def check_stock_frozen_date(self):
stock_frozen_upto = dataent.db.get_value('Stock Settings', None,
'stock_frozen_upto') or ''
if stock_frozen_upto:
stock_auth_role = dataent.db.get_value('Stock Settings', None,
'stock_auth_role')
if getdate(self.posting_date) <= getdate(
stock_frozen_upto
) and not stock_auth_role in dataent.get_roles():
dataent.throw(
_("Stock transactions before {0} are frozen").format(
formatdate(stock_frozen_upto)), StockFreezeError)
stock_frozen_upto_days = int(
dataent.db.get_value('Stock Settings', None,
'stock_frozen_upto_days') or 0)
if stock_frozen_upto_days:
stock_auth_role = dataent.db.get_value('Stock Settings', None,
'stock_auth_role')
older_than_x_days_ago = (add_days(getdate(
self.posting_date), stock_frozen_upto_days) <= date.today())
if older_than_x_days_ago and not stock_auth_role in dataent.get_roles(
):
dataent.throw(
_("Not allowed to update stock transactions older than {0}"
).format(stock_frozen_upto_days), StockFreezeError)
def get_expiry_message():
if "System Manager" not in dataent.get_roles():
return ""
limits = get_limits()
if not limits.expiry:
return ""
expires_on = getdate(get_limits().get("expiry"))
today = now_datetime().date()
message = ""
if today > expires_on:
message = _("Your subscription has expired.")
else:
days_to_expiry = (expires_on - today).days
if days_to_expiry == 0:
message = _("Your subscription will expire today.")
elif days_to_expiry == 1:
message = _("Your subscription will expire tomorrow.")
elif days_to_expiry <= EXPIRY_WARNING_DAYS:
message = _("Your subscription will expire on {0}.").format(
formatdate(expires_on))
if message and limits.upgrade_url:
upgrade_link = get_upgrade_link(limits.upgrade_url)
message += ' ' + _('To renew, {0}.').format(upgrade_link)
return message
def get_role_permissions(doctype_meta, user=None):
"""
Returns dict of evaluated role permissions like
{
"read": 1,
"write": 0,
// if "if_owner" is enabled
"if_owner":
{
"read": 1,
"write": 0
}
}
"""
if isinstance(doctype_meta, string_types):
doctype_meta = dataent.get_meta(
doctype_meta) # assuming doctype name was passed
if not user: user = dataent.session.user
cache_key = (doctype_meta.name, user)
if user == 'Administrator':
return allow_everything()
if not dataent.local.role_permissions.get(cache_key):
perms = dataent._dict(if_owner={})
roles = dataent.get_roles(user)
def is_perm_applicable(perm):
return perm.role in roles and cint(perm.permlevel) == 0
def has_permission_without_if_owner_enabled(ptype):
return any(
p.get(ptype, 0) and not p.get('if_owner', 0)
for p in applicable_permissions)
applicable_permissions = list(
filter(is_perm_applicable, getattr(doctype_meta, 'permissions',
[])))
has_if_owner_enabled = any(
p.get('if_owner', 0) for p in applicable_permissions)
for ptype in rights:
pvalue = any(p.get(ptype, 0) for p in applicable_permissions)
# check if any perm object allows perm type
perms[ptype] = cint(pvalue)
if (pvalue and has_if_owner_enabled
and not has_permission_without_if_owner_enabled(ptype)
and ptype != 'create'):
perms['if_owner'][ptype] = 1
# has no access if not owner
# only provide read access so that user is able to at-least access list
# (and the documents will be filtered based on owner sin further checks)
perms[ptype] = 1 if ptype == 'read' else 0
dataent.local.role_permissions[cache_key] = perms
return dataent.local.role_permissions[cache_key]
def get_transitions(doc, workflow = None):
'''Return list of possible transitions for the given doc'''
doc = dataent.get_doc(dataent.parse_json(doc))
if doc.is_new():
return []
dataent.has_permission(doc, 'read', throw=True)
roles = dataent.get_roles()
if not workflow:
workflow = get_workflow(doc.doctype)
current_state = doc.get(workflow.workflow_state_field)
if not current_state:
dataent.throw(_('Workflow State not set'), WorkflowStateError)
transitions = []
for transition in workflow.transitions:
if transition.state == current_state and transition.allowed in roles:
if transition.condition:
# if condition, evaluate
# access to dataent.db.get_value and dataent.db.get_list
success = dataent.safe_eval(transition.condition,
dict(dataent = dataent._dict(
db = dataent._dict(get_value = dataent.db.get_value, get_list=dataent.db.get_list),
session = dataent.session
)),
dict(doc = doc))
if not success:
continue
transitions.append(transition.as_dict())
return transitions
def bifurcate_based_on_type(self, doctype_name, total, av_dis, based_on,
doc_obj, val, company):
add_cond = ''
auth_value = av_dis
if val == 1:
add_cond += " and system_user = '******'user'].replace(
"'", "\\'") + "'"
elif val == 2:
add_cond += " and system_role IN %s" % (
"('" + "','".join(dataent.get_roles()) + "')")
else:
add_cond += " and ifnull(system_user,'') = '' and ifnull(system_role,'') = ''"
if based_on == 'Grand Total': auth_value = total
elif based_on == 'Customerwise Discount':
if doc_obj:
if doc_obj.doctype == 'Sales Invoice':
customer = doc_obj.customer
else:
customer = doc_obj.customer_name
add_cond = " and master_name = '" + cstr(customer).replace(
"'", "\\'") + "'"
if based_on == 'Itemwise Discount':
if doc_obj:
for t in doc_obj.get("items"):
self.validate_auth_rule(doctype_name,
t.discount_percentage, based_on,
add_cond, company, t.item_code)
else:
self.validate_auth_rule(doctype_name, auth_value, based_on,
add_cond, company)
def validate_party_frozen_disabled(party_type, party_name):
if party_type and party_name:
if party_type in ("Customer", "Supplier"):
party = dataent.get_cached_value(party_type,
party_name,
["is_frozen", "disabled"],
as_dict=True)
if party.disabled:
dataent.throw(
_("{0} {1} is disabled").format(party_type, party_name),
PartyDisabled)
elif party.get("is_frozen"):
frozen_accounts_modifier = dataent.db.get_single_value(
'Accounts Settings', 'frozen_accounts_modifier')
if not frozen_accounts_modifier in dataent.get_roles():
dataent.throw(
_("{0} {1} is frozen").format(party_type, party_name),
PartyFrozen)
elif party_type == "Employee":
if dataent.db.get_value("Employee", party_name,
"status") == "Left":
dataent.msgprint(_("{0} {1} is not active").format(
party_type, party_name),
alert=True)
def get_events(start, end, filters=None):
events = []
employee = dataent.db.get_value("Employee",
{"user_id": dataent.session.user},
["name", "company"],
as_dict=True)
if employee:
employee, company = employee.name, employee.company
else:
employee = ''
company = dataent.db.get_value("Global Defaults", None,
"default_company")
from dataent.desk.reportview import get_filters_cond
conditions = get_filters_cond("Leave Application", filters, [])
# show department leaves for employee
if "Employee" in dataent.get_roles():
add_department_leaves(events, start, end, employee, company)
add_leaves(events, start, end, conditions)
add_block_dates(events, start, end, employee, company)
add_holidays(events, start, end, employee, company)
return events
def compare_expense_with_budget(args,
budget_amount,
action_for,
action,
budget_against,
amount=0):
actual_expense = amount or get_actual_expense(args)
if actual_expense > budget_amount:
diff = actual_expense - budget_amount
currency = dataent.get_cached_value('Company', args.company,
'default_currency')
msg = _(
"{0} Budget for Account {1} against {2} {3} is {4}. It will exceed by {5}"
).format(_(action_for), dataent.bold(args.account),
args.budget_against_field, dataent.bold(budget_against),
dataent.bold(fmt_money(budget_amount, currency=currency)),
dataent.bold(fmt_money(diff, currency=currency)))
if (dataent.flags.exception_approver_role
and dataent.flags.exception_approver_role in dataent.get_roles(
dataent.session.user)):
action = "Warn"
if action == "Stop":
dataent.throw(msg, BudgetError)
else:
dataent.msgprint(msg, indicator='orange')
def onload(self):
frozen_accounts_modifier = dataent.db.get_value(
"Accounts Settings", "Accounts Settings",
"frozen_accounts_modifier")
if not frozen_accounts_modifier or frozen_accounts_modifier in dataent.get_roles(
):
self.set_onload("can_freeze_account", True)
def get_customers_suppliers(doctype, user):
customers = []
suppliers = []
meta = dataent.get_meta(doctype)
if has_common(["Supplier", "Customer"], dataent.get_roles(user)):
contacts = dataent.db.sql("""
select
`tabContact`.email_id,
`tabDynamic Link`.link_doctype,
`tabDynamic Link`.link_name
from
`tabContact`, `tabDynamic Link`
where
`tabContact`.name=`tabDynamic Link`.parent and `tabContact`.email_id =%s
""",
user,
as_dict=1)
customers = [c.link_name for c in contacts if c.link_doctype == 'Customer'] \
if meta.get_field("customer") else None
suppliers = [c.link_name for c in contacts if c.link_doctype == 'Supplier'] \
if meta.get_field("supplier") else None
elif dataent.has_permission(doctype, 'read', user=user):
customers = [customer.name for customer in dataent.get_list("Customer")] \
if meta.get_field("customer") else None
suppliers = [supplier.name for supplier in dataent.get_list("Customer")] \
if meta.get_field("supplier") else None
return customers, suppliers
def _get_home_page():
home_page = None
get_website_user_home_page = dataent.get_hooks(
'get_website_user_home_page')
if get_website_user_home_page:
home_page = dataent.get_attr(get_website_user_home_page[-1])(
dataent.session.user)
if not home_page:
role_home_page = dataent.get_hooks("role_home_page")
if role_home_page:
for role in dataent.get_roles():
if role in role_home_page:
home_page = role_home_page[role][-1]
break
if not home_page:
home_page = dataent.get_hooks("home_page")
if home_page:
home_page = home_page[-1]
if not home_page:
home_page = dataent.db.get_value("Website Settings", None,
"home_page") or "login"
home_page = home_page.strip('/')
return home_page
def validate_due_date(posting_date,
due_date,
party_type,
party,
company=None,
bill_date=None,
template_name=None):
if getdate(due_date) < getdate(posting_date):
dataent.throw(
_("Due Date cannot be before Posting / Supplier Invoice Date"))
else:
if not template_name: return
default_due_date = get_due_date_from_template(
template_name, posting_date, bill_date).strftime("%Y-%m-%d")
if not default_due_date:
return
if default_due_date != posting_date and getdate(due_date) > getdate(
default_due_date):
is_credit_controller = dataent.db.get_single_value(
"Accounts Settings",
"credit_controller") in dataent.get_roles()
if is_credit_controller:
msgprint(
_("Note: Due / Reference Date exceeds allowed customer credit days by {0} day(s)"
).format(date_diff(due_date, default_due_date)))
else:
dataent.throw(
_("Due / Reference Date cannot be after {0}").format(
formatdate(default_due_date)))
def get_permission_query_conditions(user):
if not user: user = dataent.session.user
if "System Manager" in dataent.get_roles(user):
return None
else:
return """(tabToDo.owner = '{user}' or tabToDo.assigned_by = '{user}')"""\
.format(user=dataent.db.escape(user))
def validate_frozen_accounts_modifier(self):
old_value = dataent.db.get_value("Account", self.name,
"freeze_account")
if old_value and old_value != self.freeze_account:
frozen_accounts_modifier = dataent.db.get_value(
'Accounts Settings', None, 'frozen_accounts_modifier')
if not frozen_accounts_modifier or \
frozen_accounts_modifier not in dataent.get_roles():
throw(_("You are not authorized to set Frozen value"))
def validate_registerer():
if current_user == 'Administrator':
dataent.throw(_('Please login as another user to register on Marketplace'))
valid_roles = ['System Manager', 'Item Manager']
if not dataent.utils.is_subset(valid_roles, dataent.get_roles()):
dataent.throw(_('Only users with {0} role can register on Marketplace').format(', '.join(valid_roles)),
dataent.PermissionError)
def validate_frozen_account(account, adv_adj=None):
frozen_account = dataent.db.get_value("Account", account, "freeze_account")
if frozen_account == 'Yes' and not adv_adj:
frozen_accounts_modifier = dataent.db.get_value( 'Accounts Settings', None,
'frozen_accounts_modifier')
if not frozen_accounts_modifier:
dataent.throw(_("Account {0} is frozen").format(account))
elif frozen_accounts_modifier not in dataent.get_roles():
dataent.throw(_("Not authorized to edit frozen Account {0}").format(account))
def has_permission(page):
if dataent.session.user == "Administrator" or "System Manager" in dataent.get_roles(
):
return True
page_roles = [d.role for d in page.get("roles")]
if page_roles:
if dataent.session.user == "Guest" and "Guest" not in page_roles:
return False
elif not set(page_roles).intersection(set(dataent.get_roles())):
# check if roles match
return False
if not dataent.has_permission("Page", ptype="read", doc=page):
# check if there are any user_permissions
return False
else:
# hack for home pages! if no Has Roles, allow everyone to see!
return True
def can_export(doctype, raise_exception=False):
if not ("System Manager" in dataent.get_roles()
or has_permission(doctype, "export")):
if raise_exception:
raise dataent.PermissionError(
"You are not allowed to export: {doctype}".format(
doctype=doctype))
else:
return False
return True
def test_disable_role(self):
dataent.get_doc("User", "*****@*****.**").add_roles("_Test Role 3")
role = dataent.get_doc("Role", "_Test Role 3")
role.disabled = 1
role.save()
self.assertTrue("_Test Role 3" not in dataent.get_roles("*****@*****.**"))
dataent.get_doc("User", "*****@*****.**").add_roles("_Test Role 3")
self.assertTrue("_Test Role 3" not in dataent.get_roles("*****@*****.**"))
role = dataent.get_doc("Role", "_Test Role 3")
role.disabled = 0
role.save()
dataent.get_doc("User", "*****@*****.**").add_roles("_Test Role 3")
self.assertTrue("_Test Role 3" in dataent.get_roles("*****@*****.**"))
def get_permlevel_access(self, permission_type='write'):
if not hasattr(self, "_has_access_to"):
roles = dataent.get_roles()
self._has_access_to = []
for perm in self.get_permissions():
if perm.role in roles and perm.permlevel > 0 and perm.get(
permission_type):
if perm.permlevel not in self._has_access_to:
self._has_access_to.append(perm.permlevel)
return self._has_access_to
def get_context(context):
context.icons = get_user_icons(dataent.session.user)
context.user = dataent.session.user
if 'System Manager' in dataent.get_roles():
context.users = dataent.db.get_all(
'User',
filters={
'user_type': 'System User',
'enabled': 1
},
fields=['name', 'first_name', 'last_name'])
def load():
if not "System Manager" in dataent.get_roles():
dataent.throw(_("Not permitted"), dataent.PermissionError)
all_defaults = dataent.db.get_defaults()
defaults = {}
for df in dataent.get_meta("System Settings").get("fields"):
if df.fieldtype in ("Select", "Data"):
defaults[df.fieldname] = all_defaults.get(df.fieldname)
return {"timezones": get_all_timezones(), "defaults": defaults}
def check_freezing_date(posting_date, adv_adj=False):
"""
Nobody can do GL Entries where posting date is before freezing date
except authorized person
"""
if not adv_adj:
acc_frozen_upto = dataent.db.get_value('Accounts Settings', None, 'acc_frozen_upto')
if acc_frozen_upto:
frozen_accounts_modifier = dataent.db.get_value( 'Accounts Settings', None,'frozen_accounts_modifier')
if getdate(posting_date) <= getdate(acc_frozen_upto) \
and not frozen_accounts_modifier in dataent.get_roles():
dataent.throw(_("You are not authorized to add or update entries before {0}").format(formatdate(acc_frozen_upto)))
def add_message_to_redis(update_json):
# "update-message" will store the update message string
# "update-user-set" will be a set of users
cache = dataent.cache()
cache.set_value("update-info", json.dumps(update_json))
user_list = [
x.name for x in dataent.get_all("User", filters={"enabled": True})
]
system_managers = [
user for user in user_list
if 'System Manager' in dataent.get_roles(user)
]
cache.sadd("update-user-set", *system_managers)
def get_data(filters, leave_types):
user = dataent.session.user
allocation_records_based_on_to_date = get_leave_allocation_records(
filters.to_date)
allocation_records_based_on_from_date = get_leave_allocation_records(
filters.from_date)
if filters.to_date <= filters.from_date:
dataent.throw(_("From date can not be greater than than To date"))
active_employees = dataent.get_all(
"Employee",
filters={
"status": "Active",
"company": filters.company
},
fields=["name", "employee_name", "department", "user_id"])
data = []
for employee in active_employees:
leave_approvers = get_approvers(employee.department)
if (len(leave_approvers) and user in leave_approvers) or (user in [
"Administrator", employee.user_id
]) or ("HR Manager" in dataent.get_roles(user)):
row = [employee.name, employee.employee_name, employee.department]
for leave_type in leave_types:
# leaves taken
leaves_taken = get_approved_leaves_for_period(
employee.name, leave_type, filters.from_date,
filters.to_date)
# opening balance
opening = get_leave_balance_on(
employee.name, leave_type, filters.from_date,
allocation_records_based_on_to_date.get(
employee.name, dataent._dict()))
# closing balance
closing = get_leave_balance_on(
employee.name, leave_type, filters.to_date,
allocation_records_based_on_to_date.get(
employee.name, dataent._dict()))
row += [opening, leaves_taken, closing]
data.append(row)
return data
def add_sidebar_data(context):
from dataent.utils.user import get_fullname_and_avatar
import dataent.www.list
if context.show_sidebar and context.website_sidebar:
context.sidebar_items = dataent.get_all(
'Website Sidebar Item',
filters=dict(parent=context.website_sidebar),
fields=['title', 'route', '`group`'],
order_by='idx asc')
if not context.sidebar_items:
sidebar_items = dataent.cache().hget('portal_menu_items',
dataent.session.user)
if sidebar_items == None:
sidebar_items = []
roles = dataent.get_roles()
portal_settings = dataent.get_doc('Portal Settings',
'Portal Settings')
def add_items(sidebar_items, items):
for d in items:
if d.get('enabled') and ((not d.get('role'))
or d.get('role') in roles):
sidebar_items.append(
d.as_dict() if isinstance(d, Document) else d)
if not portal_settings.hide_standard_menu:
add_items(sidebar_items, portal_settings.get('menu'))
if portal_settings.custom_menu:
add_items(sidebar_items, portal_settings.get('custom_menu'))
items_via_hooks = dataent.get_hooks('portal_menu_items')
if items_via_hooks:
for i in items_via_hooks:
i['enabled'] = 1
add_items(sidebar_items, items_via_hooks)
dataent.cache().hset('portal_menu_items', dataent.session.user,
sidebar_items)
context.sidebar_items = sidebar_items
info = get_fullname_and_avatar(dataent.session.user)
context["fullname"] = info.fullname
context["user_image"] = info.avatar
context["user"] = info.name
def is_permitted(self):
"""Returns true if Has Role is not set or the user is allowed."""
from dataent.utils import has_common
allowed = [d.role for d in dataent.get_all("Has Role", fields=["role"],
filters={"parent": self.name})]
custom_roles = get_custom_allowed_roles('report', self.name)
allowed.extend(custom_roles)
if not allowed:
return True
roles = dataent.get_roles()
if has_common(roles, allowed):
return True
def can_set_user_permissions(doctype, docname=None):
# System Manager can always set user permissions
if dataent.session.user == "Administrator" or "System Manager" in dataent.get_roles(
):
return True
meta = dataent.get_meta(doctype)
# check if current user has read permission for docname
if docname and not has_permission(doctype, "read", docname):
return False
# check if current user has a role that can set permission
if get_role_permissions(meta).set_user_permissions != 1:
return False
return True
def generate_keys(user):
"""
generate api key and api secret
:param user: str
"""
if "System Manager" in dataent.get_roles():
user_details = dataent.get_doc("User", user)
api_secret = dataent.generate_hash(length=15)
# if api key is not set generate api key
if not user_details.api_key:
api_key = dataent.generate_hash(length=15)
user_details.api_key = api_key
user_details.api_secret = api_secret
user_details.save()
return {"api_secret": api_secret}
dataent.throw(dataent._("Not Permitted"), dataent.PermissionError)
def set_default_role(doc, method):
'''Set customer, supplier, student, guardian based on email'''
if dataent.flags.setting_role or dataent.flags.in_migrate:
return
roles = dataent.get_roles(doc.name)
contact_name = dataent.get_value('Contact', dict(email_id=doc.email))
if contact_name:
contact = dataent.get_doc('Contact', contact_name)
for link in contact.links:
dataent.flags.setting_role = True
if link.link_doctype == 'Customer' and 'Customer' not in roles:
doc.add_roles('Customer')
elif link.link_doctype == 'Supplier' and 'Supplier' not in roles:
doc.add_roles('Supplier')
elif dataent.get_value('Student', dict(
student_email_id=doc.email)) and 'Student' not in roles:
doc.add_roles('Student')
elif dataent.get_value('Guardian', dict(
email_address=doc.email)) and 'Guardian' not in roles:
doc.add_roles('Guardian')
