def test_nested_permission(self): clear_user_permissions_for_doctype("File") delete_test_file_hierarchy() # delete already existing folders from dataent.core.doctype.file.file import create_new_folder dataent.set_user('Administrator') create_new_folder('level1-A', 'Home') create_new_folder('level2-A', 'Home/level1-A') create_new_folder('level2-B', 'Home/level1-A') create_new_folder('level3-A', 'Home/level1-A/level2-A') create_new_folder('level1-B', 'Home') create_new_folder('level2-A', 'Home/level1-B') # user permission for only one root folder add_user_permission('File', 'Home/level1-A', '*****@*****.**') from dataent.core.page.permission_manager.permission_manager import update update('File', 'All', 0, 'if_owner', 0) # to avoid if_owner filter dataent.set_user('*****@*****.**') data = DatabaseQuery("File").execute() # children of root folder (for which we added user permission) should be accessible self.assertTrue({"name": "Home/level1-A/level2-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-B"} in data) self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data) # other folders should not be accessible self.assertFalse({"name": "Home/level1-B"} in data) self.assertFalse({"name": "Home/level1-B/level2-B"} in data) update('File', 'All', 0, 'if_owner', 1) dataent.set_user('Administrator')
def test_build_match_conditions(self): clear_user_permissions_for_doctype('Blog Post', '*****@*****.**') test2user = dataent.get_doc('User', '*****@*****.**') test2user.add_roles('Blogger') dataent.set_user('*****@*****.**') # this will get match conditions for Blog Post build_match_conditions = DatabaseQuery( 'Blog Post').build_match_conditions # Before any user permission is applied # get as filters self.assertEqual(build_match_conditions(as_condition=False), []) # get as conditions self.assertEqual(build_match_conditions(as_condition=True), "") add_user_permission('Blog Post', '-test-blog-post', '*****@*****.**', True) add_user_permission('Blog Post', '-test-blog-post-1', '*****@*****.**', True) # After applying user permission # get as filters self.assertTrue( {'Blog Post': ['-test-blog-post-1', '-test-blog-post'] } in build_match_conditions(as_condition=False)) # get as conditions self.assertEqual( build_match_conditions(as_condition=True), """(((ifnull(`tabBlog Post`.`name`, "")="" or `tabBlog Post`.`name` in ("-test-blog-post-1", "-test-blog-post"))))""" ) dataent.set_user('Administrator')
def tearDown(self): dataent.set_user("Administrator") dataent.db.set_value("Blogger", "_Test Blogger 1", "user", None) clear_user_permissions_for_doctype("Blog Category") clear_user_permissions_for_doctype("Blog Post") clear_user_permissions_for_doctype("Blogger")
def test_clear_user_permissions(self): current_user = dataent.session.user dataent.set_user('Administrator') clear_user_permissions_for_doctype('Blog Category', '*****@*****.**') clear_user_permissions_for_doctype('Blog Post', '*****@*****.**') add_user_permission('Blog Post', '-test-blog-post-1', '*****@*****.**') add_user_permission('Blog Post', '-test-blog-post-2', '*****@*****.**') add_user_permission("Blog Category", '_Test Blog Category 1', '*****@*****.**') deleted_user_permission_count = clear_user_permissions( '*****@*****.**', 'Blog Post') self.assertEqual(deleted_user_permission_count, 2) blog_post_user_permission_count = dataent.db.count( 'User Permission', filters={ 'user': '******', 'allow': 'Blog Post' }) self.assertEqual(blog_post_user_permission_count, 0) blog_category_user_permission_count = dataent.db.count( 'User Permission', filters={ 'user': '******', 'allow': 'Blog Category' }) self.assertEqual(blog_category_user_permission_count, 1) # reset the user dataent.set_user(current_user)
def test_strict_user_permissions(self): """If `Strict User Permissions` is checked in System Settings, show records even if User Permissions are missing for a linked doctype""" dataent.set_user('Administrator') dataent.db.sql('delete from tabContact') reset('Salutation') reset('Contact') make_test_records_for_doctype('Contact', force=True) add_user_permission("Salutation", "Mr", "*****@*****.**") self.set_strict_user_permissions(0) allowed_contact = dataent.get_doc('Contact', '_Test Contact for _Test Customer') other_contact = dataent.get_doc('Contact', '_Test Contact for _Test Supplier') dataent.set_user("*****@*****.**") self.assertTrue(allowed_contact.has_permission('read')) self.assertTrue(other_contact.has_permission('read')) self.assertEqual(len(dataent.get_list("Contact")), 2) dataent.set_user("Administrator") self.set_strict_user_permissions(1) dataent.set_user("*****@*****.**") self.assertTrue(allowed_contact.has_permission('read')) self.assertFalse(other_contact.has_permission('read')) self.assertTrue(len(dataent.get_list("Contact")), 1) dataent.set_user("Administrator") self.set_strict_user_permissions(0) clear_user_permissions_for_doctype("Salutation") clear_user_permissions_for_doctype("Contact")
def test_block_list(self): self._clear_roles() from dataent.utils.user import add_role add_role("*****@*****.**", "HR User") clear_user_permissions_for_doctype("Employee") dataent.db.set_value("Department", "_Test Department - _TC", "leave_block_list", "_Test Leave Block List") make_allocation_record() application = self.get_application(_test_records[0]) application.insert() application.status = "Approved" self.assertRaises(LeaveDayBlockedError, application.submit) dataent.set_user("*****@*****.**") # clear other applications dataent.db.sql("delete from `tabLeave Application`") application = self.get_application(_test_records[0]) self.assertTrue(application.insert())
def test_of_not_of_descendant_ancestors(self): clear_user_permissions_for_doctype("File") delete_test_file_hierarchy() # delete already existing folders from dataent.core.doctype.file.file import create_new_folder create_new_folder('level1-A', 'Home') create_new_folder('level2-A', 'Home/level1-A') create_new_folder('level2-B', 'Home/level1-A') create_new_folder('level3-A', 'Home/level1-A/level2-A') create_new_folder('level1-B', 'Home') create_new_folder('level2-A', 'Home/level1-B') # in descendants filter data = dataent.get_all( 'File', {'name': ('descendants of', 'Home/level1-A/level2-A')}) self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data) data = dataent.get_all('File', {'name': ('descendants of', 'Home/level1-A')}) self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-B"} in data) self.assertFalse({"name": "Home/level1-B"} in data) self.assertFalse({"name": "Home/level1-A"} in data) self.assertFalse({"name": "Home"} in data) # in ancestors of filter data = dataent.get_all( 'File', {'name': ('ancestors of', 'Home/level1-A/level2-A')}) self.assertFalse({"name": "Home/level1-A/level2-A/level3-A"} in data) self.assertFalse({"name": "Home/level1-A/level2-A"} in data) self.assertFalse({"name": "Home/level1-A/level2-B"} in data) self.assertFalse({"name": "Home/level1-B"} in data) self.assertTrue({"name": "Home/level1-A"} in data) self.assertTrue({"name": "Home"} in data) data = dataent.get_all('File', {'name': ('ancestors of', 'Home/level1-A')}) self.assertFalse({"name": "Home/level1-A/level2-A/level3-A"} in data) self.assertFalse({"name": "Home/level1-A/level2-A"} in data) self.assertFalse({"name": "Home/level1-A/level2-B"} in data) self.assertFalse({"name": "Home/level1-B"} in data) self.assertFalse({"name": "Home/level1-A"} in data) self.assertTrue({"name": "Home"} in data) # not descendants filter data = dataent.get_all( 'File', {'name': ('not descendants of', 'Home/level1-A/level2-A')}) self.assertFalse({"name": "Home/level1-A/level2-A/level3-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-B"} in data) self.assertTrue({"name": "Home/level1-A"} in data) self.assertTrue({"name": "Home"} in data) data = dataent.get_all( 'File', {'name': ('not descendants of', 'Home/level1-A')}) self.assertFalse({"name": "Home/level1-A/level2-A/level3-A"} in data) self.assertFalse({"name": "Home/level1-A/level2-A"} in data) self.assertFalse({"name": "Home/level1-A/level2-B"} in data) self.assertTrue({"name": "Home/level1-B"} in data) self.assertTrue({"name": "Home/level1-A"} in data) self.assertTrue({"name": "Home"} in data) # not ancestors of filter data = dataent.get_all( 'File', {'name': ('not ancestors of', 'Home/level1-A/level2-A')}) self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-B"} in data) self.assertTrue({"name": "Home/level1-B"} in data) self.assertTrue({"name": "Home/level1-A"} not in data) self.assertTrue({"name": "Home"} not in data) data = dataent.get_all('File', {'name': ('not ancestors of', 'Home/level1-A')}) self.assertTrue({"name": "Home/level1-A/level2-A/level3-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-A"} in data) self.assertTrue({"name": "Home/level1-A/level2-B"} in data) self.assertTrue({"name": "Home/level1-B"} in data) self.assertTrue({"name": "Home/level1-A"} in data) self.assertFalse({"name": "Home"} in data) data = dataent.get_all('File', {'name': ('ancestors of', 'Home')}) self.assertTrue(len(data) == 0) self.assertTrue( len(dataent.get_all('File', {'name': ( 'not ancestors of', 'Home')})) == len(dataent.get_all('File')))