def get_doctypes_for_user_permissions(): '''Get doctypes for the current user where user permissions are applicable''' user_roles = frappe.get_roles() if "System Manager" in user_roles: return sorted(set([p.parent for p in get_valid_perms()])) else: return sorted(set([p.parent for p in get_valid_perms() if p.set_user_permissions]))
def get_doctypes_for_user_permissions(): '''Get doctypes for the current user where user permissions are applicable''' user_roles = frappe.get_roles() if "System Manager" in user_roles: doctypes = set([p.parent for p in get_valid_perms()]) else: doctypes = set( [p.parent for p in get_valid_perms() if p.set_user_permissions]) single_doctypes = set( [d.name for d in frappe.get_all("DocType", {"issingle": 1})]) return sorted(doctypes.difference(single_doctypes))
def test_automatic_apply_user_permissions(self): '''Test user permissions are automatically applied when a user permission is created''' # create a user frappe.get_doc(dict(doctype='User', email='*****@*****.**', first_name='tester')).insert(ignore_if_duplicate=True) frappe.get_doc(dict(doctype='Role', role_name='Test Role User Perm') ).insert(ignore_if_duplicate=True) # add a permission for event add_permission('DocType', 'Test Role User Perm') frappe.get_doc('User', '*****@*****.**').add_roles('Test Role User Perm') # add user permission add_user_permission('Module Def', 'Core', '*****@*****.**', True) # check if user permission is applied in the new role _perm = None for perm in get_valid_perms('DocType', '*****@*****.**'): if perm.role == 'Test Role User Perm': _perm = perm self.assertEqual(_perm.apply_user_permissions, 1) # restrict by module self.assertTrue('Module Def' in json.loads(_perm.user_permission_doctypes))
def apply_user_permissions_to_all_roles(self): # add apply user permissions for all roles that # for this doctype def show_progress(i, l): if l > 2: frappe.publish_realtime("progress", dict(progress=[i, l], title=_('Updating...')), user=frappe.session.user) roles = frappe.get_roles(self.user) linked = frappe.db.sql('''select distinct parent from tabDocField where fieldtype="Link" and options=%s''', self.allow) for i, link in enumerate(linked): doctype = link[0] for perm in get_valid_perms(doctype, self.user): # if the role is applicable to the user show_progress(i+1, len(linked)) if perm.role in roles: if not perm.apply_user_permissions: update_permission_property(doctype, perm.role, 0, 'apply_user_permissions', '1') try: user_permission_doctypes = json.loads(perm.user_permission_doctypes or '[]') except ValueError: user_permission_doctypes = [] if self.allow not in user_permission_doctypes: user_permission_doctypes.append(self.allow) update_permission_property(doctype, perm.role, 0, 'user_permission_doctypes', json.dumps(user_permission_doctypes), validate=False) show_progress(len(linked), len(linked))
def test_automatic_apply_user_permissions(self): '''Test user permissions are automatically applied when a user permission is created''' # create a user frappe.get_doc(dict(doctype='User', email='*****@*****.**', first_name='tester')).insert(ignore_if_duplicate=True) frappe.get_doc(dict(doctype='Role', role_name='Test Role User Perm') ).insert(ignore_if_duplicate=True) # add a permission for event add_permission('DocType', 'Test Role User Perm') frappe.get_doc('User', '*****@*****.**').add_roles('Test Role User Perm') # add user permission add_user_permission('Module Def', 'Core', '*****@*****.**', True) # check if user permission is applied in the new role _perm = None for perm in get_valid_perms('DocType', '*****@*****.**'): if perm.role == 'Test Role User Perm': _perm = perm self.assertEqual(_perm.apply_user_permissions, 1) # restrict by module self.assertTrue('Module Def' in json.loads(_perm.user_permission_doctypes))
def build_perm_map(self): """build map of permissions at level 0""" self.perm_map = {} for r in get_valid_perms(): dt = r['parent'] if not dt in self.perm_map: self.perm_map[dt] = {} for k in frappe.permissions.rights: if not self.perm_map[dt].get(k): self.perm_map[dt][k] = r.get(k)
def build_perm_map(self): """build map of permissions at level 0""" self.perm_map = {} for r in get_valid_perms(): dt = r['parent'] if not dt in self.perm_map: self.perm_map[dt] = {} for k in frappe.permissions.rights: if not self.perm_map[dt].get(k): self.perm_map[dt][k] = r.get(k)
def apply_user_permissions_to_all_roles(self): # add apply user permissions for all roles that # for this doctype def show_progress(i, l): if l > 2: frappe.publish_realtime("progress", dict(progress=[i, l], title=_('Updating...')), user=frappe.session.user) roles = frappe.get_roles(self.user) linked = frappe.db.sql( '''select distinct parent from tabDocField where fieldtype="Link" and options=%s''', self.allow) for i, link in enumerate(linked): doctype = link[0] for perm in get_valid_perms(doctype, self.user): # if the role is applicable to the user show_progress(i + 1, len(linked)) if perm.role in roles: if not perm.apply_user_permissions: update_permission_property(doctype, perm.role, 0, 'apply_user_permissions', '1') try: user_permission_doctypes = json.loads( perm.user_permission_doctypes or '[]') except ValueError: user_permission_doctypes = [] if self.allow not in user_permission_doctypes: user_permission_doctypes.append(self.allow) update_permission_property( doctype, perm.role, 0, 'user_permission_doctypes', json.dumps(user_permission_doctypes), validate=False) show_progress(len(linked), len(linked))
def get_user_valid_perms(user): if not user_valid_perm.get(user): user_valid_perm[user] = get_valid_perms(user=user) return user_valid_perm.get(user)
def get_user_valid_perms(user): if not user_valid_perm.get(user): user_valid_perm[user] = get_valid_perms(user=user) return user_valid_perm.get(user)