def get_list(doctype,
fields=None,
filters=None,
order_by=None,
limit_start=None,
limit_page_length=20,
parent=None):
'''Returns a list of records by filters, fields, ordering and limit
:param doctype: DocType of the data to be queried
:param fields: fields to be returned. Default is `name`
:param filters: filter list by this dict
:param order_by: Order by this fieldname
:param limit_start: Start at this index
:param limit_page_length: Number of records to be returned (default 20)'''
if dataent.is_table(doctype):
check_parent_permission(parent, doctype)
return dataent.get_list(doctype,
fields=fields,
filters=filters,
order_by=order_by,
limit_start=limit_start,
limit_page_length=limit_page_length,
ignore_permissions=False)
def get_value(doctype,
fieldname,
filters=None,
as_dict=True,
debug=False,
parent=None):
'''Returns a value form a document
:param doctype: DocType to be queried
:param fieldname: Field to be returned (default `name`)
:param filters: dict or string for identifying the record'''
if dataent.is_table(doctype):
check_parent_permission(parent, doctype)
if not dataent.has_permission(doctype):
dataent.throw(_("No permission for {0}".format(doctype)),
dataent.PermissionError)
try:
filters = json.loads(filters)
if isinstance(filters, (integer_types, float)):
filters = dataent.as_unicode(filters)
except (TypeError, ValueError):
# filters are not passesd, not json
pass
try:
fieldname = json.loads(fieldname)
except (TypeError, ValueError):
# name passed, not json
pass
# check whether the used filters were really parseable and usable
# and did not just result in an empty string or dict
if not filters:
filters = None
return dataent.db.get_value(doctype,
filters,
fieldname,
as_dict=as_dict,
debug=debug)
def get_list(doctype, *args, **kwargs):
'''wrapper for DatabaseQuery'''
kwargs.pop('cmd', None)
kwargs.pop('ignore_permissions', None)
# If doctype is child table
if dataent.is_table(doctype):
# Example dataent.db.get_list('Purchase Receipt Item', {'parent': 'Purchase Receipt'})
# Here purchase receipt is the parent doctype of the child doctype Purchase Receipt Item
if not kwargs.get('parent'):
dataent.flags.error_message = _(
'Parent is required to get child table data')
raise dataent.PermissionError(doctype)
check_parent_permission(kwargs.get('parent'), doctype)
del kwargs['parent']
return DatabaseQuery(doctype).execute(None, *args, **kwargs)
def get(doctype, name=None, filters=None, parent=None):
'''Returns a document by name or filters
:param doctype: DocType of the document to be returned
:param name: return document of this `name`
:param filters: If name is not set, filter by these values and return the first match'''
if dataent.is_table(doctype):
check_parent_permission(parent, doctype)
if filters and not name:
name = dataent.db.get_value(doctype, json.loads(filters))
if not name:
dataent.throw(_("No document found for given filters"))
doc = dataent.get_doc(doctype, name)
if not doc.has_permission("read"):
raise dataent.PermissionError
return dataent.get_doc(doctype, name).as_dict()
def get_doc_permissions(doc, user=None, ptype=None):
"""Returns a dict of evaluated permissions for given `doc` like `{"read":1, "write":1}`"""
if not user: user = dataent.session.user
if dataent.is_table(doc.doctype): return {"read": 1, "write": 1}
meta = dataent.get_meta(doc.doctype)
if has_controller_permissions(doc, ptype, user=user) == False:
push_perm_check_log('Not allowed via controller permission check')
return {ptype: 0}
permissions = copy.deepcopy(get_role_permissions(meta, user=user))
if not cint(meta.is_submittable):
permissions["submit"] = 0
if not cint(meta.allow_import):
permissions["import"] = 0
def is_user_owner():
doc_owner = doc.get('owner') or ''
doc_owner = doc_owner.lower()
session_user = dataent.session.user.lower()
return doc_owner == session_user
if is_user_owner():
# apply owner permissions on top of existing permissions
# some access might be only for the owner
# eg. everyone might have read access but only owner can delete
permissions.update(permissions.get("if_owner", {}))
if not has_user_permission(doc, user):
if is_user_owner():
# replace with owner permissions
permissions = permissions.get("if_owner", {})
# if_owner does not come with create rights...
permissions['create'] = 0
else:
permissions = {}
return permissions
def has_permission(doctype,
ptype="read",
doc=None,
verbose=False,
user=None,
raise_exception=True):
"""Returns True if user has permission `ptype` for given `doctype`.
If `doc` is passed, it also checks user, share and owner permissions.
Note: if Table DocType is passed, it always returns True.
"""
if not user: user = dataent.session.user
if not doc and hasattr(doctype, 'doctype'):
# first argument can be doc or doctype
doc = doctype
doctype = doc.doctype
if dataent.is_table(doctype):
return True
if user == "Administrator":
return True
meta = dataent.get_meta(doctype)
if doc:
if isinstance(doc, string_types):
doc = dataent.get_doc(meta.name, doc)
perm = get_doc_permissions(doc, user=user, ptype=ptype).get(ptype)
if not perm: push_perm_check_log('User do not have document access')
else:
if ptype == "submit" and not cint(meta.is_submittable):
push_perm_check_log("Doctype is not submittable")
return False
if ptype == "import" and not cint(meta.allow_import):
push_perm_check_log("Doctype is not importable")
return False
role_permissions = get_role_permissions(meta, user=user)
perm = role_permissions.get(ptype)
if not perm:
push_perm_check_log(
'User do not have doctype access via role permission')
def false_if_not_shared():
if ptype in ("read", "write", "share", "email", "print"):
shared = dataent.share.get_shared(
doctype, user,
["read" if ptype in ("email", "print") else ptype])
if doc:
doc_name = get_doc_name(doc)
if doc_name in shared:
if ptype in ("read", "write",
"share") or meta.permissions[0].get(ptype):
return True
elif shared:
# if atleast one shared doc of that type, then return True
# this is used in db_query to check if permission on DocType
return True
return False
if not perm:
perm = false_if_not_shared()
return perm