def get_list(doctype, fields=None, filters=None, order_by=None, limit_start=None, limit_page_length=20, parent=None): '''Returns a list of records by filters, fields, ordering and limit :param doctype: DocType of the data to be queried :param fields: fields to be returned. Default is `name` :param filters: filter list by this dict :param order_by: Order by this fieldname :param limit_start: Start at this index :param limit_page_length: Number of records to be returned (default 20)''' if dataent.is_table(doctype): check_parent_permission(parent, doctype) return dataent.get_list(doctype, fields=fields, filters=filters, order_by=order_by, limit_start=limit_start, limit_page_length=limit_page_length, ignore_permissions=False)
def get_value(doctype, fieldname, filters=None, as_dict=True, debug=False, parent=None): '''Returns a value form a document :param doctype: DocType to be queried :param fieldname: Field to be returned (default `name`) :param filters: dict or string for identifying the record''' if dataent.is_table(doctype): check_parent_permission(parent, doctype) if not dataent.has_permission(doctype): dataent.throw(_("No permission for {0}".format(doctype)), dataent.PermissionError) try: filters = json.loads(filters) if isinstance(filters, (integer_types, float)): filters = dataent.as_unicode(filters) except (TypeError, ValueError): # filters are not passesd, not json pass try: fieldname = json.loads(fieldname) except (TypeError, ValueError): # name passed, not json pass # check whether the used filters were really parseable and usable # and did not just result in an empty string or dict if not filters: filters = None return dataent.db.get_value(doctype, filters, fieldname, as_dict=as_dict, debug=debug)
def get_list(doctype, *args, **kwargs): '''wrapper for DatabaseQuery''' kwargs.pop('cmd', None) kwargs.pop('ignore_permissions', None) # If doctype is child table if dataent.is_table(doctype): # Example dataent.db.get_list('Purchase Receipt Item', {'parent': 'Purchase Receipt'}) # Here purchase receipt is the parent doctype of the child doctype Purchase Receipt Item if not kwargs.get('parent'): dataent.flags.error_message = _( 'Parent is required to get child table data') raise dataent.PermissionError(doctype) check_parent_permission(kwargs.get('parent'), doctype) del kwargs['parent'] return DatabaseQuery(doctype).execute(None, *args, **kwargs)
def get(doctype, name=None, filters=None, parent=None): '''Returns a document by name or filters :param doctype: DocType of the document to be returned :param name: return document of this `name` :param filters: If name is not set, filter by these values and return the first match''' if dataent.is_table(doctype): check_parent_permission(parent, doctype) if filters and not name: name = dataent.db.get_value(doctype, json.loads(filters)) if not name: dataent.throw(_("No document found for given filters")) doc = dataent.get_doc(doctype, name) if not doc.has_permission("read"): raise dataent.PermissionError return dataent.get_doc(doctype, name).as_dict()
def get_doc_permissions(doc, user=None, ptype=None): """Returns a dict of evaluated permissions for given `doc` like `{"read":1, "write":1}`""" if not user: user = dataent.session.user if dataent.is_table(doc.doctype): return {"read": 1, "write": 1} meta = dataent.get_meta(doc.doctype) if has_controller_permissions(doc, ptype, user=user) == False: push_perm_check_log('Not allowed via controller permission check') return {ptype: 0} permissions = copy.deepcopy(get_role_permissions(meta, user=user)) if not cint(meta.is_submittable): permissions["submit"] = 0 if not cint(meta.allow_import): permissions["import"] = 0 def is_user_owner(): doc_owner = doc.get('owner') or '' doc_owner = doc_owner.lower() session_user = dataent.session.user.lower() return doc_owner == session_user if is_user_owner(): # apply owner permissions on top of existing permissions # some access might be only for the owner # eg. everyone might have read access but only owner can delete permissions.update(permissions.get("if_owner", {})) if not has_user_permission(doc, user): if is_user_owner(): # replace with owner permissions permissions = permissions.get("if_owner", {}) # if_owner does not come with create rights... permissions['create'] = 0 else: permissions = {} return permissions
def has_permission(doctype, ptype="read", doc=None, verbose=False, user=None, raise_exception=True): """Returns True if user has permission `ptype` for given `doctype`. If `doc` is passed, it also checks user, share and owner permissions. Note: if Table DocType is passed, it always returns True. """ if not user: user = dataent.session.user if not doc and hasattr(doctype, 'doctype'): # first argument can be doc or doctype doc = doctype doctype = doc.doctype if dataent.is_table(doctype): return True if user == "Administrator": return True meta = dataent.get_meta(doctype) if doc: if isinstance(doc, string_types): doc = dataent.get_doc(meta.name, doc) perm = get_doc_permissions(doc, user=user, ptype=ptype).get(ptype) if not perm: push_perm_check_log('User do not have document access') else: if ptype == "submit" and not cint(meta.is_submittable): push_perm_check_log("Doctype is not submittable") return False if ptype == "import" and not cint(meta.allow_import): push_perm_check_log("Doctype is not importable") return False role_permissions = get_role_permissions(meta, user=user) perm = role_permissions.get(ptype) if not perm: push_perm_check_log( 'User do not have doctype access via role permission') def false_if_not_shared(): if ptype in ("read", "write", "share", "email", "print"): shared = dataent.share.get_shared( doctype, user, ["read" if ptype in ("email", "print") else ptype]) if doc: doc_name = get_doc_name(doc) if doc_name in shared: if ptype in ("read", "write", "share") or meta.permissions[0].get(ptype): return True elif shared: # if atleast one shared doc of that type, then return True # this is used in db_query to check if permission on DocType return True return False if not perm: perm = false_if_not_shared() return perm