def test_nested_permission(self):
clear_user_permissions_for_doctype("File")
delete_test_file_hierarchy() # delete already existing folders
from dataent.core.doctype.file.file import create_new_folder
dataent.set_user('Administrator')
create_new_folder('level1-A', 'Home')
create_new_folder('level2-A', 'Home/level1-A')
create_new_folder('level2-B', 'Home/level1-A')
create_new_folder('level3-A', 'Home/level1-A/level2-A')
create_new_folder('level1-B', 'Home')
create_new_folder('level2-A', 'Home/level1-B')
# user permission for only one root folder
add_user_permission('File', 'Home/level1-A', '*****@*****.**')
from dataent.core.page.permission_manager.permission_manager import update
update('File', 'All', 0, 'if_owner', 0) # to avoid if_owner filter
dataent.set_user('*****@*****.**')
data = DatabaseQuery("File").execute()
# children of root folder (for which we added user permission) should be accessible
self.assertTrue({"name": "Home/level1-A/level2-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-B"} in data)
self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data)
# other folders should not be accessible
self.assertFalse({"name": "Home/level1-B"} in data)
self.assertFalse({"name": "Home/level1-B/level2-B"} in data)
update('File', 'All', 0, 'if_owner', 1)
dataent.set_user('Administrator')
def test_build_match_conditions(self):
clear_user_permissions_for_doctype('Blog Post', '*****@*****.**')
test2user = dataent.get_doc('User', '*****@*****.**')
test2user.add_roles('Blogger')
dataent.set_user('*****@*****.**')
# this will get match conditions for Blog Post
build_match_conditions = DatabaseQuery(
'Blog Post').build_match_conditions
# Before any user permission is applied
# get as filters
self.assertEqual(build_match_conditions(as_condition=False), [])
# get as conditions
self.assertEqual(build_match_conditions(as_condition=True), "")
add_user_permission('Blog Post', '-test-blog-post',
'*****@*****.**', True)
add_user_permission('Blog Post', '-test-blog-post-1',
'*****@*****.**', True)
# After applying user permission
# get as filters
self.assertTrue(
{'Blog Post': ['-test-blog-post-1', '-test-blog-post']
} in build_match_conditions(as_condition=False))
# get as conditions
self.assertEqual(
build_match_conditions(as_condition=True),
"""(((ifnull(`tabBlog Post`.`name`, "")="" or `tabBlog Post`.`name` in ("-test-blog-post-1", "-test-blog-post"))))"""
)
dataent.set_user('Administrator')
def tearDown(self):
dataent.set_user("Administrator")
dataent.db.set_value("Blogger", "_Test Blogger 1", "user", None)
clear_user_permissions_for_doctype("Blog Category")
clear_user_permissions_for_doctype("Blog Post")
clear_user_permissions_for_doctype("Blogger")
def test_clear_user_permissions(self):
current_user = dataent.session.user
dataent.set_user('Administrator')
clear_user_permissions_for_doctype('Blog Category',
'*****@*****.**')
clear_user_permissions_for_doctype('Blog Post', '*****@*****.**')
add_user_permission('Blog Post', '-test-blog-post-1',
'*****@*****.**')
add_user_permission('Blog Post', '-test-blog-post-2',
'*****@*****.**')
add_user_permission("Blog Category", '_Test Blog Category 1',
'*****@*****.**')
deleted_user_permission_count = clear_user_permissions(
'*****@*****.**', 'Blog Post')
self.assertEqual(deleted_user_permission_count, 2)
blog_post_user_permission_count = dataent.db.count(
'User Permission',
filters={
'user': '******',
'allow': 'Blog Post'
})
self.assertEqual(blog_post_user_permission_count, 0)
blog_category_user_permission_count = dataent.db.count(
'User Permission',
filters={
'user': '******',
'allow': 'Blog Category'
})
self.assertEqual(blog_category_user_permission_count, 1)
# reset the user
dataent.set_user(current_user)
def test_strict_user_permissions(self):
"""If `Strict User Permissions` is checked in System Settings,
show records even if User Permissions are missing for a linked
doctype"""
dataent.set_user('Administrator')
dataent.db.sql('delete from tabContact')
reset('Salutation')
reset('Contact')
make_test_records_for_doctype('Contact', force=True)
add_user_permission("Salutation", "Mr", "*****@*****.**")
self.set_strict_user_permissions(0)
allowed_contact = dataent.get_doc('Contact',
'_Test Contact for _Test Customer')
other_contact = dataent.get_doc('Contact',
'_Test Contact for _Test Supplier')
dataent.set_user("*****@*****.**")
self.assertTrue(allowed_contact.has_permission('read'))
self.assertTrue(other_contact.has_permission('read'))
self.assertEqual(len(dataent.get_list("Contact")), 2)
dataent.set_user("Administrator")
self.set_strict_user_permissions(1)
dataent.set_user("*****@*****.**")
self.assertTrue(allowed_contact.has_permission('read'))
self.assertFalse(other_contact.has_permission('read'))
self.assertTrue(len(dataent.get_list("Contact")), 1)
dataent.set_user("Administrator")
self.set_strict_user_permissions(0)
clear_user_permissions_for_doctype("Salutation")
clear_user_permissions_for_doctype("Contact")
def test_block_list(self):
self._clear_roles()
from dataent.utils.user import add_role
add_role("*****@*****.**", "HR User")
clear_user_permissions_for_doctype("Employee")
dataent.db.set_value("Department", "_Test Department - _TC",
"leave_block_list", "_Test Leave Block List")
make_allocation_record()
application = self.get_application(_test_records[0])
application.insert()
application.status = "Approved"
self.assertRaises(LeaveDayBlockedError, application.submit)
dataent.set_user("*****@*****.**")
# clear other applications
dataent.db.sql("delete from `tabLeave Application`")
application = self.get_application(_test_records[0])
self.assertTrue(application.insert())
def test_of_not_of_descendant_ancestors(self):
clear_user_permissions_for_doctype("File")
delete_test_file_hierarchy() # delete already existing folders
from dataent.core.doctype.file.file import create_new_folder
create_new_folder('level1-A', 'Home')
create_new_folder('level2-A', 'Home/level1-A')
create_new_folder('level2-B', 'Home/level1-A')
create_new_folder('level3-A', 'Home/level1-A/level2-A')
create_new_folder('level1-B', 'Home')
create_new_folder('level2-A', 'Home/level1-B')
# in descendants filter
data = dataent.get_all(
'File', {'name': ('descendants of', 'Home/level1-A/level2-A')})
self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data)
data = dataent.get_all('File',
{'name': ('descendants of', 'Home/level1-A')})
self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-B"} in data)
self.assertFalse({"name": "Home/level1-B"} in data)
self.assertFalse({"name": "Home/level1-A"} in data)
self.assertFalse({"name": "Home"} in data)
# in ancestors of filter
data = dataent.get_all(
'File', {'name': ('ancestors of', 'Home/level1-A/level2-A')})
self.assertFalse({"name": "Home/level1-A/level2-A/level3-A"} in data)
self.assertFalse({"name": "Home/level1-A/level2-A"} in data)
self.assertFalse({"name": "Home/level1-A/level2-B"} in data)
self.assertFalse({"name": "Home/level1-B"} in data)
self.assertTrue({"name": "Home/level1-A"} in data)
self.assertTrue({"name": "Home"} in data)
data = dataent.get_all('File',
{'name': ('ancestors of', 'Home/level1-A')})
self.assertFalse({"name": "Home/level1-A/level2-A/level3-A"} in data)
self.assertFalse({"name": "Home/level1-A/level2-A"} in data)
self.assertFalse({"name": "Home/level1-A/level2-B"} in data)
self.assertFalse({"name": "Home/level1-B"} in data)
self.assertFalse({"name": "Home/level1-A"} in data)
self.assertTrue({"name": "Home"} in data)
# not descendants filter
data = dataent.get_all(
'File', {'name': ('not descendants of', 'Home/level1-A/level2-A')})
self.assertFalse({"name": "Home/level1-A/level2-A/level3-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-B"} in data)
self.assertTrue({"name": "Home/level1-A"} in data)
self.assertTrue({"name": "Home"} in data)
data = dataent.get_all(
'File', {'name': ('not descendants of', 'Home/level1-A')})
self.assertFalse({"name": "Home/level1-A/level2-A/level3-A"} in data)
self.assertFalse({"name": "Home/level1-A/level2-A"} in data)
self.assertFalse({"name": "Home/level1-A/level2-B"} in data)
self.assertTrue({"name": "Home/level1-B"} in data)
self.assertTrue({"name": "Home/level1-A"} in data)
self.assertTrue({"name": "Home"} in data)
# not ancestors of filter
data = dataent.get_all(
'File', {'name': ('not ancestors of', 'Home/level1-A/level2-A')})
self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-B"} in data)
self.assertTrue({"name": "Home/level1-B"} in data)
self.assertTrue({"name": "Home/level1-A"} not in data)
self.assertTrue({"name": "Home"} not in data)
data = dataent.get_all('File',
{'name': ('not ancestors of', 'Home/level1-A')})
self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-A"} in data)
self.assertTrue({"name": "Home/level1-A/level2-B"} in data)
self.assertTrue({"name": "Home/level1-B"} in data)
self.assertTrue({"name": "Home/level1-A"} in data)
self.assertFalse({"name": "Home"} in data)
data = dataent.get_all('File', {'name': ('ancestors of', 'Home')})
self.assertTrue(len(data) == 0)
self.assertTrue(
len(dataent.get_all('File', {'name': (
'not ancestors of', 'Home')})) == len(dataent.get_all('File')))