def get_context(context):
if frappe.session.user != "Guest" and frappe.session.data.user_type=="System User":
frappe.local.flags.redirect_location = "/desk"
raise frappe.Redirect
# get settings from site config
context.no_header = True
context.for_test = 'login.html'
context["title"] = "Login"
context["disable_signup"] = frappe.utils.cint(frappe.db.get_value("Website Settings", "Website Settings", "disable_signup"))
for provider in ("google", "github", "facebook", "frappe"):
if get_oauth_keys(provider):
context["{provider}_login".format(provider=provider)] = get_oauth2_authorize_url(provider)
context["social_login"] = True
ldap_settings = get_ldap_settings()
context["ldap_settings"] = ldap_settings
login_name_placeholder = [_("Email address")]
if frappe.utils.cint(frappe.get_system_settings("allow_login_using_mobile_number")):
login_name_placeholder.append(_("Mobile number"))
if frappe.utils.cint(frappe.get_system_settings("allow_login_using_user_name")):
login_name_placeholder.append(_("Username"))
context['login_name_placeholder'] = ' {0} '.format(_('or')).join(login_name_placeholder)
return context
def get_user_permission_doctypes(user_permission_doctypes, user_permissions):
"""returns a list of list like [["User", "Blog Post"], ["User"]]"""
if cint(frappe.get_system_settings('ignore_user_permissions_if_missing')):
# select those user permission doctypes for which user permissions exist!
user_permission_doctypes = [
list(set(doctypes).intersection(set(user_permissions.keys())))
for doctypes in user_permission_doctypes]
if len(user_permission_doctypes) > 1:
# OPTIMIZATION
# if intersection exists, use that to reduce the amount of querying
# for example, [["Blogger", "Blog Category"], ["Blogger"]], should only search in [["Blogger"]] as the first and condition becomes redundant
common = user_permission_doctypes[0]
for i in range(1, len(user_permission_doctypes), 1):
common = list(set(common).intersection(set(user_permission_doctypes[i])))
if not common:
break
if common:
# is common one of the user_permission_doctypes set?
for doctypes in user_permission_doctypes:
# are these lists equal?
if set(common) == set(doctypes):
user_permission_doctypes = [common]
break
return user_permission_doctypes
def add_user_permissions(self, user_permissions, user_permission_doctypes=None):
user_permission_doctypes = frappe.permissions.get_user_permission_doctypes(user_permission_doctypes, user_permissions)
meta = frappe.get_meta(self.doctype)
for doctypes in user_permission_doctypes:
match_filters = {}
match_conditions = []
# check in links
for df in meta.get_fields_to_check_permissions(doctypes):
user_permission_values = user_permissions.get(df.options, [])
cond = 'ifnull(`tab{doctype}`.`{fieldname}`, "")=""'.format(doctype=self.doctype, fieldname=df.fieldname)
if user_permission_values:
if not cint(frappe.get_system_settings("apply_strict_user_permissions")):
condition = cond + " or "
else:
condition = ""
condition += """`tab{doctype}`.`{fieldname}` in ({values})""".format(
doctype=self.doctype, fieldname=df.fieldname,
values=", ".join([('"'+frappe.db.escape(v, percent=False)+'"') for v in user_permission_values]))
else:
condition = cond
match_conditions.append("({condition})".format(condition=condition))
match_filters[df.options] = user_permission_values
if match_conditions:
self.match_conditions.append(" and ".join(match_conditions))
if match_filters:
self.match_filters.append(match_filters)
def add_code(self):
path = os.path.join(get_module_path(self.module), 'doctype', scrub(self.name))
def _get_path(fname):
return os.path.join(path, scrub(fname))
system_country = frappe.get_system_settings("country")
self._add_code(_get_path(self.name + '.js'), '__js')
if system_country:
self._add_code(_get_path(os.path.join('regional', system_country + '.js')), '__js')
self._add_code(_get_path(self.name + '.css'), "__css")
self._add_code(_get_path(self.name + '_list.js'), '__list_js')
self._add_code(_get_path(self.name + '_calendar.js'), '__calendar_js')
self._add_code(_get_path(self.name + '_tree.js'), '__tree_js')
listview_template = _get_path(self.name + '_list.html')
if os.path.exists(listview_template):
self.set("__listview_template", get_html_format(listview_template))
self.add_code_via_hook("doctype_js", "__js")
self.add_code_via_hook("doctype_list_js", "__list_js")
self.add_code_via_hook("doctype_tree_js", "__tree_js")
self.add_code_via_hook("doctype_calendar_js", "__calendar_js")
self.add_custom_script()
self.add_html_templates(path)
def get_region(company=None):
'''Return the default country based on flag, company or global settings
You can also set global company flag in `frappe.flags.company`
'''
if company or frappe.flags.company:
return frappe.db.get_value('Company',
company or frappe.flags.company, 'country')
elif frappe.flags.country:
return frappe.flags.country
else:
return frappe.get_system_settings('country')
def get_region(company=None):
'''Return the default country based on flag, company or global settings
You can also set global company flag in `frappe.flags.company`
'''
if company or frappe.flags.company:
return frappe.db.get_value('Company', company or frappe.flags.company,
'country')
elif frappe.flags.country:
return frappe.flags.country
else:
return frappe.get_system_settings('country')
def validate_ip_address(self):
"""check if IP Address is valid"""
user = frappe.get_doc("User", self.user)
ip_list = user.get_restricted_ip_list()
if not ip_list:
return
bypass_restrict_ip_check = 0
# check if two factor auth is enabled
enabled = int(frappe.get_system_settings('enable_two_factor_auth') or 0)
if enabled:
#check if bypass restrict ip is enabled for all users
bypass_restrict_ip_check = int(frappe.get_system_settings('bypass_restrict_ip_check_if_2fa_enabled') or 0)
if not bypass_restrict_ip_check:
#check if bypass restrict ip is enabled for login user
bypass_restrict_ip_check = int(frappe.db.get_value('User', self.user, 'bypass_restrict_ip_check_if_2fa_enabled') or 0)
for ip in ip_list:
if frappe.local.request_ip.startswith(ip) or bypass_restrict_ip_check:
return
frappe.throw(_("Not allowed from this IP Address"), frappe.AuthenticationError)
def get_region(company=None):
"""Return the default country based on flag, company or global settings
You can also set global company flag in `frappe.flags.company`
"""
if company or frappe.flags.company:
return frappe.get_cached_value("Company", company
or frappe.flags.company, "country")
elif frappe.flags.country:
return frappe.flags.country
else:
return frappe.get_system_settings("country")
def save_file(self, content=None, decode=False, ignore_existing_file_check=False):
file_exists = False
self.content = content
if decode:
if isinstance(content, text_type):
self.content = content.encode("utf-8")
if b"," in self.content:
self.content = self.content.split(b",")[1]
self.content = base64.b64decode(self.content)
if not self.is_private:
self.is_private = 0
self.content_type = mimetypes.guess_type(self.file_name)[0]
self.file_size = self.check_max_file_size()
if (
self.content_type and "image" in self.content_type
and frappe.get_system_settings("strip_exif_metadata_from_uploaded_images")
):
self.content = strip_exif_data(self.content, self.content_type)
self.content_hash = get_content_hash(self.content)
duplicate_file = None
# check if a file exists with the same content hash and is also in the same folder (public or private)
if not ignore_existing_file_check:
duplicate_file = frappe.get_value("File", {
"content_hash": self.content_hash,
"is_private": self.is_private
},
["file_url", "name"], as_dict=True)
if duplicate_file:
file_doc = frappe.get_cached_doc('File', duplicate_file.name)
if file_doc.exists_on_disk():
self.file_url = duplicate_file.file_url
file_exists = True
if os.path.exists(encode(get_files_path(self.file_name, is_private=self.is_private))):
self.file_name = get_file_name(self.file_name, self.content_hash[-6:])
if not file_exists:
call_hook_method("before_write_file", file_size=self.file_size)
write_file_method = get_hook_method('write_file')
if write_file_method:
return write_file_method(self)
return self.save_file_on_filesystem()
def upload_file():
if frappe.session.user == 'Guest':
if frappe.get_system_settings('allow_guests_to_upload_files'):
ignore_permissions = True
else:
return
else:
ignore_permissions = False
files = frappe.request.files
is_private = frappe.form_dict.is_private
doctype = frappe.form_dict.doctype
docname = frappe.form_dict.docname
fieldname = frappe.form_dict.fieldname
file_url = frappe.form_dict.file_url
folder = frappe.form_dict.folder or 'Home'
method = frappe.form_dict.method
content = None
filename = None
if 'file' in files:
file = files['file']
content = file.stream.read()
filename = file.filename
frappe.local.uploaded_file = content
frappe.local.uploaded_filename = filename
if frappe.session.user == 'Guest':
import mimetypes
filetype = mimetypes.guess_type(filename)[0]
if filetype not in ['image/png', 'image/jpeg', 'application/pdf']:
frappe.throw("You can only upload JPG, PNG or PDF files.")
if method:
method = frappe.get_attr(method)
is_whitelisted(method)
return method()
else:
ret = frappe.get_doc({
"doctype": "File",
"attached_to_doctype": doctype,
"attached_to_name": docname,
"attached_to_field": fieldname,
"folder": folder,
"file_name": filename,
"file_url": file_url,
"is_private": cint(is_private),
"content": content
})
ret.save(ignore_permissions=ignore_permissions)
return ret
def get_context(context):
if frappe.session.user != "Guest":
frappe.local.flags.redirect_location = "/" if frappe.session.data.user_type=="Website User" else "/desk"
raise frappe.Redirect
# get settings from site config
context.no_header = True
context.for_test = 'login.html'
context["title"] = "Login"
context["provider_logins"] = []
context["disable_signup"] = frappe.utils.cint(frappe.db.get_value("Website Settings", "Website Settings", "disable_signup"))
providers = [i.name for i in frappe.get_all("Social Login Key", filters={"enable_social_login":1})]
for provider in providers:
client_id, base_url = frappe.get_value("Social Login Key", provider, ["client_id", "base_url"])
client_secret = get_decrypted_password("Social Login Key", provider, "client_secret")
icon = get_icon_html(frappe.get_value("Social Login Key", provider, "icon"), small=True)
if (get_oauth_keys(provider) and client_secret and client_id and base_url):
context.provider_logins.append({
"name": provider,
"provider_name": frappe.get_value("Social Login Key", provider, "provider_name"),
"auth_url": get_oauth2_authorize_url(provider),
"icon": icon
})
context["social_login"] = True
ldap_settings = get_ldap_settings()
context["ldap_settings"] = ldap_settings
login_name_placeholder = [_("Email address")]
if frappe.utils.cint(frappe.get_system_settings("allow_login_using_mobile_number")):
login_name_placeholder.append(_("Mobile number"))
if frappe.utils.cint(frappe.get_system_settings("allow_login_using_user_name")):
login_name_placeholder.append(_("Username"))
context['login_name_placeholder'] = ' {0} '.format(_('or')).join(login_name_placeholder)
return context
def get_context(context):
if frappe.session.user != "Guest":
frappe.local.flags.redirect_location = "/dashboard" if frappe.session.data.user_type=="Website User" else "/desk"
raise frappe.Redirect
# get settings from site config
context.no_header = True
context.for_test = 'login.html'
context["title"] = "Login"
context["provider_logins"] = []
context["disable_signup"] = frappe.utils.cint(frappe.db.get_value("Website Settings", "Website Settings", "disable_signup"))
providers = [i.name for i in frappe.get_all("Social Login Key", filters={"enable_social_login":1})]
for provider in providers:
client_id, base_url = frappe.get_value("Social Login Key", provider, ["client_id", "base_url"])
client_secret = get_decrypted_password("Social Login Key", provider, "client_secret")
icon = get_icon_html(frappe.get_value("Social Login Key", provider, "icon"), small=True)
if (get_oauth_keys(provider) and client_secret and client_id and base_url):
context.provider_logins.append({
"name": provider,
"provider_name": frappe.get_value("Social Login Key", provider, "provider_name"),
"auth_url": get_oauth2_authorize_url(provider),
"icon": icon
})
context["social_login"] = True
ldap_settings = LDAPSettings.get_ldap_client_settings()
context["ldap_settings"] = ldap_settings
login_name_placeholder = [_("Email Address")]
if frappe.utils.cint(frappe.get_system_settings("allow_login_using_mobile_number")):
login_name_placeholder.append(_("Mobile number"))
if frappe.utils.cint(frappe.get_system_settings("allow_login_using_user_name")):
login_name_placeholder.append(_("Username"))
context['login_name_placeholder'] = ' {0} '.format(_('or')).join(login_name_placeholder)
return context
def _get_amended_name(doc):
if frappe.get_system_settings('use_original_name_for_amended_document',
ignore_if_not_exists=True):
name, _ = NameParser(doc).parse_amended_from()
else:
am_id = 1
am_prefix = doc.amended_from
if frappe.db.get_value(doc.doctype, doc.amended_from, "amended_from"):
am_id = cint(doc.amended_from.split("-")[-1]) + 1
am_prefix = "-".join(
doc.amended_from.split("-")[:-1]) # except the last hyphen
name = am_prefix + "-" + str(am_id)
return name
def get_context(context):
if frappe.session.user != "Guest" and frappe.session.data.user_type == "System User":
frappe.local.flags.redirect_location = "/desk"
raise frappe.Redirect
# get settings from site config
context.no_header = True
context.for_test = 'login.html'
context["title"] = "Login"
context["disable_signup"] = frappe.utils.cint(
frappe.db.get_value("Website Settings", "Website Settings",
"disable_signup"))
for provider in ("google", "github", "facebook", "frappe"):
if get_oauth_keys(provider):
context["{provider}_login".format(
provider=provider)] = get_oauth2_authorize_url(provider)
context["social_login"] = True
ldap_settings = get_ldap_settings()
context["ldap_settings"] = ldap_settings
login_name_placeholder = [_("Email address")]
if frappe.utils.cint(
frappe.get_system_settings("allow_login_using_mobile_number")):
login_name_placeholder.append(_("Mobile number"))
if frappe.utils.cint(
frappe.get_system_settings("allow_login_using_user_name")):
login_name_placeholder.append(_("Username"))
context['login_name_placeholder'] = ' {0} '.format(
_('or')).join(login_name_placeholder)
return context
def add_user_permissions(self, user_permissions):
meta = frappe.get_meta(self.doctype)
doctype_link_fields = []
doctype_link_fields = meta.get_link_fields()
doctype_link_fields.append(
dict(
options=self.doctype,
fieldname='name',
))
# appended current doctype with fieldname as 'name' to
# and condition on doc name if user permission is found for current doctype
match_filters = {}
match_conditions = []
for df in doctype_link_fields:
user_permission_values = user_permissions.get(
df.get('options'), {})
if df.get('ignore_user_permissions'): continue
empty_value_condition = "ifnull(`tab{doctype}`.`{fieldname}`, '')=''".format(
doctype=self.doctype, fieldname=df.get('fieldname'))
if (user_permission_values.get("docs", [])
and not self.doctype in user_permission_values.get(
"skip_for_doctype", [])):
if frappe.get_system_settings("apply_strict_user_permissions"):
condition = ""
else:
condition = empty_value_condition + " or "
condition += """`tab{doctype}`.`{fieldname}` in ({values})""".format(
doctype=self.doctype,
fieldname=df.get('fieldname'),
values=", ".join([
(frappe.db.escape(v, percent=False))
for v in user_permission_values.get("docs")
]))
match_conditions.append(
"({condition})".format(condition=condition))
match_filters[df.get('options')] = user_permission_values.get(
"docs")
if match_conditions:
self.match_conditions.append(" and ".join(match_conditions))
if match_filters:
self.match_filters.append(match_filters)
def add_user_permissions(self,
user_permissions,
user_permission_doctypes=None):
user_permission_doctypes = frappe.permissions.get_user_permission_doctypes(
user_permission_doctypes, user_permissions)
meta = frappe.get_meta(self.doctype)
for doctypes in user_permission_doctypes:
match_filters = {}
match_conditions = []
# check in links
for df in meta.get_fields_to_check_permissions(doctypes):
user_permission_values = user_permissions.get(df.options, [])
cond = 'ifnull(`tab{doctype}`.`{fieldname}`, "")=""'.format(
doctype=self.doctype, fieldname=df.fieldname)
if user_permission_values:
if not cint(
frappe.get_system_settings(
"apply_strict_user_permissions")):
condition = cond + " or "
else:
condition = ""
condition += """`tab{doctype}`.`{fieldname}` in ({values})""".format(
doctype=self.doctype,
fieldname=df.fieldname,
values=", ".join([
('"' + frappe.db.escape(v, percent=False) + '"')
for v in user_permission_values
]))
else:
condition = cond
match_conditions.append(
"({condition})".format(condition=condition))
match_filters[df.options] = user_permission_values
if match_conditions:
self.match_conditions.append(" and ".join(match_conditions))
if match_filters:
self.match_filters.append(match_filters)
def make_file_document(
file_key, doctype=None, docname=None, fieldname=None, is_private=None,
ignore_permissions=False):
user = None
if not ignore_permissions and frappe.session.user == 'Guest':
if frappe.get_system_settings('allow_guests_to_upload_files'):
ignore_permissions = True
else:
raise frappe.PermissionError("Guest uploads are not allowed")
else:
user = frappe.get_doc("User", frappe.session.user)
files = frappe.request.files
content = None
filename = None
if file_key in files:
file = files[file_key]
content = file.stream.read()
filename = file.filename
frappe.local.uploaded_file = content
frappe.local.uploaded_filename = filename
if frappe.session.user == 'Guest' or (user and not user.has_desk_access()):
import mimetypes
filetype = mimetypes.guess_type(filename)[0]
if filetype not in ALLOWED_MIMETYPES:
frappe.throw(frappe._("You can only upload JPG, PNG, PDF, or Microsoft documents."))
ret = frappe.get_doc({
"doctype": "File",
"attached_to_doctype": doctype,
"attached_to_name": docname,
"attached_to_field": fieldname,
"file_name": filename,
"is_private": cint(is_private),
"content": content
})
ret.save(ignore_permissions=ignore_permissions)
return ret
def add_code(self):
if self.custom:
return
path = os.path.join(get_module_path(self.module), "doctype",
scrub(self.name))
def _get_path(fname):
return os.path.join(path, scrub(fname))
system_country = frappe.get_system_settings("country")
self._add_code(_get_path(self.name + ".js"), "__js")
if system_country:
self._add_code(
_get_path(os.path.join("regional", system_country + ".js")),
"__js")
self._add_code(_get_path(self.name + ".css"), "__css")
self._add_code(_get_path(self.name + "_list.js"), "__list_js")
if system_country:
self._add_code(
_get_path(os.path.join("regional",
system_country + "_list.js")),
"__list_js")
self._add_code(_get_path(self.name + "_calendar.js"), "__calendar_js")
self._add_code(_get_path(self.name + "_tree.js"), "__tree_js")
listview_template = _get_path(self.name + "_list.html")
if os.path.exists(listview_template):
self.set("__listview_template", get_html_format(listview_template))
self.add_code_via_hook("doctype_js", "__js")
self.add_code_via_hook("doctype_list_js", "__list_js")
self.add_code_via_hook("doctype_tree_js", "__tree_js")
self.add_code_via_hook("doctype_calendar_js", "__calendar_js")
self.add_html_templates(path)
def get_onboarding_doc(self):
# Check if onboarding is enabled
if not frappe.get_system_settings("enable_onboarding"):
return None
if not self.doc.onboarding:
return None
if frappe.db.get_value("Module Onboarding", self.doc.onboarding, "is_complete"):
return None
doc = frappe.get_doc("Module Onboarding", self.doc.onboarding)
# Check if user is allowed
allowed_roles = set(doc.get_allowed_roles())
user_roles = set(frappe.get_roles())
if not allowed_roles & user_roles:
return None
# Check if already complete
if doc.check_completion():
return None
return doc
def has_user_permission(doc, user=None, verbose=False):
'''Returns True if User is allowed to view considering User Permissions'''
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
user_permissions = get_user_permissions(user)
if not user_permissions: return True
# user can create own role permissions, so nothing applies
if get_role_permissions('User Permission', user=user).get('write'):
return True
apply_strict_user_permissions = frappe.get_system_settings(
'apply_strict_user_permissions')
if doc.get('doctype') in user_permissions:
if (doc.get('name') not in user_permissions[doc.get('doctype')].get(
"docs", []) and not doc.get('doctype')
in user_permissions[doc.get('doctype')].get(
"skip_for_doctype", [])):
# don't have user permissions on the doc itself!
if verbose:
msgprint(
_('Not allowed for {0} = {1}').format(
_(doc.get('doctype')), doc.get('name')))
return False
def check_user_permission(d):
meta = frappe.get_meta(d.get("doctype"))
# check all link fields for user permissions
for field in meta.get_link_fields():
# if this type is restricted
if field.ignore_user_permissions: continue
if (field.options in user_permissions and not d.get("doctype")
in user_permissions[field.options].get(
"skip_for_doctype", [])):
if not apply_strict_user_permissions:
# ignore if link is not set
if not d.get(field.fieldname):
continue
if not d.get(field.fieldname) in user_permissions.get(
field.options, {}).get("docs", []):
if d.get('parentfield'):
# "Not allowed for Company = Restricted Company in Row 3"
msg = _('Not allowed for {0} = {1} in Row {2}').format(
_(field.options), d.get(field.fieldname), d.idx)
else:
# "Not allowed for Company = Restricted Company"
msg = _('Not allowed for {0} = {1}').format(
_(field.options), d.get(field.fieldname))
if verbose: msgprint(msg)
return False
return True
result = check_user_permission(doc)
if not result:
return False
for d in doc.get_all_children():
if not check_user_permission(d):
return False
return True
def add_user_permissions(self, user_permissions):
meta = frappe.get_meta(self.doctype)
doctype_link_fields = []
doctype_link_fields = meta.get_link_fields()
# append current doctype with fieldname as 'name' as first link field
doctype_link_fields.append(
dict(
options=self.doctype,
fieldname="name",
))
match_filters = {}
match_conditions = []
for df in doctype_link_fields:
if df.get("ignore_user_permissions"):
continue
user_permission_values = user_permissions.get(
df.get("options"), {})
if user_permission_values:
docs = []
if frappe.get_system_settings("apply_strict_user_permissions"):
condition = ""
else:
empty_value_condition = "ifnull(`tab{doctype}`.`{fieldname}`, '')=''".format(
doctype=self.doctype, fieldname=df.get("fieldname"))
condition = empty_value_condition + " or "
for permission in user_permission_values:
if not permission.get("applicable_for"):
docs.append(permission.get("doc"))
# append docs based on user permission applicable on reference doctype
# this is useful when getting list of docs from a link field
# in this case parent doctype of the link
# will be the reference doctype
elif df.get(
"fieldname") == "name" and self.reference_doctype:
if permission.get(
"applicable_for") == self.reference_doctype:
docs.append(permission.get("doc"))
elif permission.get("applicable_for") == self.doctype:
docs.append(permission.get("doc"))
if docs:
condition += "`tab{doctype}`.`{fieldname}` in ({values})".format(
doctype=self.doctype,
fieldname=df.get("fieldname"),
values=", ".join([(frappe.db.escape(doc,
percent=False))
for doc in docs]),
)
match_conditions.append(
"({condition})".format(condition=condition))
match_filters[df.get("options")] = docs
if match_conditions:
self.match_conditions.append(" and ".join(match_conditions))
if match_filters:
self.match_filters.append(match_filters)
def add_user_permissions(self, user_permissions):
meta = frappe.get_meta(self.doctype)
doctype_link_fields = []
doctype_link_fields = meta.get_link_fields()
doctype_link_fields.append(
dict(
options=self.doctype,
fieldname='name',
))
# appended current doctype with fieldname as 'name' to
# and condition on doc name if user permission is found for current doctype
match_filters = {}
match_conditions = []
for df in doctype_link_fields:
user_permission_values = user_permissions.get(
df.get('options'), {})
if df.get('ignore_user_permissions'): continue
empty_value_condition = 'ifnull(`tab{doctype}`.`{fieldname}`, "")=""'.format(
doctype=self.doctype, fieldname=df.get('fieldname'))
if user_permission_values:
docs = []
if frappe.get_system_settings("apply_strict_user_permissions"):
condition = ""
else:
condition = empty_value_condition + " or "
for permission in user_permission_values:
if not permission.get('applicable_for'):
docs.append(permission.get('doc'))
# append docs based on user permission applicable on reference doctype
# This is useful when getting list of doc from a link field
# in this case parent doctype of the link will be the
# will be the reference doctype
elif df.get(
'fieldname') == 'name' and self.reference_doctype:
if permission.get(
'applicable_for') == self.reference_doctype:
docs.append(permission.get('doc'))
elif permission.get('applicable_for') == self.doctype:
docs.append(permission.get('doc'))
if docs:
condition += "`tab{doctype}`.`{fieldname}` in ({values})".format(
doctype=self.doctype,
fieldname=df.get('fieldname'),
values=", ".join([
('"' + frappe.db.escape(doc, percent=False) + '"')
for doc in docs
]))
match_conditions.append(
"({condition})".format(condition=condition))
match_filters[df.get('options')] = docs
if match_conditions:
self.match_conditions.append(" and ".join(match_conditions))
if match_filters:
self.match_filters.append(match_filters)
def add_user_permissions(self, user_permissions):
meta = frappe.get_meta(self.doctype)
doctype_link_fields = []
doctype_link_fields = meta.get_link_fields()
doctype_link_fields.append(dict(
options=self.doctype,
fieldname='name',
))
# appended current doctype with fieldname as 'name' to
# and condition on doc name if user permission is found for current doctype
match_filters = {}
match_conditions = []
for df in doctype_link_fields:
user_permission_values = user_permissions.get(df.get('options'), {})
if df.get('ignore_user_permissions'): continue
empty_value_condition = 'ifnull(`tab{doctype}`.`{fieldname}`, "")=""'.format(
doctype=self.doctype, fieldname=df.get('fieldname')
)
if user_permission_values:
docs = []
if frappe.get_system_settings("apply_strict_user_permissions"):
condition = ""
else:
condition = empty_value_condition + " or "
for permission in user_permission_values:
if not permission.get('applicable_for'):
docs.append(permission.get('doc'))
# append docs based on user permission applicable on reference doctype
# This is useful when getting list of doc from a link field
# in this case parent doctype of the link will be the
# will be the reference doctype
elif df.get('fieldname') == 'name' and self.reference_doctype:
if permission.get('applicable_for') == self.reference_doctype:
docs.append(permission.get('doc'))
elif permission.get('applicable_for') == self.doctype:
docs.append(permission.get('doc'))
if docs:
condition += "`tab{doctype}`.`{fieldname}` in ({values})".format(
doctype=self.doctype,
fieldname=df.get('fieldname'),
values=", ".join(
[('"' + frappe.db.escape(doc, percent=False) + '"') for doc in docs])
)
match_conditions.append("({condition})".format(condition=condition))
match_filters[df.get('options')] = docs
if match_conditions:
self.match_conditions.append(" and ".join(match_conditions))
if match_filters:
self.match_filters.append(match_filters)
context["title"] = "Login"
context["disable_signup"] = frappe.utils.cint(frappe.db.get_value("Website Settings", "Website Settings", "disable_signup"))
for provider in ("google", "github", "facebook", "frappe"):
if get_oauth_keys(provider):
context["{provider}_login".format(provider=provider)] = get_oauth2_authorize_url(provider)
context["social_login"] = True
ldap_settings = get_ldap_settings()
context["ldap_settings"] = ldap_settings
<<<<<<< HEAD
=======
login_name_placeholder = [_("Email address")]
if frappe.utils.cint(frappe.get_system_settings("allow_login_using_mobile_number")):
login_name_placeholder.append(_("Mobile number"))
if frappe.utils.cint(frappe.get_system_settings("allow_login_using_user_name")):
login_name_placeholder.append(_("Username"))
context['login_name_placeholder'] = ' {0} '.format(_('or')).join(login_name_placeholder)
>>>>>>> 176d241496ede1357a309fa44a037b757a252581
return context
@frappe.whitelist(allow_guest=True)
def login_via_google(code, state):
login_via_oauth2("google", code, state, decoder=json.loads)
@frappe.whitelist(allow_guest=True)
def upload_file():
user = None
if frappe.session.user == 'Guest':
if frappe.get_system_settings('allow_guests_to_upload_files'):
ignore_permissions = True
else:
return
else:
user = frappe.get_doc("User", frappe.session.user)
ignore_permissions = False
files = frappe.request.files
is_private = frappe.form_dict.is_private
doctype = frappe.form_dict.doctype
docname = frappe.form_dict.docname
fieldname = frappe.form_dict.fieldname
file_url = frappe.form_dict.file_url
folder = frappe.form_dict.folder or 'Home'
method = frappe.form_dict.method
filename = frappe.form_dict.file_name
optimize = frappe.form_dict.optimize
content = None
if 'file' in files:
file = files['file']
content = file.stream.read()
filename = file.filename
content_type = guess_type(filename)[0]
if optimize and content_type.startswith("image/"):
args = {"content": content, "content_type": content_type}
if frappe.form_dict.max_width:
args["max_width"] = int(frappe.form_dict.max_width)
if frappe.form_dict.max_height:
args["max_height"] = int(frappe.form_dict.max_height)
content = optimize_image(**args)
frappe.local.uploaded_file = content
frappe.local.uploaded_filename = filename
if not file_url and (frappe.session.user == "Guest" or
(user and not user.has_desk_access())):
filetype = guess_type(filename)[0]
if filetype not in ALLOWED_MIMETYPES:
frappe.throw(
_("You can only upload JPG, PNG, PDF, or Microsoft documents.")
)
if method:
method = frappe.get_attr(method)
is_whitelisted(method)
return method()
else:
ret = frappe.get_doc({
"doctype": "File",
"attached_to_doctype": doctype,
"attached_to_name": docname,
"attached_to_field": fieldname,
"folder": folder,
"file_name": filename,
"file_url": file_url,
"is_private": cint(is_private),
"content": content
})
ret.save(ignore_permissions=ignore_permissions)
return ret
def get_context(context):
redirect_to = frappe.local.request.args.get("redirect-to")
if frappe.session.user != "Guest":
if not redirect_to:
if frappe.session.data.user_type == "Website User":
redirect_to = get_home_page()
else:
redirect_to = "/app"
if redirect_to != 'login':
frappe.local.flags.redirect_location = redirect_to
raise frappe.Redirect
# get settings from site config
context.no_header = True
context.for_test = 'login.html'
context["title"] = "Login"
context["provider_logins"] = []
context["disable_signup"] = frappe.utils.cint(
frappe.db.get_single_value("Website Settings", "disable_signup"))
context["logo"] = (frappe.db.get_single_value('Website Settings',
'app_logo')
or frappe.get_hooks("app_logo_url")[-1])
context["app_name"] = (frappe.db.get_single_value('Website Settings',
'app_name')
or frappe.get_system_settings("app_name")
or _("Frappe"))
providers = [
i.name for i in frappe.get_all("Social Login Key",
filters={"enable_social_login": 1},
order_by="name")
]
for provider in providers:
client_id, base_url = frappe.get_value("Social Login Key", provider,
["client_id", "base_url"])
client_secret = get_decrypted_password("Social Login Key", provider,
"client_secret")
provider_name = frappe.get_value("Social Login Key", provider,
"provider_name")
icon = None
icon_url = frappe.get_value("Social Login Key", provider, "icon")
if icon_url:
if provider_name != "Custom":
icon = "<img src='{0}' alt={1}>".format(
icon_url, provider_name)
else:
icon = get_icon_html(icon_url, small=True)
if (get_oauth_keys(provider) and client_secret and client_id
and base_url):
context.provider_logins.append({
"name":
provider,
"provider_name":
provider_name,
"auth_url":
get_oauth2_authorize_url(provider, redirect_to),
"icon":
icon
})
context["social_login"] = True
ldap_settings = LDAPSettings.get_ldap_client_settings()
context["ldap_settings"] = ldap_settings
login_label = [_("Email")]
if frappe.utils.cint(
frappe.get_system_settings("allow_login_using_mobile_number")):
login_label.append(_("Mobile"))
if frappe.utils.cint(
frappe.get_system_settings("allow_login_using_user_name")):
login_label.append(_("Username"))
context['login_label'] = ' {0} '.format(_('or')).join(login_label)
return context
def get_mapped_doc(from_doctype,
from_docname,
table_maps,
target_doc=None,
postprocess=None,
ignore_permissions=False,
ignore_child_tables=False):
apply_strict_user_permissions = frappe.get_system_settings(
"apply_strict_user_permissions")
# main
if not target_doc:
target_doc = frappe.new_doc(table_maps[from_doctype]["doctype"])
elif isinstance(target_doc, string_types):
target_doc = frappe.get_doc(json.loads(target_doc))
if (not apply_strict_user_permissions and not ignore_permissions
and not target_doc.has_permission("create")):
target_doc.raise_no_permission_to("create")
source_doc = frappe.get_doc(from_doctype, from_docname)
if not ignore_permissions:
if not source_doc.has_permission("read"):
source_doc.raise_no_permission_to("read")
map_doc(source_doc, target_doc, table_maps[source_doc.doctype])
row_exists_for_parentfield = {}
# children
if not ignore_child_tables:
for df in source_doc.meta.get_table_fields():
source_child_doctype = df.options
table_map = table_maps.get(source_child_doctype)
# if table_map isn't explicitly specified check if both source and target have the same fieldname and same table options and both of them don't have no_copy
if not table_map:
target_df = target_doc.meta.get_field(df.fieldname)
if target_df:
target_child_doctype = target_df.options
if target_df and target_child_doctype == source_child_doctype and not df.no_copy and not target_df.no_copy:
table_map = {"doctype": target_child_doctype}
if table_map:
for source_d in source_doc.get(df.fieldname):
if "condition" in table_map:
if not table_map["condition"](source_d):
continue
# if children are selected (checked from UI) for this table type,
# and this record is not in the selected children, then continue
if (frappe.flags.selected_children and
(df.fieldname in frappe.flags.selected_children)
and source_d.name not in
frappe.flags.selected_children[df.fieldname]):
continue
target_child_doctype = table_map["doctype"]
target_parentfield = target_doc.get_parentfield_of_doctype(
target_child_doctype)
# does row exist for a parentfield?
if target_parentfield not in row_exists_for_parentfield:
row_exists_for_parentfield[target_parentfield] = (
True
if target_doc.get(target_parentfield) else False)
if table_map.get("add_if_empty") and \
row_exists_for_parentfield.get(target_parentfield):
continue
if table_map.get("filter") and table_map.get("filter")(
source_d):
continue
map_child_doc(source_d, target_doc, table_map, source_doc)
if postprocess:
postprocess(source_doc, target_doc)
target_doc.set_onload("load_after_mapping", True)
if (apply_strict_user_permissions and not ignore_permissions
and not target_doc.has_permission("create")):
target_doc.raise_no_permission_to("create")
return target_doc
def has_user_permission(doc, user=None):
'''Returns True if User is allowed to view considering User Permissions'''
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
user_permissions = get_user_permissions(user)
if not user_permissions:
# no user permission rules specified for this doctype
return True
# user can create own role permissions, so nothing applies
if get_role_permissions('User Permission', user=user).get('write'):
return True
apply_strict_user_permissions = frappe.get_system_settings(
'apply_strict_user_permissions')
doctype = doc.get('doctype')
docname = doc.get('name')
# STEP 1: ---------------------
# check user permissions on self
if doctype in user_permissions:
allowed_docs = get_allowed_docs_for_doctype(
user_permissions.get(doctype, []), doctype)
# if allowed_docs is empty it states that there is no applicable permission under the current doctype
# only check if allowed_docs is not empty
if allowed_docs and docname not in allowed_docs:
# no user permissions for this doc specified
push_perm_check_log(
_('Not allowed for {0}: {1}').format(_(doctype), docname))
return False
# STEP 2: ---------------------------------
# check user permissions in all link fields
def check_user_permission_on_link_fields(d):
# check user permissions for all the link fields of the given
# document object d
#
# called for both parent and child records
meta = frappe.get_meta(d.get("doctype"))
# check all link fields for user permissions
for field in meta.get_link_fields():
if field.ignore_user_permissions: continue
# empty value, do you still want to apply user permissions?
if not d.get(
field.fieldname) and not apply_strict_user_permissions:
# nah, not strict
continue
if field.options not in user_permissions:
continue
# get the list of all allowed values for this link
allowed_docs = get_allowed_docs_for_doctype(
user_permissions.get(field.options, []), doctype)
if allowed_docs and d.get(field.fieldname) not in allowed_docs:
# restricted for this link field, and no matching values found
# make the right message and exit
if d.get('parentfield'):
# "Not allowed for Company = Restricted Company in Row 3. Restricted field: reference_type"
msg = _(
'Not allowed for {0}: {1} in Row {2}. Restricted field: {3}'
).format(_(field.options), d.get(field.fieldname), d.idx,
field.fieldname)
else:
# "Not allowed for Company = Restricted Company. Restricted field: reference_type"
msg = _('Not allowed for {0}: {1}. Restricted field: {2}'
).format(_(field.options), d.get(field.fieldname),
field.fieldname)
push_perm_check_log(msg)
return False
return True
if not check_user_permission_on_link_fields(doc):
return False
for d in doc.get_all_children():
if not check_user_permission_on_link_fields(d):
return False
return True
def has_user_permission(doc, user=None):
'''Returns True if User is allowed to view considering User Permissions'''
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
user_permissions = get_user_permissions(user)
if not user_permissions:
# no user permission rules specified for this doctype
return True
# user can create own role permissions, so nothing applies
if get_role_permissions('User Permission', user=user).get('write'):
return True
apply_strict_user_permissions = frappe.get_system_settings('apply_strict_user_permissions')
doctype = doc.get('doctype')
docname = doc.get('name')
# STEP 1: ---------------------
# check user permissions on self
if doctype in user_permissions:
allowed_docs = get_allowed_docs_for_doctype(user_permissions.get(doctype, []), doctype)
# if allowed_docs is empty it states that there is no applicable permission under the current doctype
# only check if allowed_docs is not empty
if allowed_docs and docname not in allowed_docs:
# no user permissions for this doc specified
push_perm_check_log(_('Not allowed for {0}: {1}').format(_(doctype), docname))
return False
# STEP 2: ---------------------------------
# check user permissions in all link fields
def check_user_permission_on_link_fields(d):
# check user permissions for all the link fields of the given
# document object d
#
# called for both parent and child records
meta = frappe.get_meta(d.get("doctype"))
# check all link fields for user permissions
for field in meta.get_link_fields():
if field.ignore_user_permissions: continue
# empty value, do you still want to apply user permissions?
if not d.get(field.fieldname) and not apply_strict_user_permissions:
# nah, not strict
continue
if field.options not in user_permissions:
continue
# get the list of all allowed values for this link
allowed_docs = get_allowed_docs_for_doctype(user_permissions.get(field.options, []), doctype)
if allowed_docs and d.get(field.fieldname) not in allowed_docs:
# restricted for this link field, and no matching values found
# make the right message and exit
if d.get('parentfield'):
# "Not allowed for Company = Restricted Company in Row 3. Restricted field: reference_type"
msg = _('Not allowed for {0}: {1} in Row {2}. Restricted field: {3}').format(
_(field.options), d.get(field.fieldname), d.idx, field.fieldname)
else:
# "Not allowed for Company = Restricted Company. Restricted field: reference_type"
msg = _('Not allowed for {0}: {1}. Restricted field: {2}').format(
_(field.options), d.get(field.fieldname), field.fieldname)
push_perm_check_log(msg)
return False
return True
if not check_user_permission_on_link_fields(doc):
return False
for d in doc.get_all_children():
if not check_user_permission_on_link_fields(d):
return False
return True
