please login as another user to register on Marketplace')) valid_roles = ['System Manager', 'Item Manager'] if not dataent.utils.is_subset(valid_roles, dataent.get_roles()): dataent.throw(_('Only users with {0} role can register on Marketplace').format(', '.join(valid_roles)), dataent.PermissionError)
def validate_frozen_account(account, adv_adj=None): frozen_account = dataent.db.get_value("Account", account, "freeze_account") if frozen_account == 'Yes' and not adv_adj: frozen_accounts_modifier = dataent.db.get_value( 'Accounts Settings', None, 'frozen_accounts_modifier') if not frozen_accounts_modifier: dataent.throw(_("Account {0} is frozen").format(account)) elif frozen_accounts_modifier not in dataent.get_roles(): dataent.throw(_("Not authorized to edit frozen Account {0}").format(account))
def has_permission(page): if dataent.session.user == "Administrator" or "System Manager" in dataent.get_roles( ): return True page_roles = [d.role for d in page.get("roles")] if page_roles: if dataent.session.user == "Guest" and "Guest" not in page_roles: return False elif not set(page_roles).intersection(set(dataent.get_roles())): # check if roles match return False if not dataent.has_permission("Page", ptype="read", doc=page): # check if there are any user_permissions return False else: # hack for home pages! if no Has Roles, allow everyone to see! return True
def can_export(doctype, raise_exception=False): if not ("System Manager" in dataent.get_roles() or has_permission(doctype, "export")): if raise_exception: raise dataent.PermissionError( "You are not allowed to export: {doctype}".format( doctype=doctype)) else: return False return True
def test_disable_role(self): dataent.get_doc("User", "*****@*****.**").add_roles("_Test Role 3") role = dataent.get_doc("Role", "_Test Role 3") role.disabled = 1 role.save() self.assertTrue("_Test Role 3" not in dataent.get_roles("*****@*****.**")) dataent.get_doc("User", "*****@*****.**").add_roles("_Test Role 3") self.assertTrue("_Test Role 3" not in dataent.get_roles("*****@*****.**")) role = dataent.get_doc("Role", "_Test Role 3") role.disabled = 0 role.save() dataent.get_doc("User", "*****@*****.**").add_roles("_Test Role 3") self.assertTrue("_Test Role 3" in dataent.get_roles("*****@*****.**"))
def get_permlevel_access(self, permission_type='write'): if not hasattr(self, "_has_access_to"): roles = dataent.get_roles() self._has_access_to = [] for perm in self.get_permissions(): if perm.role in roles and perm.permlevel > 0 and perm.get( permission_type): if perm.permlevel not in self._has_access_to: self._has_access_to.append(perm.permlevel) return self._has_access_to
def get_context(context): context.icons = get_user_icons(dataent.session.user) context.user = dataent.session.user if 'System Manager' in dataent.get_roles(): context.users = dataent.db.get_all( 'User', filters={ 'user_type': 'System User', 'enabled': 1 }, fields=['name', 'first_name', 'last_name'])
def load(): if not "System Manager" in dataent.get_roles(): dataent.throw(_("Not permitted"), dataent.PermissionError) all_defaults = dataent.db.get_defaults() defaults = {} for df in dataent.get_meta("System Settings").get("fields"): if df.fieldtype in ("Select", "Data"): defaults[df.fieldname] = all_defaults.get(df.fieldname) return {"timezones": get_all_timezones(), "defaults": defaults}
def check_freezing_date(posting_date, adv_adj=False): """ Nobody can do GL Entries where posting date is before freezing date except authorized person """ if not adv_adj: acc_frozen_upto = dataent.db.get_value('Accounts Settings', None, 'acc_frozen_upto') if acc_frozen_upto: frozen_accounts_modifier = dataent.db.get_value( 'Accounts Settings', None,'frozen_accounts_modifier') if getdate(posting_date) <= getdate(acc_frozen_upto) \ and not frozen_accounts_modifier in dataent.get_roles(): dataent.throw(_("You are not authorized to add or update entries before {0}").format(formatdate(acc_frozen_upto)))
def add_message_to_redis(update_json): # "update-message" will store the update message string # "update-user-set" will be a set of users cache = dataent.cache() cache.set_value("update-info", json.dumps(update_json)) user_list = [ x.name for x in dataent.get_all("User", filters={"enabled": True}) ] system_managers = [ user for user in user_list if 'System Manager' in dataent.get_roles(user) ] cache.sadd("update-user-set", *system_managers)
def get_data(filters, leave_types): user = dataent.session.user allocation_records_based_on_to_date = get_leave_allocation_records( filters.to_date) allocation_records_based_on_from_date = get_leave_allocation_records( filters.from_date) if filters.to_date <= filters.from_date: dataent.throw(_("From date can not be greater than than To date")) active_employees = dataent.get_all( "Employee", filters={ "status": "Active", "company": filters.company }, fields=["name", "employee_name", "department", "user_id"]) data = [] for employee in active_employees: leave_approvers = get_approvers(employee.department) if (len(leave_approvers) and user in leave_approvers) or (user in [ "Administrator", employee.user_id ]) or ("HR Manager" in dataent.get_roles(user)): row = [employee.name, employee.employee_name, employee.department] for leave_type in leave_types: # leaves taken leaves_taken = get_approved_leaves_for_period( employee.name, leave_type, filters.from_date, filters.to_date) # opening balance opening = get_leave_balance_on( employee.name, leave_type, filters.from_date, allocation_records_based_on_to_date.get( employee.name, dataent._dict())) # closing balance closing = get_leave_balance_on( employee.name, leave_type, filters.to_date, allocation_records_based_on_to_date.get( employee.name, dataent._dict())) row += [opening, leaves_taken, closing] data.append(row) return data
def add_sidebar_data(context): from dataent.utils.user import get_fullname_and_avatar import dataent.www.list if context.show_sidebar and context.website_sidebar: context.sidebar_items = dataent.get_all( 'Website Sidebar Item', filters=dict(parent=context.website_sidebar), fields=['title', 'route', '`group`'], order_by='idx asc') if not context.sidebar_items: sidebar_items = dataent.cache().hget('portal_menu_items', dataent.session.user) if sidebar_items == None: sidebar_items = [] roles = dataent.get_roles() portal_settings = dataent.get_doc('Portal Settings', 'Portal Settings') def add_items(sidebar_items, items): for d in items: if d.get('enabled') and ((not d.get('role')) or d.get('role') in roles): sidebar_items.append( d.as_dict() if isinstance(d, Document) else d) if not portal_settings.hide_standard_menu: add_items(sidebar_items, portal_settings.get('menu')) if portal_settings.custom_menu: add_items(sidebar_items, portal_settings.get('custom_menu')) items_via_hooks = dataent.get_hooks('portal_menu_items') if items_via_hooks: for i in items_via_hooks: i['enabled'] = 1 add_items(sidebar_items, items_via_hooks) dataent.cache().hset('portal_menu_items', dataent.session.user, sidebar_items) context.sidebar_items = sidebar_items info = get_fullname_and_avatar(dataent.session.user) context["fullname"] = info.fullname context["user_image"] = info.avatar context["user"] = info.name
def is_permitted(self): """Returns true if Has Role is not set or the user is allowed.""" from dataent.utils import has_common allowed = [d.role for d in dataent.get_all("Has Role", fields=["role"], filters={"parent": self.name})] custom_roles = get_custom_allowed_roles('report', self.name) allowed.extend(custom_roles) if not allowed: return True roles = dataent.get_roles() if has_common(roles, allowed): return True
def can_set_user_permissions(doctype, docname=None): # System Manager can always set user permissions if dataent.session.user == "Administrator" or "System Manager" in dataent.get_roles( ): return True meta = dataent.get_meta(doctype) # check if current user has read permission for docname if docname and not has_permission(doctype, "read", docname): return False # check if current user has a role that can set permission if get_role_permissions(meta).set_user_permissions != 1: return False return True
def generate_keys(user): """ generate api key and api secret :param user: str """ if "System Manager" in dataent.get_roles(): user_details = dataent.get_doc("User", user) api_secret = dataent.generate_hash(length=15) # if api key is not set generate api key if not user_details.api_key: api_key = dataent.generate_hash(length=15) user_details.api_key = api_key user_details.api_secret = api_secret user_details.save() return {"api_secret": api_secret} dataent.throw(dataent._("Not Permitted"), dataent.PermissionError)
def set_default_role(doc, method): '''Set customer, supplier, student, guardian based on email''' if dataent.flags.setting_role or dataent.flags.in_migrate: return roles = dataent.get_roles(doc.name) contact_name = dataent.get_value('Contact', dict(email_id=doc.email)) if contact_name: contact = dataent.get_doc('Contact', contact_name) for link in contact.links: dataent.flags.setting_role = True if link.link_doctype == 'Customer' and 'Customer' not in roles: doc.add_roles('Customer') elif link.link_doctype == 'Supplier' and 'Supplier' not in roles: doc.add_roles('Supplier') elif dataent.get_value('Student', dict( student_email_id=doc.email)) and 'Student' not in roles: doc.add_roles('Student') elif dataent.get_value('Guardian', dict( email_address=doc.email)) and 'Guardian' not in roles: doc.add_roles('Guardian')