Exemple #1
0
    def test_nested_permission(self):
        frappe.set_user('Administrator')
        create_nested_doctype()
        create_nested_doctype_records()
        clear_user_permissions_for_doctype('Nested DocType')

        # user permission for only one root folder
        add_user_permission('Nested DocType', 'Level 1 A', '*****@*****.**')

        from frappe.core.page.permission_manager.permission_manager import update
        # to avoid if_owner filter
        update('Nested DocType', 'All', 0, 'if_owner', 0)

        frappe.set_user('*****@*****.**')
        data = DatabaseQuery('Nested DocType').execute()

        # children of root folder (for which we added user permission) should be accessible
        self.assertTrue({'name': 'Level 2 A'} in data)
        self.assertTrue({'name': 'Level 2 A'} in data)

        # other folders should not be accessible
        self.assertFalse({'name': 'Level 1 B'} in data)
        self.assertFalse({'name': 'Level 2 B'} in data)
        update('Nested DocType', 'All', 0, 'if_owner', 1)
        frappe.set_user('Administrator')
Exemple #2
0
    def test_build_match_conditions(self):
        clear_user_permissions_for_doctype('Blog Post', '*****@*****.**')

        test2user = frappe.get_doc('User', '*****@*****.**')
        test2user.add_roles('Blogger')
        frappe.set_user('*****@*****.**')

        # this will get match conditions for Blog Post
        build_match_conditions = DatabaseQuery(
            'Blog Post').build_match_conditions

        # Before any user permission is applied
        # get as filters
        self.assertEqual(build_match_conditions(as_condition=False), [])
        # get as conditions
        self.assertEqual(build_match_conditions(as_condition=True), "")

        add_user_permission('Blog Post', '-test-blog-post',
                            '*****@*****.**', True)
        add_user_permission('Blog Post', '-test-blog-post-1',
                            '*****@*****.**', True)

        # After applying user permission
        # get as filters
        self.assertTrue(
            {'Blog Post': ['-test-blog-post-1', '-test-blog-post']
             } in build_match_conditions(as_condition=False))
        # get as conditions
        self.assertEqual(
            build_match_conditions(as_condition=True),
            """(((ifnull(`tabBlog Post`.`name`, '')='' or `tabBlog Post`.`name` in ('-test-blog-post-1', '-test-blog-post'))))"""
        )

        frappe.set_user('Administrator')
Exemple #3
0
	def test_nested_permission(self):
		clear_user_permissions_for_doctype("File")
		delete_test_file_hierarchy() # delete already existing folders
		from frappe.core.doctype.file.file import create_new_folder
		frappe.set_user('Administrator')

		create_new_folder('level1-A', 'Home')
		create_new_folder('level2-A', 'Home/level1-A')
		create_new_folder('level2-B', 'Home/level1-A')
		create_new_folder('level3-A', 'Home/level1-A/level2-A')

		create_new_folder('level1-B', 'Home')
		create_new_folder('level2-A', 'Home/level1-B')

		# user permission for only one root folder
		add_user_permission('File', 'Home/level1-A', '*****@*****.**')

		from frappe.core.page.permission_manager.permission_manager import update
		update('File', 'All', 0, 'if_owner', 0) # to avoid if_owner filter

		frappe.set_user('*****@*****.**')
		data = DatabaseQuery("File").execute()

		# children of root folder (for which we added user permission) should be accessible
		self.assertTrue({"name": "Home/level1-A/level2-A"} in data)
		self.assertTrue({"name": "Home/level1-A/level2-B"} in data)
		self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data)

		# other folders should not be accessible
		self.assertFalse({"name": "Home/level1-B"} in data)
		self.assertFalse({"name": "Home/level1-B/level2-B"} in data)
		update('File', 'All', 0, 'if_owner', 1)
		frappe.set_user('Administrator')
Exemple #4
0
def apply_permissions_for_non_standard_user_type(doc, method=None):
	'''Create user permission for the non standard user type'''
	if not frappe.db.table_exists('User Type'):
		return

	user_types = frappe.cache().get_value('non_standard_user_types')

	if not user_types:
		user_types = get_non_standard_user_type_details()

	if not user_types:
		return

	for user_type, data in user_types.items():
		if (not doc.get(data[1]) or doc.doctype != data[0]):
			continue

		if frappe.get_cached_value('User', doc.get(data[1]), 'user_type') != user_type:
			return

		if (doc.get(data[1]) and (not doc._doc_before_save or doc.get(data[1]) != doc._doc_before_save.get(data[1])
			or not frappe.db.get_value('User Permission',
				{'user': doc.get(data[1]), 'allow': data[0], 'for_value': doc.name}, 'name'))):

			perm_data = frappe.db.get_value('User Permission',
				{'allow': doc.doctype, 'for_value': doc.name}, ['name', 'user'])

			if not perm_data:
				user_doc = frappe.get_cached_doc('User', doc.get(data[1]))
				user_doc.set_roles_and_modules_based_on_user_type()
				user_doc.update_children()
				add_user_permission(doc.doctype, doc.name, doc.get(data[1]))
			else:
				frappe.db.set_value('User Permission', perm_data[0], 'user', doc.get(data[1]))
Exemple #5
0
    def update_user_permissions(self):
        if not self.create_user_permission: return
        if not has_permission(
                'User Permission', ptype='write', raise_exception=False):
            return

        employee_user_permission_exists = frappe.db.exists(
            'User Permission', {
                'allow': 'Employee',
                'for_value': self.name,
                'user': self.user_id
            })

        if employee_user_permission_exists: return

        employee_user_permission_exists = frappe.db.exists(
            'User Permission', {
                'allow': 'Employee',
                'for_value': self.name,
                'user': self.user_id
            })

        if employee_user_permission_exists: return

        add_user_permission("Employee", self.name, self.user_id)
        set_user_permission_if_allowed("Company", self.company, self.user_id)
	def test_automatic_apply_user_permissions(self):
		'''Test user permissions are automatically applied when a user permission
		is created'''
		# create a user
		frappe.get_doc(dict(doctype='User', email='*****@*****.**',
			first_name='tester')).insert(ignore_if_duplicate=True)
		frappe.get_doc(dict(doctype='Role', role_name='Test Role User Perm')
			).insert(ignore_if_duplicate=True)

		# add a permission for event
		add_permission('DocType', 'Test Role User Perm')
		frappe.get_doc('User', '*****@*****.**').add_roles('Test Role User Perm')


		# add user permission
		add_user_permission('Module Def', 'Core', '*****@*****.**', True)

		# check if user permission is applied in the new role
		_perm = None
		for perm in get_valid_perms('DocType', '*****@*****.**'):
			if perm.role == 'Test Role User Perm':
				_perm = perm

		self.assertEqual(_perm.apply_user_permissions, 1)

		# restrict by module
		self.assertTrue('Module Def' in json.loads(_perm.user_permission_doctypes))
Exemple #7
0
    def test_nested_permission(self):
        frappe.set_user("Administrator")
        create_nested_doctype()
        create_nested_doctype_records()
        clear_user_permissions_for_doctype("Nested DocType")

        # user permission for only one root folder
        add_user_permission("Nested DocType", "Level 1 A", "*****@*****.**")

        from frappe.core.page.permission_manager.permission_manager import update

        # to avoid if_owner filter
        update("Nested DocType", "All", 0, "if_owner", 0)

        frappe.set_user("*****@*****.**")
        data = DatabaseQuery("Nested DocType").execute()

        # children of root folder (for which we added user permission) should be accessible
        self.assertTrue({"name": "Level 2 A"} in data)
        self.assertTrue({"name": "Level 2 A"} in data)

        # other folders should not be accessible
        self.assertFalse({"name": "Level 1 B"} in data)
        self.assertFalse({"name": "Level 2 B"} in data)
        update("Nested DocType", "All", 0, "if_owner", 1)
        frappe.set_user("Administrator")
	def test_strict_user_permissions(self):
		"""If `Strict User Permissions` is checked in System Settings,
			show records even if User Permissions are missing for a linked
			doctype"""

		frappe.set_user("Administrator")
		frappe.db.sql('delete from tabContact')
		make_test_records_for_doctype('Contact', force=True)

		set_user_permission_doctypes("Contact", role="Sales User",
			apply_user_permissions=1, user_permission_doctypes=['Salutation'])
		set_user_permission_doctypes("Salutation", role="All",
			apply_user_permissions=1, user_permission_doctypes=['Salutation'])

		add_user_permission("Salutation", "Mr", "*****@*****.**")
		self.set_strict_user_permissions(0)

		frappe.set_user("*****@*****.**")
		self.assertEquals(len(frappe.get_list("Contact")), 2)

		frappe.set_user("Administrator")
		self.set_strict_user_permissions(1)

		frappe.set_user("*****@*****.**")
		self.assertTrue(len(frappe.get_list("Contact")), 1)

		frappe.set_user("Administrator")
		self.set_strict_user_permissions(0)
Exemple #9
0
def add(user, defkey, defvalue):
    if not can_set_user_permissions(defkey, defvalue):
        frappe.throw(
            _("Cannot set permission for DocType: {0} and Name: {1}").format(
                defkey, defvalue), frappe.PermissionError)

    add_user_permission(defkey, defvalue, user, with_message=True)
Exemple #10
0
	def test_build_match_conditions(self):
		clear_user_permissions_for_doctype('Blog Post', '*****@*****.**')

		test2user = frappe.get_doc('User', '*****@*****.**')
		test2user.add_roles('Blogger')
		frappe.set_user('*****@*****.**')

		# this will get match conditions for Blog Post
		build_match_conditions = DatabaseQuery('Blog Post').build_match_conditions

		# Before any user permission is applied
		# get as filters
		self.assertEqual(build_match_conditions(as_condition=False), [])
		# get as conditions
		self.assertEqual(build_match_conditions(as_condition=True), "")

		add_user_permission('Blog Post', '-test-blog-post', '*****@*****.**', True)
		add_user_permission('Blog Post', '-test-blog-post-1', '*****@*****.**', True)

		# After applying user permission
		# get as filters
		self.assertTrue({'Blog Post': ['-test-blog-post-1', '-test-blog-post']} in build_match_conditions(as_condition=False))
		# get as conditions
		self.assertEqual(build_match_conditions(as_condition=True),
			"""(((ifnull(`tabBlog Post`.`name`, "")="" or `tabBlog Post`.`name` in ("-test-blog-post-1", "-test-blog-post"))))""")

		frappe.set_user('Administrator')
	def test_strict_user_permissions(self):
		"""If `Strict User Permissions` is checked in System Settings,
			show records even if User Permissions are missing for a linked
			doctype"""

		frappe.set_user("Administrator")
		frappe.db.sql('delete from tabContact')
		make_test_records_for_doctype('Contact', force=True)

		set_user_permission_doctypes("Contact", role="Sales User",
			apply_user_permissions=1, user_permission_doctypes=['Salutation'])
		set_user_permission_doctypes("Salutation", role="All",
			apply_user_permissions=1, user_permission_doctypes=['Salutation'])

		add_user_permission("Salutation", "Mr", "*****@*****.**")
		self.set_strict_user_permissions(0)

		frappe.set_user("*****@*****.**")
		self.assertEquals(len(frappe.get_list("Contact")), 2)

		frappe.set_user("Administrator")
		self.set_strict_user_permissions(1)

		frappe.set_user("*****@*****.**")
		self.assertTrue(len(frappe.get_list("Contact")), 1)

		frappe.set_user("Administrator")
		self.set_strict_user_permissions(0)
	def test_automatic_apply_user_permissions(self):
		'''Test user permissions are automatically applied when a user permission
		is created'''
		# create a user
		frappe.get_doc(dict(doctype='User', email='*****@*****.**',
			first_name='tester')).insert(ignore_if_duplicate=True)
		frappe.get_doc(dict(doctype='Role', role_name='Test Role User Perm')
			).insert(ignore_if_duplicate=True)

		# add a permission for event
		add_permission('DocType', 'Test Role User Perm')
		frappe.get_doc('User', '*****@*****.**').add_roles('Test Role User Perm')


		# add user permission
		add_user_permission('Module Def', 'Core', '*****@*****.**', True)

		# check if user permission is applied in the new role
		_perm = None
		for perm in get_valid_perms('DocType', '*****@*****.**'):
			if perm.role == 'Test Role User Perm':
				_perm = perm

		self.assertEqual(_perm.apply_user_permissions, 1)

		# restrict by module
		self.assertTrue('Module Def' in json.loads(_perm.user_permission_doctypes))
	def test_insert_if_owner_with_user_permissions(self):
		"""If `If Owner` is checked for a Role, check if that document is allowed to be read, updated, submitted, etc. except be created, even if the document is restricted based on User Permissions."""
		frappe.delete_doc('Blog Post', '-test-blog-post-title')

		self.set_user_permission_doctypes(["Blog Category"])
		self.if_owner_setup()

		frappe.set_user("*****@*****.**")

		doc = frappe.get_doc({
			"doctype": "Blog Post",
			"blog_category": "_Test Blog Category",
			"blogger": "_Test Blogger 1",
			"title": "_Test Blog Post Title",
			"content": "_Test Blog Post Content"
		})

		self.assertRaises(frappe.PermissionError, doc.insert)

		frappe.set_user("Administrator")
		add_user_permission("Blog Category", "_Test Blog Category",
			"*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc.insert()

		frappe.set_user("Administrator")
		frappe.permissions.remove_user_permission("Blog Category", "_Test Blog Category",
			"*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc(doc.doctype, doc.name)
		self.assertTrue(doc.has_permission("read"))
		self.assertTrue(doc.has_permission("write"))
		self.assertFalse(doc.has_permission("create"))
	def test_insert_if_owner_with_user_permissions(self):
		"""If `If Owner` is checked for a Role, check if that document is allowed to be read, updated, submitted, etc. except be created, even if the document is restricted based on User Permissions."""
		frappe.delete_doc('Blog Post', '-test-blog-post-title')

		self.set_user_permission_doctypes(["Blog Category"])
		self.if_owner_setup()

		frappe.set_user("*****@*****.**")

		doc = frappe.get_doc({
			"doctype": "Blog Post",
			"blog_category": "_Test Blog Category",
			"blogger": "_Test Blogger 1",
			"title": "_Test Blog Post Title",
			"content": "_Test Blog Post Content"
		})

		self.assertRaises(frappe.PermissionError, doc.insert)

		frappe.set_user("Administrator")
		add_user_permission("Blog Category", "_Test Blog Category",
			"*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc.insert()

		frappe.set_user("Administrator")
		frappe.permissions.remove_user_permission("Blog Category", "_Test Blog Category",
			"*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc(doc.doctype, doc.name)
		self.assertTrue(doc.has_permission("read"))
		self.assertTrue(doc.has_permission("write"))
		self.assertFalse(doc.has_permission("create"))
Exemple #15
0
	def if_owner_setup(self):
		update("Blog Post", "Blogger", 0, "if_owner", 1)

		add_user_permission("Blog Category", "-test-blog-category-1", "*****@*****.**")
		add_user_permission("Blogger", "_Test Blogger 1", "*****@*****.**")

		frappe.clear_cache(doctype="Blog Post")
    def test_default_values(self):
        add_user_permission("Blog Category", "_Test Blog Category 1",
                            "*****@*****.**")

        frappe.set_user("*****@*****.**")
        doc = frappe.new_doc("Blog Post")
        self.assertEqual(doc.get("blog_category"), "_Test Blog Category 1")
Exemple #17
0
    def test_nested_permission(self):
        clear_user_permissions_for_doctype("File")
        delete_test_file_hierarchy()  # delete already existing folders
        from frappe.core.doctype.file.file import create_new_folder
        frappe.set_user('Administrator')

        create_new_folder('level1-A', 'Home')
        create_new_folder('level2-A', 'Home/level1-A')
        create_new_folder('level2-B', 'Home/level1-A')
        create_new_folder('level3-A', 'Home/level1-A/level2-A')

        create_new_folder('level1-B', 'Home')
        create_new_folder('level2-A', 'Home/level1-B')

        # user permission for only one root folder
        add_user_permission('File', 'Home/level1-A', '*****@*****.**')

        from frappe.core.page.permission_manager.permission_manager import update
        update('File', 'All', 0, 'if_owner', 0)  # to avoid if_owner filter

        frappe.set_user('*****@*****.**')
        data = DatabaseQuery("File").execute()

        # children of root folder (for which we added user permission) should be accessible
        self.assertTrue({"name": "Home/level1-A/level2-A"} in data)
        self.assertTrue({"name": "Home/level1-A/level2-B"} in data)
        self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data)

        # other folders should not be accessible
        self.assertFalse({"name": "Home/level1-B"} in data)
        self.assertFalse({"name": "Home/level1-B/level2-B"} in data)
        update('File', 'All', 0, 'if_owner', 1)
        frappe.set_user('Administrator')
Exemple #18
0
	def test_user_permissions_in_report(self):
		add_user_permission("Blog Category", "-test-blog-category-1", "*****@*****.**")

		frappe.set_user("*****@*****.**")
		names = [d.name for d in frappe.get_list("Blog Post", fields=["name", "blog_category"])]

		self.assertTrue("-test-blog-post-1" in names)
		self.assertFalse("-test-blog-post" in names)
Exemple #19
0
	def test_user_permissions_in_report(self):
		add_user_permission("Blog Category", "_Test Blog Category 1", "*****@*****.**")

		frappe.set_user("*****@*****.**")
		names = [d.name for d in frappe.get_list("Blog Post", fields=["name", "blog_category"])]

		self.assertTrue("-test-blog-post-1" in names)
		self.assertFalse("-test-blog-post" in names)
    def if_owner_setup(self):
        update('Blog Post', 'Blogger', 0, 'if_owner', 1)

        add_user_permission("Blog Category", "_Test Blog Category 1",
                            "*****@*****.**")
        add_user_permission("Blogger", "_Test Blogger 1", "*****@*****.**")

        frappe.clear_cache(doctype="Blog Post")
    def test_user_permissions_not_applied_if_user_can_edit_user_permissions(
            self):
        add_user_permission('Blogger', '_Test Blogger 1', '*****@*****.**')

        # [email protected] has rights to create user permissions
        # so it should not matter if explicit user permissions are not set
        self.assertTrue(
            frappe.get_doc('Blogger', '_Test Blogger').has_permission('read'))
Exemple #22
0
	def if_owner_setup(self):
		update('Blog Post', 'Blogger', 0, 'if_owner', 1)

		add_user_permission("Blog Category", "_Test Blog Category 1",
			"*****@*****.**")
		add_user_permission("Blogger", "_Test Blogger 1",
			"*****@*****.**")

		frappe.clear_cache(doctype="Blog Post")
def import_user_permissions():
	frappe.only_for("System Manager")
	rows = read_csv_content_from_uploaded_file(ignore_encoding=True)
	clear_default(parenttype="User Permission")

	if rows[0][0]!="User Permissions" and rows[1][0] != "User":
		frappe.throw(frappe._("Please upload using the same template as download."))

	for row in rows[2:]:
		add_user_permission(row[1], row[2], row[0])
	def if_owner_setup(self):
		update('Blog Post', 'Blogger', 0, 'if_owner', 1)

		add_user_permission("Blog Category", "_Test Blog Category 1",
			"*****@*****.**")
		add_user_permission("Blogger", "_Test Blogger 1",
			"*****@*****.**")

		update('Blog Post', 'Blogger', 0, 'user_permission_doctypes', json.dumps(["Blog Category"]))

		frappe.model.meta.clear_cache("Blog Post")
	def if_owner_setup(self):
		update('Blog Post', 'Blogger', 0, 'if_owner', 1)

		add_user_permission("Blog Category", "_Test Blog Category 1",
			"*****@*****.**")
		add_user_permission("Blogger", "_Test Blogger 1",
			"*****@*****.**")

		update('Blog Post', 'Blogger', 0, 'user_permission_doctypes', json.dumps(["Blog Category"]))

		frappe.model.meta.clear_cache("Blog Post")
Exemple #26
0
	def test_user_permissions_in_doc(self):
		add_user_permission("Blog Category", "-test-blog-category-1", "*****@*****.**")

		frappe.set_user("*****@*****.**")

		post = frappe.get_doc("Blog Post", "-test-blog-post")
		self.assertFalse(post.has_permission("read"))
		self.assertFalse(get_doc_permissions(post).get("read"))

		post1 = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertTrue(post1.has_permission("read"))
		self.assertTrue(get_doc_permissions(post1).get("read"))
Exemple #27
0
	def test_user_permissions_in_doc(self):
		add_user_permission("Blog Category", "_Test Blog Category 1",
			"*****@*****.**")

		frappe.set_user("*****@*****.**")

		post = frappe.get_doc("Blog Post", "-test-blog-post")
		self.assertFalse(post.has_permission("read"))
		self.assertFalse(get_doc_permissions(post).get("read"))

		post1 = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertTrue(post1.has_permission("read"))
		self.assertTrue(get_doc_permissions(post1).get("read"))
Exemple #28
0
	def test_user_permissions_if_applied_on_doc_being_evaluated(self):
		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertTrue(doc.has_permission("read"))

		frappe.set_user("*****@*****.**")
		add_user_permission("Blog Post", "-test-blog-post", "*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertFalse(doc.has_permission("read"))

		doc = frappe.get_doc("Blog Post", "-test-blog-post")
		self.assertTrue(doc.has_permission("read"))
Exemple #29
0
	def test_user_permission_is_not_applied_if_user_roles_does_not_have_permission(self):
		add_user_permission("Blog Post", "-test-blog-post-1", "*****@*****.**")
		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertFalse(doc.has_permission("read"))

		frappe.set_user("Administrator")
		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Blogger")
		frappe.set_user("*****@*****.**")
		self.assertTrue(doc.has_permission("read"))

		frappe.set_user("Administrator")
		user.remove_roles("Blogger")
Exemple #30
0
	def update_user_permissions(self):
		if not self.create_user_permission: return
		if not has_permission('User Permission', ptype='write', raise_exception=False): return

		employee_user_permission_exists = frappe.db.exists('User Permission', {
			'allow': 'Employee',
			'for_value': self.name,
			'user': self.user_id
		})

		if employee_user_permission_exists: return

		add_user_permission("Employee", self.name, self.user_id)
		set_user_permission_if_allowed("Company", self.company, self.user_id)
Exemple #31
0
	def test_user_permissions_if_applied_on_doc_being_evaluated(self):
		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertTrue(doc.has_permission("read"))

		frappe.set_user("*****@*****.**")
		add_user_permission("Blog Post", "-test-blog-post", "*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertFalse(doc.has_permission("read"))

		doc = frappe.get_doc("Blog Post", "-test-blog-post")
		self.assertTrue(doc.has_permission("read"))
Exemple #32
0
	def test_user_permission_is_not_applied_if_user_roles_does_not_have_permission(self):
		add_user_permission('Blog Post', '-test-blog-post-1', '*****@*****.**')
		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertFalse(doc.has_permission("read"))

		frappe.set_user("Administrator")
		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Blogger")
		frappe.set_user("*****@*****.**")
		self.assertTrue(doc.has_permission("read"))

		frappe.set_user("Administrator")
		user.remove_roles("Blogger")
Exemple #33
0
	def test_user_permission_doctypes(self):
		add_user_permission("Blog Category", "-test-blog-category-1", "*****@*****.**")
		add_user_permission("Blogger", "_Test Blogger 1", "*****@*****.**")

		frappe.set_user("*****@*****.**")

		frappe.clear_cache(doctype="Blog Post")

		doc = frappe.get_doc("Blog Post", "-test-blog-post")
		self.assertFalse(doc.has_permission("read"))

		doc = frappe.get_doc("Blog Post", "-test-blog-post-2")
		self.assertTrue(doc.has_permission("read"))

		frappe.clear_cache(doctype="Blog Post")
Exemple #34
0
	def test_default_values(self):
		doc = frappe.new_doc("Blog Post")
		self.assertFalse(doc.get("blog_category"))

		# Fetch default based on single user permission
		add_user_permission("Blog Category", "_Test Blog Category 1", "*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc = frappe.new_doc("Blog Post")
		self.assertEqual(doc.get("blog_category"), "_Test Blog Category 1")

		# Don't fetch default if user permissions is more than 1
		add_user_permission("Blog Category", "_Test Blog Category", "*****@*****.**", ignore_permissions=True)
		frappe.clear_cache()
		doc = frappe.new_doc("Blog Post")
		self.assertFalse(doc.get("blog_category"))
	def test_user_permissions_based_on_blogger(self):
		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertTrue(doc.has_permission("read"))

		self.set_user_permission_doctypes(["Blog Post"])

		frappe.set_user("*****@*****.**")
		add_user_permission("Blog Post", "-test-blog-post", "*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertFalse(doc.has_permission("read"))

		doc = frappe.get_doc("Blog Post", "-test-blog-post")
		self.assertTrue(doc.has_permission("read"))
	def test_user_permissions_based_on_blogger(self):
		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertTrue(doc.has_permission("read"))

		self.set_user_permission_doctypes(["Blog Post"])

		frappe.set_user("*****@*****.**")
		add_user_permission("Blog Post", "-test-blog-post", "*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc = frappe.get_doc("Blog Post", "-test-blog-post-1")
		self.assertFalse(doc.has_permission("read"))

		doc = frappe.get_doc("Blog Post", "-test-blog-post")
		self.assertTrue(doc.has_permission("read"))
Exemple #37
0
	def test_user_permission_doctypes(self):
		add_user_permission("Blog Category", "_Test Blog Category 1",
			"*****@*****.**")
		add_user_permission("Blogger", "_Test Blogger 1",
			"*****@*****.**")

		frappe.set_user("*****@*****.**")

		frappe.clear_cache(doctype="Blog Post")

		doc = frappe.get_doc("Blog Post", "-test-blog-post")
		self.assertFalse(doc.has_permission("read"))

		doc = frappe.get_doc("Blog Post", "-test-blog-post-2")
		self.assertTrue(doc.has_permission("read"))

		frappe.clear_cache(doctype="Blog Post")
Exemple #38
0
def apply_permissions_for_non_standard_user_type(doc, method=None):
    """Create user permission for the non standard user type"""
    if not frappe.db.table_exists("User Type"):
        return

    user_types = frappe.cache().get_value("non_standard_user_types")

    if not user_types:
        user_types = get_non_standard_user_type_details()

    if not user_types:
        return

    for user_type, data in iteritems(user_types):
        if not doc.get(data[1]) or doc.doctype != data[0]:
            continue

        if frappe.get_cached_value("User", doc.get(data[1]),
                                   "user_type") != user_type:
            return

        if doc.get(data[1]) and (
                not doc._doc_before_save
                or doc.get(data[1]) != doc._doc_before_save.get(data[1])
                or not frappe.db.get_value("User Permission", {
                    "user": doc.get(data[1]),
                    "allow": data[0],
                    "for_value": doc.name
                }, "name")):

            perm_data = frappe.db.get_value("User Permission", {
                "allow": doc.doctype,
                "for_value": doc.name
            }, ["name", "user"])

            if not perm_data:
                user_doc = frappe.get_cached_doc("User", doc.get(data[1]))
                user_doc.set_roles_and_modules_based_on_user_type()
                user_doc.update_children()
                add_user_permission(doc.doctype, doc.name, doc.get(data[1]))
            else:
                frappe.db.set_value("User Permission", perm_data[0], "user",
                                    doc.get(data[1]))
Exemple #39
0
    def update_user_permissions(self):
        if not self.create_user_permission:
            return
        if not has_permission(
                "User Permission", ptype="write", raise_exception=False):
            return

        employee_user_permission_exists = frappe.db.exists(
            "User Permission", {
                "allow": "Employee",
                "for_value": self.name,
                "user": self.user_id
            })

        if employee_user_permission_exists:
            return

        add_user_permission("Employee", self.name, self.user_id)
        set_user_permission_if_allowed("Company", self.company, self.user_id)
Exemple #40
0
    def test_default_values(self):
        doc = frappe.new_doc("Blog Post")
        self.assertFalse(doc.get("blog_category"))

        # Fetch default based on single user permission
        add_user_permission("Blog Category", "_Test Blog Category 1",
                            "*****@*****.**")

        frappe.set_user("*****@*****.**")
        doc = frappe.new_doc("Blog Post")
        self.assertEqual(doc.get("blog_category"), "_Test Blog Category 1")

        # Don't fetch default if user permissions is more than 1
        add_user_permission("Blog Category",
                            "_Test Blog Category",
                            "*****@*****.**",
                            ignore_permissions=True)
        frappe.clear_cache()
        doc = frappe.new_doc("Blog Post")
        self.assertFalse(doc.get("blog_category"))
Exemple #41
0
    def test_strict_user_permissions(self):
        """If `Strict User Permissions` is checked in System Settings,
			show records even if User Permissions are missing for a linked
			doctype"""

        frappe.set_user('Administrator')
        frappe.db.sql('DELETE FROM `tabContact`')
        frappe.db.sql('DELETE FROM `tabContact Email`')
        frappe.db.sql('DELETE FROM `tabContact Phone`')

        reset('Salutation')
        reset('Contact')

        make_test_records_for_doctype('Contact', force=True)

        add_user_permission("Salutation", "Mr", "*****@*****.**")
        self.set_strict_user_permissions(0)

        allowed_contact = frappe.get_doc('Contact',
                                         '_Test Contact For _Test Customer')
        other_contact = frappe.get_doc('Contact',
                                       '_Test Contact For _Test Supplier')

        frappe.set_user("*****@*****.**")
        self.assertTrue(allowed_contact.has_permission('read'))
        self.assertTrue(other_contact.has_permission('read'))
        self.assertEqual(len(frappe.get_list("Contact")), 2)

        frappe.set_user("Administrator")
        self.set_strict_user_permissions(1)

        frappe.set_user("*****@*****.**")
        self.assertTrue(allowed_contact.has_permission('read'))
        self.assertFalse(other_contact.has_permission('read'))
        self.assertTrue(len(frappe.get_list("Contact")), 1)

        frappe.set_user("Administrator")
        self.set_strict_user_permissions(0)

        clear_user_permissions_for_doctype("Salutation")
        clear_user_permissions_for_doctype("Contact")
Exemple #42
0
	def test_warehouse_user(self):
		add_user_permission("Warehouse", "_Test Warehouse 1 - _TC", "*****@*****.**")
		add_user_permission("Warehouse", "_Test Warehouse 2 - _TC1", "*****@*****.**")
		add_user_permission("Company", "_Test Company 1", "*****@*****.**")
		test_user = frappe.get_doc("User", "*****@*****.**")
		test_user.add_roles("Sales User", "Sales Manager", "Stock User")
		test_user.remove_roles("Stock Manager", "System Manager")

		frappe.get_doc("User", "*****@*****.**")\
			.add_roles("Sales User", "Sales Manager", "Stock User", "Stock Manager")

		st1 = frappe.copy_doc(test_records[0])
		st1.company = "_Test Company 1"

		frappe.set_user("*****@*****.**")
		st1.get("items")[0].t_warehouse="_Test Warehouse 2 - _TC1"
		self.assertRaises(frappe.PermissionError, st1.insert)

		test_user.add_roles("System Manager")

		frappe.set_user("*****@*****.**")
		st1 = frappe.copy_doc(test_records[0])
		st1.company = "_Test Company 1"
		st1.get("items")[0].t_warehouse="_Test Warehouse 2 - _TC1"
		st1.get("items")[0].expense_account = "Stock Adjustment - _TC1"
		st1.get("items")[0].cost_center = "Main - _TC1"
		st1.set_stock_entry_type()
		st1.insert()
		st1.submit()

		frappe.set_user("Administrator")
		remove_user_permission("Warehouse", "_Test Warehouse 1 - _TC", "*****@*****.**")
		remove_user_permission("Warehouse", "_Test Warehouse 2 - _TC1", "*****@*****.**")
		remove_user_permission("Company", "_Test Company 1", "*****@*****.**")
Exemple #43
0
    def test_contextual_user_permission(self):
        # should be applicable for across all doctypes
        add_user_permission('Blogger', '_Test Blogger', '*****@*****.**')
        # should be applicable only while accessing Blog Post
        add_user_permission('Blogger',
                            '_Test Blogger 1',
                            '*****@*****.**',
                            applicable_for='Blog Post')
        # should be applicable only while accessing User
        add_user_permission('Blogger',
                            '_Test Blogger 2',
                            '*****@*****.**',
                            applicable_for='User')

        posts = frappe.get_all('Blog Post', fields=['name', 'blogger'])

        # Get all posts for admin
        self.assertEqual(len(posts), 4)

        frappe.set_user('*****@*****.**')

        posts = frappe.get_list('Blog Post', fields=['name', 'blogger'])

        # Should get only posts with allowed blogger via user permission
        # only '_Test Blogger', '_Test Blogger 1' are allowed in Blog Post
        self.assertEqual(len(posts), 3)

        for post in posts:
            self.assertIn(
                post.blogger, ['_Test Blogger', '_Test Blogger 1'],
                'A post from {} is not expected.'.format(post.blogger))
Exemple #44
0
	def test_clear_user_permissions(self):
		current_user = frappe.session.user
		frappe.set_user('Administrator')
		clear_user_permissions_for_doctype('Blog Category', '*****@*****.**')
		clear_user_permissions_for_doctype('Blog Post', '*****@*****.**')

		add_user_permission('Blog Post', '-test-blog-post-1', '*****@*****.**')
		add_user_permission('Blog Post', '-test-blog-post-2', '*****@*****.**')
		add_user_permission("Blog Category", '_Test Blog Category 1', '*****@*****.**')

		deleted_user_permission_count = clear_user_permissions('*****@*****.**', 'Blog Post')

		self.assertEqual(deleted_user_permission_count, 2)

		blog_post_user_permission_count = frappe.db.count('User Permission', filters={
			'user': '******',
			'allow': 'Blog Post'
		})

		self.assertEqual(blog_post_user_permission_count, 0)

		blog_category_user_permission_count = frappe.db.count('User Permission', filters={
			'user': '******',
			'allow': 'Blog Category'
		})

		self.assertEqual(blog_category_user_permission_count, 1)

		# reset the user
		frappe.set_user(current_user)
Exemple #45
0
	def test_clear_user_permissions(self):
		current_user = frappe.session.user
		frappe.set_user("Administrator")
		clear_user_permissions_for_doctype("Blog Category", "*****@*****.**")
		clear_user_permissions_for_doctype("Blog Post", "*****@*****.**")

		add_user_permission("Blog Post", "-test-blog-post-1", "*****@*****.**")
		add_user_permission("Blog Post", "-test-blog-post-2", "*****@*****.**")
		add_user_permission("Blog Category", "-test-blog-category-1", "*****@*****.**")

		deleted_user_permission_count = clear_user_permissions("*****@*****.**", "Blog Post")

		self.assertEqual(deleted_user_permission_count, 2)

		blog_post_user_permission_count = frappe.db.count(
			"User Permission", filters={"user": "******", "allow": "Blog Post"}
		)

		self.assertEqual(blog_post_user_permission_count, 0)

		blog_category_user_permission_count = frappe.db.count(
			"User Permission", filters={"user": "******", "allow": "Blog Category"}
		)

		self.assertEqual(blog_category_user_permission_count, 1)

		# reset the user
		frappe.set_user(current_user)
Exemple #46
0
	def test_contextual_user_permission(self):
		# should be applicable for across all doctypes
		add_user_permission("Blogger", "_Test Blogger", "*****@*****.**")
		# should be applicable only while accessing Blog Post
		add_user_permission(
			"Blogger", "_Test Blogger 1", "*****@*****.**", applicable_for="Blog Post"
		)
		# should be applicable only while accessing User
		add_user_permission("Blogger", "_Test Blogger 2", "*****@*****.**", applicable_for="User")

		posts = frappe.get_all("Blog Post", fields=["name", "blogger"])

		# Get all posts for admin
		self.assertEqual(len(posts), 4)

		frappe.set_user("*****@*****.**")

		posts = frappe.get_list("Blog Post", fields=["name", "blogger"])

		# Should get only posts with allowed blogger via user permission
		# only '_Test Blogger', '_Test Blogger 1' are allowed in Blog Post
		self.assertEqual(len(posts), 3)

		for post in posts:
			self.assertIn(
				post.blogger,
				["_Test Blogger", "_Test Blogger 1"],
				"A post from {} is not expected.".format(post.blogger),
			)
Exemple #47
0
	def test_ignore_user_permissions_if_missing(self):
		"""If there are no user permissions, then allow as per role"""

		add_user_permission("Blog Category", "_Test Blog Category",
			"*****@*****.**")
		frappe.set_user("*****@*****.**")

		doc = frappe.get_doc({
			"doctype": "Blog Post",
			"blog_category": "_Test Blog Category 2",
			"blogger": "_Test Blogger 1",
			"title": "_Test Blog Post Title",
			"content": "_Test Blog Post Content"
		})

		self.assertFalse(doc.has_permission("write"))

		frappe.set_user("Administrator")
		remove_user_permission("Blog Category", "_Test Blog Category",
			"*****@*****.**")

		frappe.set_user("*****@*****.**")
		self.assertTrue(doc.has_permission('write'))
Exemple #48
0
	def test_strict_user_permissions(self):
		"""If `Strict User Permissions` is checked in System Settings,
			show records even if User Permissions are missing for a linked
			doctype"""

		frappe.set_user('Administrator')
		frappe.db.sql('delete from tabContact')

		reset('Salutation')
		reset('Contact')

		make_test_records_for_doctype('Contact', force=True)

		add_user_permission("Salutation", "Mr", "*****@*****.**")
		self.set_strict_user_permissions(0)

		allowed_contact = frappe.get_doc('Contact', '_Test Contact for _Test Customer')
		other_contact = frappe.get_doc('Contact', '_Test Contact for _Test Supplier')

		frappe.set_user("*****@*****.**")
		self.assertTrue(allowed_contact.has_permission('read'))
		self.assertTrue(other_contact.has_permission('read'))
		self.assertEqual(len(frappe.get_list("Contact")), 2)

		frappe.set_user("Administrator")
		self.set_strict_user_permissions(1)

		frappe.set_user("*****@*****.**")
		self.assertTrue(allowed_contact.has_permission('read'))
		self.assertFalse(other_contact.has_permission('read'))
		self.assertTrue(len(frappe.get_list("Contact")), 1)

		frappe.set_user("Administrator")
		self.set_strict_user_permissions(0)

		clear_user_permissions_for_doctype("Salutation")
		clear_user_permissions_for_doctype("Contact")
Exemple #49
0
	def test_contextual_user_permission(self):
		# should be applicable for across all doctypes
		add_user_permission('Blogger', '_Test Blogger', '*****@*****.**')
		# should be applicable only while accessing Blog Post
		add_user_permission('Blogger', '_Test Blogger 1', '*****@*****.**', applicable_for='Blog Post')
		# should be applicable only while accessing User
		add_user_permission('Blogger', '_Test Blogger 2', '*****@*****.**', applicable_for='User')

		posts = frappe.get_all('Blog Post', fields=['name', 'blogger'])

		# Get all posts for admin
		self.assertEqual(len(posts), 4)

		frappe.set_user('*****@*****.**')

		posts = frappe.get_list('Blog Post', fields=['name', 'blogger'])

		# Should get only posts with allowed blogger via user permission
		# only '_Test Blogger', '_Test Blogger 1' are allowed in Blog Post
		self.assertEqual(len(posts), 3)

		for post in posts:
			self.assertIn(post.blogger, ['_Test Blogger', '_Test Blogger 1'], 'A post from {} is not expected.'.format(post.blogger))
Exemple #50
0
	def test_set_user_permissions(self):
		frappe.set_user("*****@*****.**")
		add_user_permission("Blog Post", "-test-blog-post", "*****@*****.**")
	def test_default_values(self):
		add_user_permission("Blog Category", "_Test Blog Category 1", "*****@*****.**")

		frappe.set_user("*****@*****.**")
		doc = frappe.new_doc("Blog Post")
		self.assertEquals(doc.get("blog_category"), "_Test Blog Category 1")
Exemple #52
0
	def update_user_permissions(self):
		if not self.create_user_permission: return
		if not has_permission('User Permission', ptype='write'): return

		add_user_permission("Employee", self.name, self.user_id)
		set_user_permission_if_allowed("Company", self.company, self.user_id)
Exemple #53
0
	def test_user_permissions_not_applied_if_user_can_edit_user_permissions(self):
		add_user_permission('Blogger', '_Test Blogger 1', '*****@*****.**')

		# [email protected] has rights to create user permissions
		# so it should not matter if explicit user permissions are not set
		self.assertTrue(frappe.get_doc('Blogger', '_Test Blogger').has_permission('read'))