def test_contextual_user_permission(self): # should be applicable for across all doctypes add_user_permission('Blogger', '_Test Blogger', '*****@*****.**') # should be applicable only while accessing Blog Post add_user_permission('Blogger', '_Test Blogger 1', '*****@*****.**', applicable_for='Blog Post') # should be applicable only while accessing User add_user_permission('Blogger', '_Test Blogger 2', '*****@*****.**', applicable_for='User') posts = dataent.get_all('Blog Post', fields=['name', 'blogger']) # Get all posts for admin self.assertEqual(len(posts), 4) dataent.set_user('*****@*****.**') posts = dataent.get_list('Blog Post', fields=['name', 'blogger']) # Should get only posts with allowed blogger via user permission # only '_Test Blogger', '_Test Blogger 1' are allowed in Blog Post self.assertEqual(len(posts), 3) for post in posts: self.assertIn( post.blogger, ['_Test Blogger', '_Test Blogger 1'], 'A post from {} is not expected.'.format(post.blogger))
def test_employee_salary_slip_read_permission(self): make_employee("*****@*****.**") salary_slip_test_employee = make_employee_salary_slip( "*****@*****.**", "Monthly") dataent.set_user("*****@*****.**") self.assertTrue(salary_slip_test_employee.has_permission("read"))
def send(self): # send email only to enabled users valid_users = [ p[0] for p in dataent.db.sql("""select name from `tabUser` where enabled=1""") ] recipients = list( filter(lambda r: r in valid_users, self.recipient_list.split("\n"))) original_user = dataent.session.user if recipients: for user_id in recipients: dataent.set_user(user_id) dataent.set_user_lang(user_id) msg_for_this_recipient = self.get_msg_html() if msg_for_this_recipient: dataent.sendmail(recipients=user_id, subject=_("{0} Digest").format( self.frequency), message=msg_for_this_recipient, reference_doctype=self.doctype, reference_name=self.name, unsubscribe_message=_( "Unsubscribe from this Email Digest")) dataent.set_user(original_user) dataent.set_user_lang(original_user)
def validate_oauth(): from dataent.oauth import get_url_delimiter form_dict = dataent.local.form_dict authorization_header = dataent.get_request_header("Authorization").split( " ") if dataent.get_request_header("Authorization") else None if authorization_header and authorization_header[0].lower() == "bearer": from dataent.integrations.oauth2 import get_oauth_server token = authorization_header[1] r = dataent.request parsed_url = urlparse(r.url) access_token = {"access_token": token} uri = parsed_url.scheme + "://" + parsed_url.netloc + parsed_url.path + "?" + urlencode( access_token) http_method = r.method body = r.get_data() headers = r.headers required_scopes = dataent.db.get_value( "OAuth Bearer Token", token, "scopes").split(get_url_delimiter()) valid, oauthlib_request = get_oauth_server().verify_request( uri, http_method, body, headers, required_scopes) if valid: dataent.set_user( dataent.db.get_value("OAuth Bearer Token", token, "user")) dataent.local.form_dict = form_dict
def test_alert_disabled_on_wrong_field(self): dataent.set_user('Administrator') notification = dataent.get_doc({ "doctype": "Notification", "subject": "_Test Notification for wrong field", "document_type": "Event", "event": "Value Change", "attach_print": 0, "value_changed": "description1", "message": "Description changed", "recipients": [{ "email_by_document_field": "owner" }] }).insert() event = dataent.new_doc("Event") event.subject = "test-2", event.event_type = "Private" event.starts_on = "2014-06-06 12:00:00" event.insert() event.subject = "test 1" event.save() # verify that notification is disabled notification.reload() self.assertEqual(notification.enabled, 0) notification.delete() event.delete()
def test_overlap_with_half_day_3(self): self._clear_roles() self._clear_applications() from dataent.utils.user import add_role add_role("*****@*****.**", "Employee") dataent.set_user("*****@*****.**") make_allocation_record() # leave from 1-5, half day on 5th application = self.get_application(_test_records[0]) application.half_day = 1 application.half_day_date = "2013-01-05" application.insert() # Apply leave from 4-7, half day on 5th application = self.get_application(_test_records[0]) application.from_date = "2013-01-04" application.to_date = "2013-01-07" application.half_day = 1 application.half_day_date = "2013-01-05" self.assertRaises(OverlapError, application.insert) # Apply leave from 5-7, half day on 5th application = self.get_application(_test_records[0]) application.from_date = "2013-01-05" application.to_date = "2013-01-07" application.half_day = 1 application.half_day_date = "2013-01-05" application.insert()
def test_build_match_conditions(self): clear_user_permissions_for_doctype('Blog Post', '*****@*****.**') test2user = dataent.get_doc('User', '*****@*****.**') test2user.add_roles('Blogger') dataent.set_user('*****@*****.**') # this will get match conditions for Blog Post build_match_conditions = DatabaseQuery( 'Blog Post').build_match_conditions # Before any user permission is applied # get as filters self.assertEqual(build_match_conditions(as_condition=False), []) # get as conditions self.assertEqual(build_match_conditions(as_condition=True), "") add_user_permission('Blog Post', '-test-blog-post', '*****@*****.**', True) add_user_permission('Blog Post', '-test-blog-post-1', '*****@*****.**', True) # After applying user permission # get as filters self.assertTrue( {'Blog Post': ['-test-blog-post-1', '-test-blog-post'] } in build_match_conditions(as_condition=False)) # get as conditions self.assertEqual( build_match_conditions(as_condition=True), """(((ifnull(`tabBlog Post`.`name`, "")="" or `tabBlog Post`.`name` in ("-test-blog-post-1", "-test-blog-post"))))""" ) dataent.set_user('Administrator')
def tearDown(self): dataent.set_user("Administrator") dataent.db.set_value("Blogger", "_Test Blogger 1", "user", None) clear_user_permissions_for_doctype("Blog Category") clear_user_permissions_for_doctype("Blog Post") clear_user_permissions_for_doctype("Blogger")
def test_not_allowed_to_remove_user_permissions(self): self.test_set_user_permissions() dataent.set_user("*****@*****.**") # user cannot remove their own user permissions self.assertRaises(dataent.PermissionError, remove_user_permission, "Blog Post", "-test-blog-post", "*****@*****.**")
def test_newsletter_context(self): context = dataent._dict() newsletter_name = self.send_newsletter(1) dataent.set_user("*****@*****.**") doc = dataent.get_doc("Newsletter", newsletter_name) doc.get_context(context) self.assertEqual(context.no_cache, 1) self.assertTrue("attachments" not in list(context))
def test_get_applicable_block_dates_for_allowed_user(self): dataent.set_user("*****@*****.**") dataent.db.set_value("Department", "_Test Department 1 - _TC", "leave_block_list", "_Test Leave Block List") self.assertEqual([], [ d.block_date for d in get_applicable_block_dates("2013-01-01", "2013-01-03") ])
def set_as_paid(self): if dataent.session.user == "Guest": dataent.set_user("Administrator") payment_entry = self.create_payment_entry() self.make_invoice() return payment_entry
def test_allowed_private_if_in_event_user(self): name = dataent.db.get_value("Event", {"subject": "_Test Event 3"}) dataent.share.add("Event", name, self.test_user, "read") dataent.set_user(self.test_user) doc = dataent.get_doc("Event", name) self.assertTrue(dataent.has_permission("Event", doc=doc)) dataent.set_user("Administrator") dataent.share.remove("Event", name, self.test_user)
def work(): dataent.set_user(dataent.db.get_global('demo_manufacturing_user')) make_purchase_receipt() make_delivery_note() make_stock_reconciliation() submit_draft_stock_entries() make_sales_return_records() make_purchase_return_records()
def test_get_applicable_block_dates_all_lists(self): dataent.set_user("*****@*****.**") dataent.db.set_value("Department", "_Test Department 1 - _TC", "leave_block_list", "_Test Leave Block List") self.assertTrue( getdate("2013-01-02") in [ d.block_date for d in get_applicable_block_dates( "2013-01-01", "2013-01-03", all_lists=True) ])
def test_ignore_permissions_for_get_filters_cond(self): dataent.set_user('*****@*****.**') self.assertRaises(dataent.PermissionError, get_filters_cond, 'DocType', dict(istable=1), []) self.assertTrue( get_filters_cond('DocType', dict(istable=1), [], ignore_permissions=True)) dataent.set_user('Administrator')
def setUp(self): dataent.set_user("Administrator") dataent.db.sql('delete from `tabEmail Group Member`') for email in emails: dataent.get_doc({ "doctype": "Email Group Member", "email": email, "email_group": "_Test Email Group" }).insert()
def test_globally_hidden_desktop_icon(self): set_hidden_list(["Desk"]) icon = self.get_icon('Desk') self.assertEqual(icon.hidden, 1) dataent.set_user('*****@*****.**') icon = self.get_icon('Desk') self.assertEqual(icon.hidden, 1)
def test_pos_closing_voucher(self): old_user = dataent.session.user user = '******' test_user = dataent.get_doc('User', user) roles = ("Accounts Manager", "Accounts User", "Sales Manager") test_user.add_roles(*roles) dataent.set_user(user) pos_profile = make_pos_profile() pos_profile.append('applicable_for_users', { 'default': 1, 'user': user }) pos_profile.save() si1 = create_sales_invoice(is_pos=1, rate=3500, do_not_submit=1) si1.append('payments', { 'mode_of_payment': 'Cash', 'account': 'Cash - _TC', 'amount': 3500 }) si1.submit() si2 = create_sales_invoice(is_pos=1, rate=3200, do_not_submit=1) si2.append('payments', { 'mode_of_payment': 'Cash', 'account': 'Cash - _TC', 'amount': 3200 }) si2.submit() pcv_doc = create_pos_closing_voucher(user=user, pos_profile=pos_profile.name, collected_amount=6700) pcv_doc.get_closing_voucher_details() self.assertEqual(pcv_doc.total_quantity, 2) self.assertEqual(pcv_doc.net_total, 6700) payment = pcv_doc.payment_reconciliation[0] self.assertEqual(payment.mode_of_payment, 'Cash') si1.load_from_db() si1.cancel() si2.load_from_db() si2.cancel() test_user.load_from_db() test_user.remove_roles(*roles) dataent.set_user(old_user) dataent.db.sql("delete from `tabPOS Profile`")
def work(): dataent.set_user(dataent.db.get_global('demo_education_user')) for d in range(20): approve_random_student_applicant() enroll_random_student(dataent.flags.current_date) # if dataent.flags.current_date.weekday()== 0: # make_course_schedule(dataent.flags.current_date, dataent.utils.add_days(dataent.flags.current_date, 5)) mark_student_attendance(dataent.flags.current_date) # make_assessment_plan() make_fees()
def validate_api_key_secret(api_key, api_secret): user = dataent.db.get_value(doctype="User", filters={"api_key": api_key}, fieldname=['name']) form_dict = dataent.local.form_dict user_secret = dataent.utils.password.get_decrypted_password( "User", user, fieldname='api_secret') if api_secret == user_secret: dataent.set_user(user) dataent.local.form_dict = form_dict
def test_event_list(self): dataent.set_user(self.test_user) res = dataent.get_list( "Event", filters=[["Event", "subject", "like", "_Test Event%"]], fields=["name", "subject"]) self.assertEqual(len(res), 1) subjects = [r.subject for r in res] self.assertTrue("_Test Event 1" in subjects) self.assertFalse("_Test Event 3" in subjects) self.assertFalse("_Test Event 2" in subjects)
def work(): dataent.set_user(dataent.db.get_global('demo_accounts_user')) if random.random() <= 0.6: report = "Ordered Items to be Billed" for so in list(set([r[0] for r in query_report.run(report)["result"] if r[0]!="Total"]))[:random.randint(1, 5)]: try: si = dataent.get_doc(make_sales_invoice(so)) si.posting_date = dataent.flags.current_date for d in si.get("items"): if not d.income_account: d.income_account = "Sales - {}".format(dataent.get_cached_value('Company', si.company, 'abbr')) si.insert() si.submit() dataent.db.commit() except dataent.ValidationError: pass if random.random() <= 0.6: report = "Received Items to be Billed" for pr in list(set([r[0] for r in query_report.run(report)["result"] if r[0]!="Total"]))[:random.randint(1, 5)]: try: pi = dataent.get_doc(make_purchase_invoice(pr)) pi.posting_date = dataent.flags.current_date pi.bill_no = random_string(6) pi.insert() pi.submit() dataent.db.commit() except dataent.ValidationError: pass if random.random() < 0.5: make_payment_entries("Sales Invoice", "Accounts Receivable") if random.random() < 0.5: make_payment_entries("Purchase Invoice", "Accounts Payable") if random.random() < 0.4: #make payment request against sales invoice sales_invoice_name = get_random("Sales Invoice", filters={"docstatus": 1}) if sales_invoice_name: si = dataent.get_doc("Sales Invoice", sales_invoice_name) if si.outstanding_amount > 0: payment_request = make_payment_request(dt="Sales Invoice", dn=si.name, recipient_id=si.contact_email, submit_doc=True, mute_email=True, use_dummy_message=True) payment_entry = dataent.get_doc(make_payment_entry(payment_request.name)) payment_entry.posting_date = dataent.flags.current_date payment_entry.submit() make_pos_invoice()
def test_accept(self): dataent.set_user("Administrator") accept(web_form='manage-events', data=json.dumps({ 'doctype': 'Event', 'subject': '_Test Event Web Form', 'description': '_Test Event Description', 'starts_on': '2014-09-09' })) self.event_name = dataent.db.get_value("Event", {"subject": "_Test Event Web Form"}) self.assertTrue(self.event_name)
def test_user_link_match_doc(self): blogger = dataent.get_doc("Blogger", "_Test Blogger 1") blogger.user = "******" blogger.save() dataent.set_user("*****@*****.**") post = dataent.get_doc("Blog Post", "-test-blog-post-2") self.assertTrue(post.has_permission("read")) post1 = dataent.get_doc("Blog Post", "-test-blog-post-1") self.assertFalse(post1.has_permission("read"))
def test_read_if_explicit_user_permissions_are_set(self): self.test_set_user_permissions() dataent.set_user("*****@*****.**") # user can only access permitted blog post doc = dataent.get_doc("Blog Post", "-test-blog-post") self.assertTrue(doc.has_permission("read")) # and not this one doc = dataent.get_doc("Blog Post", "-test-blog-post-1") self.assertFalse(doc.has_permission("read"))
def test_user_permissions_in_report(self): add_user_permission("Blog Category", "_Test Blog Category 1", "*****@*****.**") dataent.set_user("*****@*****.**") names = [ d.name for d in dataent.get_list("Blog Post", fields=["name", "blog_category"]) ] self.assertTrue("-test-blog-post-1" in names) self.assertFalse("-test-blog-post" in names)
def test_date_changed(self): event = dataent.new_doc("Event") event.subject = "test", event.event_type = "Private" event.starts_on = "2014-01-01 12:00:00" event.insert() self.assertFalse( dataent.db.get_value( "Email Queue", { "reference_doctype": "Event", "reference_name": event.name, "status": "Not Sent" })) dataent.set_user('Administrator') dataent.utils.scheduler.trigger(dataent.local.site, "daily", now=True) # not today, so no alert self.assertFalse( dataent.db.get_value( "Email Queue", { "reference_doctype": "Event", "reference_name": event.name, "status": "Not Sent" })) event.starts_on = dataent.utils.add_days(dataent.utils.nowdate(), 2) + " 12:00:00" event.save() # Value Change notification alert will be trigger as description is not changed # mail will not be sent self.assertFalse( dataent.db.get_value( "Email Queue", { "reference_doctype": "Event", "reference_name": event.name, "status": "Not Sent" })) dataent.utils.scheduler.trigger(dataent.local.site, "daily", now=True) # today so show alert self.assertTrue( dataent.db.get_value( "Email Queue", { "reference_doctype": "Event", "reference_name": event.name, "status": "Not Sent" }))
def test_if_owner_permission_overrides_properly(self): # check if user is not granted access if the user is not the owner of the doc # Blogger has only read access on the blog post unless he is the owner of the blog update('Blog Post', 'Blogger', 0, 'if_owner', 1) update('Blog Post', 'Blogger', 0, 'read', 1) update('Blog Post', 'Blogger', 0, 'write', 1) update('Blog Post', 'Blogger', 0, 'delete', 1) # currently test2 user has not created any document # still he should be able to do get_list query which should # not raise permission error but simply return empty list dataent.set_user("*****@*****.**") self.assertEqual(dataent.get_list('Blog Post'), []) dataent.set_user("Administrator") # creates a custom docperm with just read access # now any user can read any blog post (but other rights are limited to the blog post owner) add_permission('Blog Post', 'Blogger') dataent.clear_cache(doctype="Blog Post") dataent.delete_doc('Blog Post', '-test-blog-post-title') dataent.set_user("*****@*****.**") doc = dataent.get_doc({ "doctype": "Blog Post", "blog_category": "_Test Blog Category", "blogger": "_Test Blogger 1", "title": "_Test Blog Post Title", "content": "_Test Blog Post Content" }) doc.insert() dataent.set_user("*****@*****.**") doc = dataent.get_doc(doc.doctype, doc.name) self.assertTrue(doc.has_permission("read")) self.assertFalse(doc.has_permission("write")) self.assertFalse(doc.has_permission("delete")) # check if owner of the doc has the access that is available only for the owner of the doc dataent.set_user("*****@*****.**") doc = dataent.get_doc(doc.doctype, doc.name) self.assertTrue(doc.has_permission("read")) self.assertTrue(doc.has_permission("write")) self.assertTrue(doc.has_permission("delete")) # delete the created doc dataent.delete_doc('Blog Post', '-test-blog-post-title')
def test_page_load(self): dataent.set_user('Guest') set_request(method='POST', path='login') response = render.render() self.assertEquals(response.status_code, 200) html = dataent.safe_decode(response.get_data()) self.assertTrue('/* login-css */' in html) self.assertTrue('// login.js' in html) self.assertTrue('<!-- login.html -->' in html) dataent.set_user('Administrator')