def validate_ip_address(self): """check if IP Address is valid""" user = dataent.get_doc("User", self.user) ip_list = user.get_restricted_ip_list() if not ip_list: return bypass_restrict_ip_check = 0 # check if two factor auth is enabled enabled = int( dataent.get_system_settings('enable_two_factor_auth') or 0) if enabled: #check if bypass restrict ip is enabled for all users bypass_restrict_ip_check = int( dataent.get_system_settings( 'bypass_restrict_ip_check_if_2fa_enabled') or 0) if not bypass_restrict_ip_check: #check if bypass restrict ip is enabled for login user bypass_restrict_ip_check = int( dataent.db.get_value( 'User', self.user, 'bypass_restrict_ip_check_if_2fa_enabled') or 0) for ip in ip_list: if dataent.local.request_ip.startswith( ip) or bypass_restrict_ip_check: return dataent.throw(_("Not allowed from this IP Address"), dataent.AuthenticationError)
def add_code(self): if self.custom: return path = os.path.join(get_module_path(self.module), 'doctype', scrub(self.name)) def _get_path(fname): return os.path.join(path, scrub(fname)) system_country = dataent.get_system_settings("country") self._add_code(_get_path(self.name + '.js'), '__js') if system_country: self._add_code(_get_path(os.path.join('regional', system_country + '.js')), '__js') self._add_code(_get_path(self.name + '.css'), "__css") self._add_code(_get_path(self.name + '_list.js'), '__list_js') if system_country: self._add_code(_get_path(os.path.join('regional', system_country + '_list.js')), '__list_js') self._add_code(_get_path(self.name + '_calendar.js'), '__calendar_js') self._add_code(_get_path(self.name + '_tree.js'), '__tree_js') listview_template = _get_path(self.name + '_list.html') if os.path.exists(listview_template): self.set("__listview_template", get_html_format(listview_template)) self.add_code_via_hook("doctype_js", "__js") self.add_code_via_hook("doctype_list_js", "__list_js") self.add_code_via_hook("doctype_tree_js", "__tree_js") self.add_code_via_hook("doctype_calendar_js", "__calendar_js") self.add_html_templates(path)
def get_context(context): redirect_to = dataent.local.request.args.get("redirect-to") if dataent.session.user != "Guest": if not redirect_to: redirect_to = "/" if dataent.session.data.user_type=="Website User" else "/desk" dataent.local.flags.redirect_location = redirect_to raise dataent.Redirect # get settings from site config context.no_header = True context.for_test = 'login.html' context["title"] = "Login" context["provider_logins"] = [] context["disable_signup"] = dataent.utils.cint(dataent.db.get_value("Website Settings", "Website Settings", "disable_signup")) providers = [i.name for i in dataent.get_all("Social Login Key", filters={"enable_social_login":1})] for provider in providers: client_id, base_url = dataent.get_value("Social Login Key", provider, ["client_id", "base_url"]) client_secret = get_decrypted_password("Social Login Key", provider, "client_secret") icon = get_icon_html(dataent.get_value("Social Login Key", provider, "icon"), small=True) if (get_oauth_keys(provider) and client_secret and client_id and base_url): context.provider_logins.append({ "name": provider, "provider_name": dataent.get_value("Social Login Key", provider, "provider_name"), "auth_url": get_oauth2_authorize_url(provider, redirect_to), "icon": icon }) context["social_login"] = True ldap_settings = LDAPSettings.get_ldap_client_settings() context["ldap_settings"] = ldap_settings login_name_placeholder = [_("Email address")] if dataent.utils.cint(dataent.get_system_settings("allow_login_using_mobile_number")): login_name_placeholder.append(_("Mobile number")) if dataent.utils.cint(dataent.get_system_settings("allow_login_using_user_name")): login_name_placeholder.append(_("Username")) context['login_name_placeholder'] = ' {0} '.format(_('or')).join(login_name_placeholder) return context
def get_region(company=None): '''Return the default country based on flag, company or global settings You can also set global company flag in `dataent.flags.company` ''' if company or dataent.flags.company: return dataent.get_cached_value('Company', company or dataent.flags.company, 'country') elif dataent.flags.country: return dataent.flags.country else: return dataent.get_system_settings('country')
def add_user_permissions(self, user_permissions): meta = dataent.get_meta(self.doctype) doctype_link_fields = [] doctype_link_fields = meta.get_link_fields() doctype_link_fields.append( dict( options=self.doctype, fieldname='name', )) # appended current doctype with fieldname as 'name' to # and condition on doc name if user permission is found for current doctype match_filters = {} match_conditions = [] for df in doctype_link_fields: user_permission_values = user_permissions.get( df.get('options'), {}) if df.get('ignore_user_permissions'): continue empty_value_condition = 'ifnull(`tab{doctype}`.`{fieldname}`, "")=""'.format( doctype=self.doctype, fieldname=df.get('fieldname')) if user_permission_values: docs = [] if dataent.get_system_settings( "apply_strict_user_permissions"): condition = "" else: condition = empty_value_condition + " or " for permission in user_permission_values: if not permission.get('applicable_for'): docs.append(permission.get('doc')) # append docs based on user permission applicable on reference doctype # This is useful when getting list of doc from a link field # in this case parent doctype of the link will be the # will be the reference doctype elif df.get( 'fieldname') == 'name' and self.reference_doctype: if permission.get( 'applicable_for') == self.reference_doctype: docs.append(permission.get('doc')) elif permission.get('applicable_for') == self.doctype: docs.append(permission.get('doc')) if docs: condition += "`tab{doctype}`.`{fieldname}` in ({values})".format( doctype=self.doctype, fieldname=df.get('fieldname'), values=", ".join([ ('"' + dataent.db.escape(doc, percent=False) + '"') for doc in docs ])) match_conditions.append( "({condition})".format(condition=condition)) match_filters[df.get('options')] = docs if match_conditions: self.match_conditions.append(" and ".join(match_conditions)) if match_filters: self.match_filters.append(match_filters)
def has_user_permission(doc, user=None): '''Returns True if User is allowed to view considering User Permissions''' from dataent.core.doctype.user_permission.user_permission import get_user_permissions user_permissions = get_user_permissions(user) if not user_permissions: # no user permission rules specified for this doctype return True # user can create own role permissions, so nothing applies if get_role_permissions('User Permission', user=user).get('write'): return True apply_strict_user_permissions = dataent.get_system_settings( 'apply_strict_user_permissions') doctype = doc.get('doctype') docname = doc.get('name') # STEP 1: --------------------- # check user permissions on self if doctype in user_permissions: allowed_docs = get_allowed_docs_for_doctype( user_permissions.get(doctype, []), doctype) # if allowed_docs is empty it states that there is no applicable permission under the current doctype # only check if allowed_docs is not empty if allowed_docs and docname not in allowed_docs: # no user permissions for this doc specified push_perm_check_log( _('Not allowed for {0}: {1}').format(_(doctype), docname)) return False # STEP 2: --------------------------------- # check user permissions in all link fields def check_user_permission_on_link_fields(d): # check user permissions for all the link fields of the given # document object d # # called for both parent and child records meta = dataent.get_meta(d.get("doctype")) # check all link fields for user permissions for field in meta.get_link_fields(): if field.ignore_user_permissions: continue # empty value, do you still want to apply user permissions? if not d.get( field.fieldname) and not apply_strict_user_permissions: # nah, not strict continue if field.options not in user_permissions: continue # get the list of all allowed values for this link allowed_docs = get_allowed_docs_for_doctype( user_permissions.get(field.options, []), doctype) if allowed_docs and d.get(field.fieldname) not in allowed_docs: # restricted for this link field, and no matching values found # make the right message and exit if d.get('parentfield'): # "Not allowed for Company = Restricted Company in Row 3. Restricted field: reference_type" msg = _( 'Not allowed for {0}: {1} in Row {2}. Restricted field: {3}' ).format(_(field.options), d.get(field.fieldname), d.idx, field.fieldname) else: # "Not allowed for Company = Restricted Company. Restricted field: reference_type" msg = _('Not allowed for {0}: {1}. Restricted field: {2}' ).format(_(field.options), d.get(field.fieldname), field.fieldname) push_perm_check_log(msg) return False return True if not check_user_permission_on_link_fields(doc): return False for d in doc.get_all_children(): if not check_user_permission_on_link_fields(d): return False return True