def get_doctypes_for_user_permissions(): '''Get doctypes for the current user where user permissions are applicable''' user_roles = frappe.get_roles() if "System Manager" in user_roles: return sorted(set([p.parent for p in get_valid_perms()])) else: return sorted(set([p.parent for p in get_valid_perms() if p.set_user_permissions]))
def get_doctypes_for_user_permissions():
'''Get doctypes for the current user where user permissions are applicable'''
user_roles = frappe.get_roles()
if "System Manager" in user_roles:
doctypes = set([p.parent for p in get_valid_perms()])
else:
doctypes = set(
[p.parent for p in get_valid_perms() if p.set_user_permissions])
single_doctypes = set(
[d.name for d in frappe.get_all("DocType", {"issingle": 1})])
return sorted(doctypes.difference(single_doctypes))
def test_automatic_apply_user_permissions(self):
'''Test user permissions are automatically applied when a user permission
is created'''
# create a user
frappe.get_doc(dict(doctype='User', email='*****@*****.**',
first_name='tester')).insert(ignore_if_duplicate=True)
frappe.get_doc(dict(doctype='Role', role_name='Test Role User Perm')
).insert(ignore_if_duplicate=True)
# add a permission for event
add_permission('DocType', 'Test Role User Perm')
frappe.get_doc('User', '*****@*****.**').add_roles('Test Role User Perm')
# add user permission
add_user_permission('Module Def', 'Core', '*****@*****.**', True)
# check if user permission is applied in the new role
_perm = None
for perm in get_valid_perms('DocType', '*****@*****.**'):
if perm.role == 'Test Role User Perm':
_perm = perm
self.assertEqual(_perm.apply_user_permissions, 1)
# restrict by module
self.assertTrue('Module Def' in json.loads(_perm.user_permission_doctypes))
def apply_user_permissions_to_all_roles(self):
# add apply user permissions for all roles that
# for this doctype
def show_progress(i, l):
if l > 2:
frappe.publish_realtime("progress",
dict(progress=[i, l], title=_('Updating...')),
user=frappe.session.user)
roles = frappe.get_roles(self.user)
linked = frappe.db.sql('''select distinct parent from tabDocField
where fieldtype="Link" and options=%s''', self.allow)
for i, link in enumerate(linked):
doctype = link[0]
for perm in get_valid_perms(doctype, self.user):
# if the role is applicable to the user
show_progress(i+1, len(linked))
if perm.role in roles:
if not perm.apply_user_permissions:
update_permission_property(doctype, perm.role, 0,
'apply_user_permissions', '1')
try:
user_permission_doctypes = json.loads(perm.user_permission_doctypes or '[]')
except ValueError:
user_permission_doctypes = []
if self.allow not in user_permission_doctypes:
user_permission_doctypes.append(self.allow)
update_permission_property(doctype, perm.role, 0,
'user_permission_doctypes', json.dumps(user_permission_doctypes), validate=False)
show_progress(len(linked), len(linked))
def test_automatic_apply_user_permissions(self):
'''Test user permissions are automatically applied when a user permission
is created'''
# create a user
frappe.get_doc(dict(doctype='User', email='*****@*****.**',
first_name='tester')).insert(ignore_if_duplicate=True)
frappe.get_doc(dict(doctype='Role', role_name='Test Role User Perm')
).insert(ignore_if_duplicate=True)
# add a permission for event
add_permission('DocType', 'Test Role User Perm')
frappe.get_doc('User', '*****@*****.**').add_roles('Test Role User Perm')
# add user permission
add_user_permission('Module Def', 'Core', '*****@*****.**', True)
# check if user permission is applied in the new role
_perm = None
for perm in get_valid_perms('DocType', '*****@*****.**'):
if perm.role == 'Test Role User Perm':
_perm = perm
self.assertEqual(_perm.apply_user_permissions, 1)
# restrict by module
self.assertTrue('Module Def' in json.loads(_perm.user_permission_doctypes))
def build_perm_map(self):
"""build map of permissions at level 0"""
self.perm_map = {}
for r in get_valid_perms():
dt = r['parent']
if not dt in self.perm_map:
self.perm_map[dt] = {}
for k in frappe.permissions.rights:
if not self.perm_map[dt].get(k):
self.perm_map[dt][k] = r.get(k)
def build_perm_map(self):
"""build map of permissions at level 0"""
self.perm_map = {}
for r in get_valid_perms():
dt = r['parent']
if not dt in self.perm_map:
self.perm_map[dt] = {}
for k in frappe.permissions.rights:
if not self.perm_map[dt].get(k):
self.perm_map[dt][k] = r.get(k)
def apply_user_permissions_to_all_roles(self):
# add apply user permissions for all roles that
# for this doctype
def show_progress(i, l):
if l > 2:
frappe.publish_realtime("progress",
dict(progress=[i, l],
title=_('Updating...')),
user=frappe.session.user)
roles = frappe.get_roles(self.user)
linked = frappe.db.sql(
'''select distinct parent from tabDocField
where fieldtype="Link" and options=%s''', self.allow)
for i, link in enumerate(linked):
doctype = link[0]
for perm in get_valid_perms(doctype, self.user):
# if the role is applicable to the user
show_progress(i + 1, len(linked))
if perm.role in roles:
if not perm.apply_user_permissions:
update_permission_property(doctype, perm.role, 0,
'apply_user_permissions',
'1')
try:
user_permission_doctypes = json.loads(
perm.user_permission_doctypes or '[]')
except ValueError:
user_permission_doctypes = []
if self.allow not in user_permission_doctypes:
user_permission_doctypes.append(self.allow)
update_permission_property(
doctype,
perm.role,
0,
'user_permission_doctypes',
json.dumps(user_permission_doctypes),
validate=False)
show_progress(len(linked), len(linked))
def get_user_valid_perms(user):
if not user_valid_perm.get(user):
user_valid_perm[user] = get_valid_perms(user=user)
return user_valid_perm.get(user)
def get_user_valid_perms(user): if not user_valid_perm.get(user): user_valid_perm[user] = get_valid_perms(user=user) return user_valid_perm.get(user)
