def set_user_and_static_default_values(doc):
user_permissions = get_user_permissions()
defaults = frappe.defaults.get_defaults()
for df in doc.meta.get("fields"):
if df.fieldtype in type_map:
# user permissions for link options
doctype_user_permissions = user_permissions.get(df.options, [])
# Allowed records for the reference doctype (link field)
allowed_records = get_allowed_docs_for_doctype(
doctype_user_permissions, df.parent)
user_default_value = get_user_default_value(
df, defaults, doctype_user_permissions, allowed_records)
if user_default_value != None:
# do not set default if the field on which current field is dependent is not set
if is_dependent_field_set(df.depends_on, doc):
doc.set(df.fieldname, user_default_value)
else:
if df.fieldname != doc.meta.title_field:
static_default_value = get_static_default_value(
df, doctype_user_permissions, allowed_records)
if static_default_value != None and is_dependent_field_set(
df.depends_on, doc):
doc.set(df.fieldname, static_default_value)
def set_user_and_static_default_values(doc):
user_permissions = get_user_permissions()
defaults = frappe.defaults.get_defaults()
for df in doc.meta.get("fields"):
if df.fieldtype in data_fieldtypes:
# user permissions for link options
doctype_user_permissions = user_permissions.get(df.options, [])
# Allowed records for the reference doctype (link field) along with default doc
allowed_records, default_doc = filter_allowed_docs_for_doctype(
doctype_user_permissions, df.parent, with_default_doc=True)
user_default_value = get_user_default_value(
df, defaults, doctype_user_permissions, allowed_records,
default_doc)
if user_default_value is not None:
# if fieldtype is link check if doc exists
if not df.fieldtype == "Link" or frappe.db.exists(
df.options, user_default_value):
doc.set(df.fieldname, user_default_value)
else:
if df.fieldname != doc.meta.title_field:
static_default_value = get_static_default_value(
df, doctype_user_permissions, allowed_records)
if static_default_value is not None:
doc.set(df.fieldname, static_default_value)
def user_has_permission(doc,
verbose=True,
user=None,
user_permission_doctypes=None):
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
user_permissions = get_user_permissions(user)
user_permission_doctypes = get_user_permission_doctypes(
user_permission_doctypes, user_permissions)
def check_user_permission(d):
meta = frappe.get_meta(d.get("doctype"))
end_result = False
messages = {}
if not user_permission_doctypes:
# no doctypes restricted
end_result = True
# check multiple sets of user_permission_doctypes using OR condition
for doctypes in user_permission_doctypes:
result = True
for df in meta.get_fields_to_check_permissions(doctypes):
if (d.get(df.fieldname)
and d.get(df.fieldname) not in user_permissions.get(
df.options, [])):
result = False
if verbose:
msg = _(
"Not allowed to access {0} with {1} = {2}").format(
df.options, _(df.label), d.get(df.fieldname))
if d.parentfield:
msg = "{doctype}, {row} #{idx}, ".format(
doctype=_(
d.doctype), row=_("Row"), idx=d.idx) + msg
messages[df.fieldname] = msg
end_result = end_result or result
if not end_result and messages:
for fieldname, msg in messages.items():
msgprint(msg)
return end_result
_user_has_permission = check_user_permission(doc)
for d in doc.get_all_children():
_user_has_permission = check_user_permission(
d) and _user_has_permission
return _user_has_permission
def add_user_permission(doctype, name, user, apply=False):
'''Add user permission'''
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
if name not in get_user_permissions(user).get(doctype, []):
if not frappe.db.exists(doctype, name):
frappe.throw(_("{0} {1} not found").format(_(doctype), name), frappe.DoesNotExistError)
frappe.get_doc(dict(
doctype='User Permission',
user=user,
allow=doctype,
for_value=name,
apply_for_all_roles=apply
)).insert()
def add_user_permission(doctype, name, user, apply=False):
'''Add user permission'''
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
if name not in get_user_permissions(user).get(doctype, []):
if not frappe.db.exists(doctype, name):
frappe.throw(_("{0} {1} not found").format(_(doctype), name), frappe.DoesNotExistError)
frappe.get_doc(dict(
doctype='User Permission',
user=user,
allow=doctype,
for_value=name,
apply_for_all_roles=apply
)).insert()
def set_user_and_static_default_values(doc):
user_permissions = get_user_permissions()
defaults = frappe.defaults.get_defaults()
for df in doc.meta.get("fields"):
if df.fieldtype in type_map:
user_default_value = get_user_default_value(df, defaults, user_permissions)
if user_default_value is not None:
doc.set(df.fieldname, user_default_value)
else:
if df.fieldname != doc.meta.title_field:
static_default_value = get_static_default_value(df, user_permissions)
if static_default_value is not None:
doc.set(df.fieldname, static_default_value)
def user_has_permission(doc, verbose=True, user=None, user_permission_doctypes=None):
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
user_permissions = get_user_permissions(user)
user_permission_doctypes = get_user_permission_doctypes(user_permission_doctypes, user_permissions)
def check_user_permission(d):
meta = frappe.get_meta(d.get("doctype"))
end_result = False
messages = {}
if not user_permission_doctypes:
# no doctypes restricted
end_result = True
# check multiple sets of user_permission_doctypes using OR condition
for doctypes in user_permission_doctypes:
result = True
for df in meta.get_fields_to_check_permissions(doctypes):
if (d.get(df.fieldname)
and d.get(df.fieldname) not in user_permissions.get(df.options, [])):
result = False
if verbose:
msg = _("Not allowed to access {0} with {1} = {2}").format(df.options, _(df.label), d.get(df.fieldname))
if d.parentfield:
msg = "{doctype}, {row} #{idx}, ".format(doctype=_(d.doctype),
row=_("Row"), idx=d.idx) + msg
messages[df.fieldname] = msg
end_result = end_result or result
if not end_result and messages:
for fieldname, msg in messages.items():
msgprint(msg)
return end_result
_user_has_permission = check_user_permission(doc)
for d in doc.get_all_children():
_user_has_permission = check_user_permission(d) and _user_has_permission
return _user_has_permission
def set_user_and_static_default_values(doc):
user_permissions = get_user_permissions()
defaults = frappe.defaults.get_defaults()
for df in doc.meta.get("fields"):
if df.fieldtype in type_map:
# user permissions for link options
doctype_user_permissions = user_permissions.get(df.options, [])
# Allowed records for the reference doctype (link field)
allowed_records = get_allowed_docs_for_doctype(doctype_user_permissions, df.parent)
user_default_value = get_user_default_value(df, defaults, doctype_user_permissions, allowed_records)
if user_default_value is not None:
doc.set(df.fieldname, user_default_value)
else:
if df.fieldname != doc.meta.title_field:
static_default_value = get_static_default_value(df, doctype_user_permissions, allowed_records)
if static_default_value is not None:
doc.set(df.fieldname, static_default_value)
def set_dynamic_default_values(doc, parent_doc, parentfield):
# these values should not be cached
user_permissions = get_user_permissions()
for df in frappe.get_meta(doc["doctype"]).get("fields"):
if df.get("default"):
if df.default.startswith(":"):
default_value = get_default_based_on_another_field(df, user_permissions, parent_doc)
if default_value is not None and not doc.get(df.fieldname):
doc[df.fieldname] = default_value
elif df.fieldtype == "Datetime" and df.default.lower() == "now":
doc[df.fieldname] = now_datetime()
if df.fieldtype == "Time":
doc[df.fieldname] = nowtime()
if parent_doc:
doc["parent"] = parent_doc.name
doc["parenttype"] = parent_doc.doctype
if parentfield:
doc["parentfield"] = parentfield
def set_user_and_static_default_values(doc):
user_permissions = get_user_permissions()
defaults = frappe.defaults.get_defaults()
for df in doc.meta.get("fields"):
if df.fieldtype in data_fieldtypes:
# user permissions for link options
doctype_user_permissions = user_permissions.get(df.options, [])
# Allowed records for the reference doctype (link field)
allowed_records = get_allowed_docs_for_doctype(
doctype_user_permissions, df.parent)
user_default_value = get_user_default_value(
df, defaults, doctype_user_permissions, allowed_records)
if user_default_value is not None:
doc.set(df.fieldname, user_default_value)
else:
if df.fieldname != doc.meta.title_field:
static_default_value = get_static_default_value(
df, doctype_user_permissions, allowed_records)
if static_default_value is not None:
doc.set(df.fieldname, static_default_value)
def set_dynamic_default_values(doc, parent_doc, parentfield):
# these values should not be cached
user_permissions = get_user_permissions()
for df in frappe.get_meta(doc["doctype"]).get("fields"):
if df.get("default"):
if df.default.startswith(":"):
default_value = get_default_based_on_another_field(df, user_permissions, parent_doc)
if default_value is not None and not doc.get(df.fieldname):
doc[df.fieldname] = default_value
elif df.fieldtype == "Datetime" and df.default.lower() == "now":
doc[df.fieldname] = now_datetime()
if df.fieldtype == "Time":
doc[df.fieldname] = nowtime()
if parent_doc:
doc["parent"] = parent_doc.name
doc["parenttype"] = parent_doc.doctype
if parentfield:
doc["parentfield"] = parentfield
def get_bootinfo():
"""build and return boot info"""
frappe.set_user_lang(frappe.session.user)
bootinfo = frappe._dict()
hooks = frappe.get_hooks()
doclist = []
# user
get_user(bootinfo)
# system info
bootinfo.sitename = frappe.local.site
bootinfo.sysdefaults = frappe.defaults.get_defaults()
bootinfo.user_permissions = get_user_permissions()
bootinfo.server_date = frappe.utils.nowdate()
if frappe.session['user'] != 'Guest':
bootinfo.user_info = get_fullnames()
bootinfo.sid = frappe.session['sid']
bootinfo.modules = {}
bootinfo.module_list = []
load_desktop_icons(bootinfo)
bootinfo.letter_heads = get_letter_heads()
bootinfo.active_domains = frappe.get_active_domains()
bootinfo.all_domains = [d.get("name") for d in frappe.get_all("Domain")]
bootinfo.module_app = frappe.local.module_app
bootinfo.single_types = frappe.db.sql_list("""select name from tabDocType
where issingle=1""")
add_home_page(bootinfo, doclist)
bootinfo.page_info = get_allowed_pages()
load_translations(bootinfo)
add_timezone_info(bootinfo)
load_conf_settings(bootinfo)
load_print(bootinfo, doclist)
doclist.extend(get_meta_bundle("Page"))
bootinfo.home_folder = frappe.db.get_value("File", {"is_home_folder": 1})
# ipinfo
if frappe.session.data.get('ipinfo'):
bootinfo.ipinfo = frappe.session['data']['ipinfo']
# add docs
bootinfo.docs = doclist
for method in hooks.boot_session or []:
frappe.get_attr(method)(bootinfo)
if bootinfo.lang:
bootinfo.lang = text_type(bootinfo.lang)
bootinfo.versions = {k: v['version'] for k, v in get_versions().items()}
bootinfo.error_report_email = frappe.get_hooks("error_report_email")
bootinfo.calendars = sorted(frappe.get_hooks("calendars"))
bootinfo.treeviews = frappe.get_hooks("treeviews") or []
bootinfo.lang_dict = get_lang_dict()
bootinfo.feedback_triggers = get_enabled_feedback_trigger()
bootinfo.gsuite_enabled = get_gsuite_status()
bootinfo.update(get_email_accounts(user=frappe.session.user))
return bootinfo
def has_user_permission(doc, user=None, verbose=False):
'''Returns True if User is allowed to view considering User Permissions'''
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
user_permissions = get_user_permissions(user)
if not user_permissions: return True
# user can create own role permissions, so nothing applies
if get_role_permissions('User Permission', user=user).get('write'):
return True
apply_strict_user_permissions = frappe.get_system_settings(
'apply_strict_user_permissions')
if doc.get('doctype') in user_permissions:
if (doc.get('name') not in user_permissions[doc.get('doctype')].get(
"docs", []) and not doc.get('doctype')
in user_permissions[doc.get('doctype')].get(
"skip_for_doctype", [])):
# don't have user permissions on the doc itself!
if verbose:
msgprint(
_('Not allowed for {0} = {1}').format(
_(doc.get('doctype')), doc.get('name')))
return False
def check_user_permission(d):
meta = frappe.get_meta(d.get("doctype"))
# check all link fields for user permissions
for field in meta.get_link_fields():
# if this type is restricted
if field.ignore_user_permissions: continue
if (field.options in user_permissions and not d.get("doctype")
in user_permissions[field.options].get(
"skip_for_doctype", [])):
if not apply_strict_user_permissions:
# ignore if link is not set
if not d.get(field.fieldname):
continue
if not d.get(field.fieldname) in user_permissions.get(
field.options, {}).get("docs", []):
if d.get('parentfield'):
# "Not allowed for Company = Restricted Company in Row 3"
msg = _('Not allowed for {0} = {1} in Row {2}').format(
_(field.options), d.get(field.fieldname), d.idx)
else:
# "Not allowed for Company = Restricted Company"
msg = _('Not allowed for {0} = {1}').format(
_(field.options), d.get(field.fieldname))
if verbose: msgprint(msg)
return False
return True
result = check_user_permission(doc)
if not result:
return False
for d in doc.get_all_children():
if not check_user_permission(d):
return False
return True
def get_user_permissions(user):
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
return get_user_permissions(user)
def get_user_permissions(user): from frappe.core.doctype.user_permission.user_permission import get_user_permissions return get_user_permissions(user)
def get_bootinfo():
"""build and return boot info"""
frappe.set_user_lang(frappe.session.user)
bootinfo = frappe._dict()
hooks = frappe.get_hooks()
doclist = []
# user
get_user(bootinfo)
# system info
bootinfo.sitename = frappe.local.site
bootinfo.sysdefaults = frappe.defaults.get_defaults()
bootinfo.user_permissions = get_user_permissions()
bootinfo.server_date = frappe.utils.nowdate()
if frappe.session['user'] != 'Guest':
bootinfo.user_info = get_fullnames()
bootinfo.sid = frappe.session['sid'];
bootinfo.modules = {}
bootinfo.module_list = []
load_desktop_icons(bootinfo)
bootinfo.letter_heads = get_letter_heads()
bootinfo.active_domains = frappe.get_active_domains()
bootinfo.all_domains = [d.get("name") for d in frappe.get_all("Domain")]
bootinfo.module_app = frappe.local.module_app
bootinfo.single_types = frappe.db.sql_list("""select name from tabDocType
where issingle=1""")
add_home_page(bootinfo, doclist)
bootinfo.page_info = get_allowed_pages()
load_translations(bootinfo)
add_timezone_info(bootinfo)
load_conf_settings(bootinfo)
load_print(bootinfo, doclist)
doclist.extend(get_meta_bundle("Page"))
bootinfo.home_folder = frappe.db.get_value("File", {"is_home_folder": 1})
# ipinfo
if frappe.session.data.get('ipinfo'):
bootinfo.ipinfo = frappe.session['data']['ipinfo']
# add docs
bootinfo.docs = doclist
for method in hooks.boot_session or []:
frappe.get_attr(method)(bootinfo)
if bootinfo.lang:
bootinfo.lang = text_type(bootinfo.lang)
bootinfo.versions = {k: v['version'] for k, v in get_versions().items()}
bootinfo.error_report_email = frappe.get_hooks("error_report_email")
bootinfo.calendars = sorted(frappe.get_hooks("calendars"))
bootinfo.treeviews = frappe.get_hooks("treeviews") or []
bootinfo.lang_dict = get_lang_dict()
bootinfo.feedback_triggers = get_enabled_feedback_trigger()
bootinfo.gsuite_enabled = get_gsuite_status()
bootinfo.update(get_email_accounts(user=frappe.session.user))
return bootinfo
def has_user_permission(doc, user=None):
'''Returns True if User is allowed to view considering User Permissions'''
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
user_permissions = get_user_permissions(user)
if not user_permissions:
# no user permission rules specified for this doctype
return True
# user can create own role permissions, so nothing applies
if get_role_permissions('User Permission', user=user).get('write'):
return True
apply_strict_user_permissions = frappe.get_system_settings('apply_strict_user_permissions')
doctype = doc.get('doctype')
docname = doc.get('name')
# STEP 1: ---------------------
# check user permissions on self
if doctype in user_permissions:
allowed_docs = get_allowed_docs_for_doctype(user_permissions.get(doctype, []), doctype)
# if allowed_docs is empty it states that there is no applicable permission under the current doctype
# only check if allowed_docs is not empty
if allowed_docs and docname not in allowed_docs:
# no user permissions for this doc specified
push_perm_check_log(_('Not allowed for {0}: {1}').format(_(doctype), docname))
return False
# STEP 2: ---------------------------------
# check user permissions in all link fields
def check_user_permission_on_link_fields(d):
# check user permissions for all the link fields of the given
# document object d
#
# called for both parent and child records
meta = frappe.get_meta(d.get("doctype"))
# check all link fields for user permissions
for field in meta.get_link_fields():
if field.ignore_user_permissions: continue
# empty value, do you still want to apply user permissions?
if not d.get(field.fieldname) and not apply_strict_user_permissions:
# nah, not strict
continue
if field.options not in user_permissions:
continue
# get the list of all allowed values for this link
allowed_docs = get_allowed_docs_for_doctype(user_permissions.get(field.options, []), doctype)
if allowed_docs and d.get(field.fieldname) not in allowed_docs:
# restricted for this link field, and no matching values found
# make the right message and exit
if d.get('parentfield'):
# "Not allowed for Company = Restricted Company in Row 3. Restricted field: reference_type"
msg = _('Not allowed for {0}: {1} in Row {2}. Restricted field: {3}').format(
_(field.options), d.get(field.fieldname), d.idx, field.fieldname)
else:
# "Not allowed for Company = Restricted Company. Restricted field: reference_type"
msg = _('Not allowed for {0}: {1}. Restricted field: {2}').format(
_(field.options), d.get(field.fieldname), field.fieldname)
push_perm_check_log(msg)
return False
return True
if not check_user_permission_on_link_fields(doc):
return False
for d in doc.get_all_children():
if not check_user_permission_on_link_fields(d):
return False
return True
def has_user_permission(doc, user=None):
'''Returns True if User is allowed to view considering User Permissions'''
from frappe.core.doctype.user_permission.user_permission import get_user_permissions
user_permissions = get_user_permissions(user)
if not user_permissions:
# no user permission rules specified for this doctype
return True
# user can create own role permissions, so nothing applies
if get_role_permissions('User Permission', user=user).get('write'):
return True
apply_strict_user_permissions = frappe.get_system_settings(
'apply_strict_user_permissions')
doctype = doc.get('doctype')
docname = doc.get('name')
# STEP 1: ---------------------
# check user permissions on self
if doctype in user_permissions:
allowed_docs = get_allowed_docs_for_doctype(
user_permissions.get(doctype, []), doctype)
# if allowed_docs is empty it states that there is no applicable permission under the current doctype
# only check if allowed_docs is not empty
if allowed_docs and docname not in allowed_docs:
# no user permissions for this doc specified
push_perm_check_log(
_('Not allowed for {0}: {1}').format(_(doctype), docname))
return False
# STEP 2: ---------------------------------
# check user permissions in all link fields
def check_user_permission_on_link_fields(d):
# check user permissions for all the link fields of the given
# document object d
#
# called for both parent and child records
meta = frappe.get_meta(d.get("doctype"))
# check all link fields for user permissions
for field in meta.get_link_fields():
if field.ignore_user_permissions: continue
# empty value, do you still want to apply user permissions?
if not d.get(
field.fieldname) and not apply_strict_user_permissions:
# nah, not strict
continue
if field.options not in user_permissions:
continue
# get the list of all allowed values for this link
allowed_docs = get_allowed_docs_for_doctype(
user_permissions.get(field.options, []), doctype)
if allowed_docs and d.get(field.fieldname) not in allowed_docs:
# restricted for this link field, and no matching values found
# make the right message and exit
if d.get('parentfield'):
# "Not allowed for Company = Restricted Company in Row 3. Restricted field: reference_type"
msg = _(
'Not allowed for {0}: {1} in Row {2}. Restricted field: {3}'
).format(_(field.options), d.get(field.fieldname), d.idx,
field.fieldname)
else:
# "Not allowed for Company = Restricted Company. Restricted field: reference_type"
msg = _('Not allowed for {0}: {1}. Restricted field: {2}'
).format(_(field.options), d.get(field.fieldname),
field.fieldname)
push_perm_check_log(msg)
return False
return True
if not check_user_permission_on_link_fields(doc):
return False
for d in doc.get_all_children():
if not check_user_permission_on_link_fields(d):
return False
return True
def get_permitted_documents(doctype):
return [d.get('doc') for d in get_user_permissions().get(doctype, []) \
if d.get('doc')]
