def validate(self): from erpnext.controllers.status_updater import validate_status validate_status(self.status, ["Active", "Temporary Leave", "Left"]) self.employee = self.name self.set_employee_name() self.validate_date() self.validate_email() self.validate_status() self.validate_reports_to() self.validate_preferred_email() if self.job_applicant: self.validate_onboarding_process() if self.user_id: self.validate_user_details() else: existing_user_id = frappe.db.get_value("Employee", self.name, "user_id") if existing_user_id: remove_user_permission( "Employee", self.name, existing_user_id)
def test_insert_if_owner_with_user_permissions(self): """If `If Owner` is checked for a Role, check if that document is allowed to be read, updated, submitted, etc. except be created, even if the document is restricted based on User Permissions.""" frappe.delete_doc('Blog Post', '-test-blog-post-title') self.if_owner_setup() frappe.set_user("*****@*****.**") doc = frappe.get_doc({ "doctype": "Blog Post", "blog_category": "_Test Blog Category", "blogger": "_Test Blogger 1", "title": "_Test Blog Post Title", "content": "_Test Blog Post Content" }) self.assertRaises(frappe.PermissionError, doc.insert) frappe.set_user('*****@*****.**') add_user_permission("Blog Category", "_Test Blog Category", "*****@*****.**") frappe.set_user("*****@*****.**") doc.insert() frappe.set_user("Administrator") remove_user_permission("Blog Category", "_Test Blog Category", "*****@*****.**") frappe.set_user("*****@*****.**") doc = frappe.get_doc(doc.doctype, doc.name) self.assertTrue(doc.has_permission("read")) self.assertTrue(doc.has_permission("write")) self.assertFalse(doc.has_permission("create")) # delete created record frappe.set_user("Administrator") frappe.delete_doc('Blog Post', '-test-blog-post-title')
def test_insert_if_owner_with_user_permissions(self): """If `If Owner` is checked for a Role, check if that document is allowed to be read, updated, submitted, etc. except be created, even if the document is restricted based on User Permissions.""" frappe.delete_doc('Blog Post', '-test-blog-post-title') self.if_owner_setup() frappe.set_user("*****@*****.**") doc = frappe.get_doc({ "doctype": "Blog Post", "blog_category": "-test-blog-category", "blogger": "_Test Blogger 1", "title": "_Test Blog Post Title", "content": "_Test Blog Post Content" }) self.assertRaises(frappe.PermissionError, doc.insert) frappe.set_user('*****@*****.**') add_user_permission("Blog Category", "-test-blog-category", "*****@*****.**") frappe.set_user("*****@*****.**") doc.insert() frappe.set_user("Administrator") remove_user_permission("Blog Category", "-test-blog-category", "*****@*****.**") frappe.set_user("*****@*****.**") doc = frappe.get_doc(doc.doctype, doc.name) self.assertTrue(doc.has_permission("read")) self.assertTrue(doc.has_permission("write")) self.assertFalse(doc.has_permission("create")) # delete created record frappe.set_user("Administrator") frappe.delete_doc('Blog Post', '-test-blog-post-title')
def validate(self): from erpnext.controllers.status_updater import validate_status validate_status(self.status, ["Active", "Temporary Leave", "Left"]) self.employee = self.name self.set_employee_name() self.validate_date() self.validate_email() self.validate_status() self.validate_reports_to() self.validate_preferred_email() if self.job_applicant: self.validate_onboarding_process() if self.user_id: self.validate_for_enabled_user_id() self.validate_duplicate_user_id() else: existing_user_id = frappe.db.get_value("Employee", self.name, "user_id") if existing_user_id: remove_user_permission("Employee", self.name, existing_user_id)
def test_ignore_user_permissions_if_missing(self): """If there are no user permissions, then allow as per role""" add_user_permission("Blog Category", "_Test Blog Category", "*****@*****.**") frappe.set_user("*****@*****.**") doc = frappe.get_doc({ "doctype": "Blog Post", "blog_category": "_Test Blog Category 2", "blogger": "_Test Blogger 1", "title": "_Test Blog Post Title", "content": "_Test Blog Post Content" }) self.assertFalse(doc.has_permission("write")) frappe.set_user("Administrator") remove_user_permission("Blog Category", "_Test Blog Category", "*****@*****.**") frappe.set_user("*****@*****.**") self.assertTrue(doc.has_permission('write'))
def test_ignore_user_permissions_if_missing(self): """If there are no user permissions, then allow as per role""" add_user_permission("Blog Category", "_Test Blog Category", "*****@*****.**") frappe.set_user("*****@*****.**") doc = frappe.get_doc({ "doctype": "Blog Post", "blog_category": "_Test Blog Category 2", "blogger": "_Test Blogger 1", "title": "_Test Blog Post Title", "content": "_Test Blog Post Content" }) self.assertFalse(doc.has_permission("write")) frappe.set_user("Administrator") remove_user_permission("Blog Category", "_Test Blog Category", "*****@*****.**") frappe.set_user("*****@*****.**") self.assertTrue(doc.has_permission('write'))
def test_warehouse_user(self): add_user_permission("Warehouse", "_Test Warehouse 1 - _TC", "*****@*****.**") add_user_permission("Warehouse", "_Test Warehouse 2 - _TC1", "*****@*****.**") add_user_permission("Company", "_Test Company 1", "*****@*****.**") test_user = frappe.get_doc("User", "*****@*****.**") test_user.add_roles("Sales User", "Sales Manager", "Stock User") test_user.remove_roles("Stock Manager", "System Manager") frappe.get_doc("User", "*****@*****.**")\ .add_roles("Sales User", "Sales Manager", "Stock User", "Stock Manager") st1 = frappe.copy_doc(test_records[0]) st1.company = "_Test Company 1" set_perpetual_inventory(0, st1.company) frappe.set_user("*****@*****.**") st1.get("items")[0].t_warehouse = "_Test Warehouse 2 - _TC1" self.assertRaises(frappe.PermissionError, st1.insert) test_user.add_roles("System Manager") frappe.set_user("*****@*****.**") st1 = frappe.copy_doc(test_records[0]) st1.company = "_Test Company 1" st1.get("items")[0].t_warehouse = "_Test Warehouse 2 - _TC1" st1.get("items")[0].expense_account = "Stock Adjustment - _TC1" st1.get("items")[0].cost_center = "Main - _TC1" st1.set_stock_entry_type() st1.insert() st1.submit() frappe.set_user("Administrator") remove_user_permission("Warehouse", "_Test Warehouse 1 - _TC", "*****@*****.**") remove_user_permission("Warehouse", "_Test Warehouse 2 - _TC1", "*****@*****.**") remove_user_permission("Company", "_Test Company 1", "*****@*****.**")
def remove(user, name, defkey, defvalue): if not can_set_user_permissions(defkey, defvalue): frappe.throw(_("Cannot remove permission for DocType: {0} and Name: {1}").format( defkey, defvalue), frappe.PermissionError) remove_user_permission(defkey, defvalue, user, name)