예제 #1
0
	def setUp(self):
		frappe.clear_cache(doctype="Blog Post")

		if not frappe.flags.permission_user_setup_done:
			user = frappe.get_doc("User", "*****@*****.**")
			user.add_roles("Website Manager")
			user.add_roles("System Manager")

			user = frappe.get_doc("User", "*****@*****.**")
			user.add_roles("Blogger")

			user = frappe.get_doc("User", "*****@*****.**")
			user.add_roles("Sales User")

			user = frappe.get_doc("User", "*****@*****.**")
			user.add_roles("Website Manager")

			frappe.flags.permission_user_setup_done = True

		reset("Blogger")
		reset("Blog Post")

		frappe.db.sql("delete from `tabUser Permission`")

		frappe.set_user("*****@*****.**")
예제 #2
0
	def test_fieldlevel_permissions_in_load(self):
		blog = frappe.get_doc({
			"doctype": "Blog Post",
			"blog_category": "-test-blog-category-1",
			"blog_intro": "Test Blog Intro",
			"blogger": "_Test Blogger 1",
			"content": "Test Blog Content",
			"title": "_Test Blog Post {}".format(frappe.utils.now()),
			"published": 0
		})

		blog.insert()

		user = frappe.get_doc('User', '*****@*****.**')

		user_roles = frappe.get_roles()
		user.remove_roles(*user_roles)
		user.add_roles('Blogger')

		blog_post_property_setter = make_property_setter('Blog Post', 'published', 'permlevel', 1, 'Int')
		reset('Blog Post')
		add('Blog Post', 'Website Manager', 1)
		update('Blog Post', 'Website Manager', 1, 'write', 1)

		frappe.set_user(user.name)

		blog_doc = get_blog(blog.name)

		self.assertEqual(blog_doc.name, blog.name)
		# since published field has higher permlevel
		self.assertEqual(blog_doc.published, None)

		# this will be ignored because user does not
		# have write access on `published` field (or on permlevel 1 fields)
		blog_doc.published = 1
		blog_doc.save()
		# since published field has higher permlevel
		self.assertEqual(blog_doc.published, 0)

		frappe.set_user('Administrator')
		user.add_roles('Website Manager')
		frappe.set_user(user.name)

		doc = frappe.get_doc('Blog Post', blog.name)
		doc.published = 1
		doc.save()

		blog_doc = get_blog(blog.name)
		# now user should be allowed to read field with higher permlevel
		# (after adding Website Manager role)
		self.assertEqual(blog_doc.published, 1)

		frappe.set_user('Administrator')

		# reset user roles
		user.remove_roles('Blogger', 'Website Manager')
		user.add_roles(*user_roles)

		blog_doc.delete()
		frappe.delete_doc(blog_post_property_setter.doctype, blog_post_property_setter.name)
예제 #3
0
def set_print_email_permissions():
    # reset Page perms
    from frappe.core.page.permission_manager.permission_manager import reset
    reset("Page")
    reset("Report")

    if "allow_print" not in frappe.db.get_table_columns("DocType"):
        return

    # patch to move print, email into DocPerm
    # NOTE: allow_print and allow_email are misnamed. They were used to hide print / hide email
    for doctype, hide_print, hide_email in frappe.db.sql(
            """select name, ifnull(allow_print, 0), ifnull(allow_email, 0)
		from `tabDocType` where ifnull(issingle, 0)=0 and ifnull(istable, 0)=0 and
		(ifnull(allow_print, 0)=0 or ifnull(allow_email, 0)=0)"""):

        if not hide_print:
            frappe.db.sql(
                """update `tabDocPerm` set `print`=1
				where permlevel=0 and `read`=1 and parent=%s""", doctype)

        if not hide_email:
            frappe.db.sql(
                """update `tabDocPerm` set `email`=1
				where permlevel=0 and `read`=1 and parent=%s""", doctype)
예제 #4
0
    def test_reportview_get(self):
        user = frappe.get_doc("User", "*****@*****.**")
        add_child_table_to_blog_post()

        user_roles = frappe.get_roles()
        user.remove_roles(*user_roles)
        user.add_roles("Blogger")

        make_property_setter("Blog Post", "published", "permlevel", 1, "Int")
        reset("Blog Post")
        add("Blog Post", "Website Manager", 1)
        update("Blog Post", "Website Manager", 1, "write", 1)

        frappe.set_user(user.name)

        frappe.local.request = frappe._dict()
        frappe.local.request.method = "POST"

        frappe.local.form_dict = frappe._dict({
            "doctype":
            "Blog Post",
            "fields": ["published", "title", "`tabTest Child`.`test_field`"],
        })

        # even if * is passed, fields which are not accessible should be filtered out
        response = execute_cmd("frappe.desk.reportview.get")
        self.assertListEqual(response["keys"], ["title"])
        frappe.local.form_dict = frappe._dict({
            "doctype": "Blog Post",
            "fields": ["*"],
        })

        response = execute_cmd("frappe.desk.reportview.get")
        self.assertNotIn("published", response["keys"])

        frappe.set_user("Administrator")
        user.add_roles("Website Manager")
        frappe.set_user(user.name)

        frappe.set_user("Administrator")

        # Admin should be able to see access all fields
        frappe.local.form_dict = frappe._dict({
            "doctype":
            "Blog Post",
            "fields": ["published", "title", "`tabTest Child`.`test_field`"],
        })

        response = execute_cmd("frappe.desk.reportview.get")
        self.assertListEqual(response["keys"],
                             ["published", "title", "test_field"])

        # reset user roles
        user.remove_roles("Blogger", "Website Manager")
        user.add_roles(*user_roles)
예제 #5
0
    def test_fieldlevel_permissions_in_load(self):
        user = frappe.get_doc('User', '*****@*****.**')
        user.remove_roles('Website Manager')
        user.add_roles('Blogger')
        reset('Blog Post')

        frappe.db.set_value('DocField', {
            'fieldname': 'published',
            'parent': 'Blog Post'
        }, 'permlevel', 1)

        update('Blog Post', 'Website Manager', 0, 'permlevel', 1)

        frappe.set_user(user.name)

        # print frappe.as_json(get_valid_perms('Blog Post'))

        frappe.clear_cache(doctype='Blog Post')

        blog = frappe.db.get_value('Blog Post', {'title': '_Test Blog Post'})

        getdoc('Blog Post', blog)

        checked = False

        for doc in frappe.response.docs:
            if doc.name == blog:
                self.assertEqual(doc.published, None)
                checked = True

        self.assertTrue(checked, True)

        frappe.db.set_value('DocField', {
            'fieldname': 'published',
            'parent': 'Blog Post'
        }, 'permlevel', 0)

        reset('Blog Post')

        frappe.clear_cache(doctype='Blog Post')

        frappe.response.docs = []
        getdoc('Blog Post', blog)

        checked = False

        for doc in frappe.response.docs:
            if doc.name == blog:
                self.assertEqual(doc.published, 1)
                checked = True

        self.assertTrue(checked, True)

        frappe.set_user('Administrator')
예제 #6
0
    def setUp(self):
        items = create_items()
        reset('Stock Entry')

        # delete SLE and BINs for all items
        frappe.db.sql(
            "delete from `tabStock Ledger Entry` where item_code in (%s)" %
            (', '.join(['%s'] * len(items))), items)
        frappe.db.sql(
            "delete from `tabBin` where item_code in (%s)" %
            (', '.join(['%s'] * len(items))), items)
예제 #7
0
	def tearDown(self):
		frappe.set_user("Administrator")
		frappe.db.set_value("Blogger", "_Test Blogger 1", "user", None)

		clear_user_permissions_for_doctype("Blog Category")
		clear_user_permissions_for_doctype("Blog Post")
		clear_user_permissions_for_doctype("Blogger")

		reset('Blogger')
		reset('Blog Post')

		self.set_ignore_user_permissions_if_missing(0)
예제 #8
0
    def setUp(self):
        items = create_items()
        reset("Stock Entry")

        # delete SLE and BINs for all items
        frappe.db.sql(
            "delete from `tabStock Ledger Entry` where item_code in (%s)" %
            (", ".join(["%s"] * len(items))),
            items,
        )
        frappe.db.sql(
            "delete from `tabBin` where item_code in (%s)" %
            (", ".join(["%s"] * len(items))), items)
예제 #9
0
	def setUp(self):
		frappe.clear_cache(doctype="Blog Post")

		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Website Manager")

		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Blogger")

		reset('Blogger')
		reset('Blog Post')

		self.set_ignore_user_permissions_if_missing(0)

		frappe.set_user("*****@*****.**")
예제 #10
0
	def test_fieldlevel_permissions_in_load(self):
		user = frappe.get_doc('User', '*****@*****.**')
		user.remove_roles('Website Manager')
		user.add_roles('Blogger')
		reset('Blog Post')

		frappe.db.sql('update tabDocField set permlevel=1 where fieldname="published" and parent="Blog Post"')

		update('Blog Post', 'Website Manager', 0, 'permlevel', 1)

		frappe.set_user(user.name)

		# print frappe.as_json(get_valid_perms('Blog Post'))

		frappe.clear_cache(doctype='Blog Post')

		blog = frappe.db.get_value('Blog Post', {'title': '_Test Blog Post'})

		getdoc('Blog Post', blog)

		checked = False

		for doc in frappe.response.docs:
			if doc.name == blog:
				self.assertEquals(doc.published, None)
				checked = True

		self.assertTrue(checked, True)

		frappe.db.sql('update tabDocField set permlevel=0 where fieldname="published" and parent="Blog Post"')
		reset('Blog Post')

		frappe.clear_cache(doctype='Blog Post')

		frappe.response.docs = []
		getdoc('Blog Post', blog)

		checked = False

		for doc in frappe.response.docs:
			if doc.name == blog:
				self.assertEquals(doc.published, 1)
				checked = True

		self.assertTrue(checked, True)

		frappe.set_user('Administrator')
예제 #11
0
def execute():
	# reset Page perms
	from frappe.core.page.permission_manager.permission_manager import reset
	reset("Page")
	reset("Report")
	
	# patch to move print, email into DocPerm
	for doctype, hide_print, hide_email in frappe.db.sql("""select name, ifnull(allow_print, 0), ifnull(allow_email, 0)
		from `tabDocType` where ifnull(issingle, 0)=0 and ifnull(istable, 0)=0 and
		(ifnull(allow_print, 0)=0 or ifnull(allow_email, 0)=0)"""):
		
		if not hide_print:
			frappe.db.sql("""update `tabDocPerm` set `print`=1
				where permlevel=0 and `read`=1 and parent=%s""", doctype)
		
		if not hide_email:
			frappe.db.sql("""update `tabDocPerm` set `email`=1
				where permlevel=0 and `read`=1 and parent=%s""", doctype)
예제 #12
0
	def test_fieldlevel_permissions_in_load_for_child_table(self):
		contact = frappe.new_doc('Contact')
		contact.first_name = '_Test Contact 1'
		contact.append('phone_nos', {'phone': '123456'})
		contact.insert()

		user = frappe.get_doc('User', '*****@*****.**')

		user_roles = frappe.get_roles()
		user.remove_roles(*user_roles)
		user.add_roles('Accounts User')

		make_property_setter('Contact Phone', 'phone', 'permlevel', 1, 'Int')
		reset('Contact Phone')
		add('Contact', 'Sales User', 1)
		update('Contact', 'Sales User', 1, 'write', 1)

		frappe.set_user(user.name)

		contact = frappe.get_doc('Contact', '_Test Contact 1')

		contact.phone_nos[0].phone = '654321'
		contact.save()

		self.assertEqual(contact.phone_nos[0].phone, '123456')

		frappe.set_user('Administrator')
		user.add_roles('Sales User')
		frappe.set_user(user.name)

		contact.phone_nos[0].phone = '654321'
		contact.save()

		contact = frappe.get_doc('Contact', '_Test Contact 1')
		self.assertEqual(contact.phone_nos[0].phone, '654321')

		frappe.set_user('Administrator')

		# reset user roles
		user.remove_roles('Accounts User', 'Sales User')
		user.add_roles(*user_roles)

		contact.delete()
예제 #13
0
    def test_fieldlevel_permissions_in_load_for_child_table(self):
        contact = frappe.new_doc("Contact")
        contact.first_name = "_Test Contact 1"
        contact.append("phone_nos", {"phone": "123456"})
        contact.insert()

        user = frappe.get_doc("User", "*****@*****.**")

        user_roles = frappe.get_roles()
        user.remove_roles(*user_roles)
        user.add_roles("Accounts User")

        make_property_setter("Contact Phone", "phone", "permlevel", 1, "Int")
        reset("Contact Phone")
        add("Contact", "Sales User", 1)
        update("Contact", "Sales User", 1, "write", 1)

        frappe.set_user(user.name)

        contact = frappe.get_doc("Contact", "_Test Contact 1")

        contact.phone_nos[0].phone = "654321"
        contact.save()

        self.assertEqual(contact.phone_nos[0].phone, "123456")

        frappe.set_user("Administrator")
        user.add_roles("Sales User")
        frappe.set_user(user.name)

        contact.phone_nos[0].phone = "654321"
        contact.save()

        contact = frappe.get_doc("Contact", "_Test Contact 1")
        self.assertEqual(contact.phone_nos[0].phone, "654321")

        frappe.set_user("Administrator")

        # reset user roles
        user.remove_roles("Accounts User", "Sales User")
        user.add_roles(*user_roles)

        contact.delete()
예제 #14
0
    def test_strict_user_permissions(self):
        """If `Strict User Permissions` is checked in System Settings,
			show records even if User Permissions are missing for a linked
			doctype"""

        frappe.set_user('Administrator')
        frappe.db.sql('DELETE FROM `tabContact`')
        frappe.db.sql('DELETE FROM `tabContact Email`')
        frappe.db.sql('DELETE FROM `tabContact Phone`')

        reset('Salutation')
        reset('Contact')

        make_test_records_for_doctype('Contact', force=True)

        add_user_permission("Salutation", "Mr", "*****@*****.**")
        self.set_strict_user_permissions(0)

        allowed_contact = frappe.get_doc('Contact',
                                         '_Test Contact For _Test Customer')
        other_contact = frappe.get_doc('Contact',
                                       '_Test Contact For _Test Supplier')

        frappe.set_user("*****@*****.**")
        self.assertTrue(allowed_contact.has_permission('read'))
        self.assertTrue(other_contact.has_permission('read'))
        self.assertEqual(len(frappe.get_list("Contact")), 2)

        frappe.set_user("Administrator")
        self.set_strict_user_permissions(1)

        frappe.set_user("*****@*****.**")
        self.assertTrue(allowed_contact.has_permission('read'))
        self.assertFalse(other_contact.has_permission('read'))
        self.assertTrue(len(frappe.get_list("Contact")), 1)

        frappe.set_user("Administrator")
        self.set_strict_user_permissions(0)

        clear_user_permissions_for_doctype("Salutation")
        clear_user_permissions_for_doctype("Contact")
예제 #15
0
	def setUp(self):
		frappe.clear_cache(doctype="Blog Post")

		if not frappe.flags.permission_user_setup_done:
			user = frappe.get_doc("User", "*****@*****.**")
			user.add_roles("Website Manager")
			user.add_roles("System Manager")

			user = frappe.get_doc("User", "*****@*****.**")
			user.add_roles("Blogger")

			user = frappe.get_doc("User", "*****@*****.**")
			user.add_roles("Sales User")
			frappe.flags.permission_user_setup_done = True

		reset('Blogger')
		reset('Blog Post')

		frappe.db.sql('delete from `tabUser Permission`')

		frappe.set_user("*****@*****.**")
예제 #16
0
def set_print_email_permissions():
	# reset Page perms
	from frappe.core.page.permission_manager.permission_manager import reset
	reset("Page")
	reset("Report")

	if "allow_print" not in frappe.db.get_table_columns("DocType"):
		return

	# patch to move print, email into DocPerm
	# NOTE: allow_print and allow_email are misnamed. They were used to hide print / hide email
	for doctype, hide_print, hide_email in frappe.db.sql("""select name, ifnull(allow_print, 0), ifnull(allow_email, 0)
		from `tabDocType` where ifnull(issingle, 0)=0 and ifnull(istable, 0)=0 and
		(ifnull(allow_print, 0)=0 or ifnull(allow_email, 0)=0)"""):

		if not hide_print:
			frappe.db.sql("""update `tabDocPerm` set `print`=1
				where permlevel=0 and `read`=1 and parent=%s""", doctype)

		if not hide_email:
			frappe.db.sql("""update `tabDocPerm` set `email`=1
				where permlevel=0 and `read`=1 and parent=%s""", doctype)
예제 #17
0
	def tearDown(self):
		frappe.set_user("Administrator")
		frappe.db.set_value("Blogger", "_Test Blogger 1", "user", None)

		clear_user_permissions_for_doctype("Blog Category")
		clear_user_permissions_for_doctype("Blog Post")
		clear_user_permissions_for_doctype("Blogger")
		clear_user_permissions_for_doctype("Contact")
		clear_user_permissions_for_doctype("Salutation")

		reset('Blogger')
		reset('Blog Post')
		reset('Contact')
		reset('Salutation')

		self.set_ignore_user_permissions_if_missing(0)
예제 #18
0
	def test_strict_user_permissions(self):
		"""If `Strict User Permissions` is checked in System Settings,
			show records even if User Permissions are missing for a linked
			doctype"""

		frappe.set_user('Administrator')
		frappe.db.sql('delete from tabContact')

		reset('Salutation')
		reset('Contact')

		make_test_records_for_doctype('Contact', force=True)

		add_user_permission("Salutation", "Mr", "*****@*****.**")
		self.set_strict_user_permissions(0)

		allowed_contact = frappe.get_doc('Contact', '_Test Contact for _Test Customer')
		other_contact = frappe.get_doc('Contact', '_Test Contact for _Test Supplier')

		frappe.set_user("*****@*****.**")
		self.assertTrue(allowed_contact.has_permission('read'))
		self.assertTrue(other_contact.has_permission('read'))
		self.assertEqual(len(frappe.get_list("Contact")), 2)

		frappe.set_user("Administrator")
		self.set_strict_user_permissions(1)

		frappe.set_user("*****@*****.**")
		self.assertTrue(allowed_contact.has_permission('read'))
		self.assertFalse(other_contact.has_permission('read'))
		self.assertTrue(len(frappe.get_list("Contact")), 1)

		frappe.set_user("Administrator")
		self.set_strict_user_permissions(0)

		clear_user_permissions_for_doctype("Salutation")
		clear_user_permissions_for_doctype("Contact")
예제 #19
0
	def setUp(self):
		frappe.clear_cache(doctype="Blog Post")
		frappe.clear_cache(doctype="Contact")

		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Website Manager")
		user.add_roles("System Manager")

		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Blogger")

		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Sales User")

		reset('Blogger')
		reset('Blog Post')
		reset('Contact')
		reset('Salutation')

		frappe.db.sql('delete from `tabUser Permission`')

		self.set_ignore_user_permissions_if_missing(0)

		frappe.set_user("*****@*****.**")
예제 #20
0
	def setUp(self):
		frappe.clear_cache(doctype="Blog Post")
		frappe.clear_cache(doctype="Contact")

		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Website Manager")
		user.add_roles("System Manager")

		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Blogger")

		user = frappe.get_doc("User", "*****@*****.**")
		user.add_roles("Sales User")

		reset('Blogger')
		reset('Blog Post')
		reset('Contact')
		reset('Salutation')

		frappe.db.sql('delete from `tabUser Permission`')

		self.set_ignore_user_permissions_if_missing(0)

		frappe.set_user("*****@*****.**")