def get_roles_and_doctypes():
dataent.only_for("System Manager")
send_translations(dataent.get_lang_dict("doctype", "DocPerm"))
active_domains = dataent.get_active_domains()
doctypes = dataent.get_all("DocType", filters={
"istable": 0,
"name": ("not in", ",".join(not_allowed_in_permission_manager)),
}, or_filters={
"ifnull(restrict_to_domain, '')": "",
"restrict_to_domain": ("in", active_domains)
}, fields=["name"])
roles = dataent.get_all("Role", filters={
"name": ("not in", "Administrator"),
"disabled": 0,
}, or_filters={
"ifnull(restrict_to_domain, '')": "",
"restrict_to_domain": ("in", active_domains)
}, fields=["name"])
doctypes_list = [ {"label":_(d.get("name")), "value":d.get("name")} for d in doctypes]
roles_list = [ {"label":_(d.get("name")), "value":d.get("name")} for d in roles]
return {
"doctypes": sorted(doctypes_list, key=lambda d: d['label']),
"roles": sorted(roles_list, key=lambda d: d['label'])
}
def delete_company_transactions(company_name):
dataent.only_for("System Manager")
doc = dataent.get_doc("Company", company_name)
if dataent.session.user != doc.owner:
dataent.throw(
_("Transactions can only be deleted by the creator of the Company"
), dataent.PermissionError)
delete_bins(company_name)
delete_lead_addresses(company_name)
for doctype in dataent.db.sql_list("""select parent from
tabDocField where fieldtype='Link' and options='Company'"""):
if doctype not in ("Account", "Cost Center", "Warehouse", "Budget",
"Party Account", "Employee",
"Sales Taxes and Charges Template",
"Purchase Taxes and Charges Template",
"POS Profile", 'BOM'):
delete_for_doctype(doctype, company_name)
# reset company values
doc.total_monthly_sales = 0
doc.sales_monthly_history = None
doc.save()
# Clear notification counts
clear_notifications()
def check_applicable_doc_perm(user, doctype, docname):
dataent.only_for('System Manager')
applicable = []
doc_exists = dataent.get_all('User Permission',
fields=['name'],
filters={
"user": user,
"allow": doctype,
"for_value": docname,
"apply_to_all_doctypes": 1,
},
limit=1)
if doc_exists:
applicable = get_linked_doctypes(doctype).keys()
else:
data = dataent.get_all('User Permission',
fields=['applicable_for'],
filters={
"user": user,
"allow": doctype,
"for_value": docname,
})
for d in data:
applicable.append(d.applicable_for)
return applicable
def get_users_with_role(role):
dataent.only_for("System Manager")
return [p[0] for p in dataent.db.sql("""select distinct tabUser.name
from `tabHas Role`, tabUser where
`tabHas Role`.role=%s
and tabUser.name != "Administrator"
and `tabHas Role`.parent = tabUser.name
and tabUser.enabled=1""", role)]
def get_password(doctype, name, fieldname):
'''Return a password type property. Only applicable for System Managers
:param doctype: DocType of the document that holds the password
:param name: `name` of the document that holds the password
:param fieldname: `fieldname` of the password property
'''
dataent.only_for("System Manager")
return dataent.get_doc(doctype, name).get_password(fieldname)
def download_backup(path):
try:
dataent.only_for(("System Manager", "Administrator"))
except dataent.PermissionError:
raise Forbidden(
_("You need to be logged in and have System Manager Role to be able to access backups."
))
return send_private_file(path)
def get_standard_permissions(doctype):
dataent.only_for("System Manager")
meta = dataent.get_meta(doctype)
if meta.custom:
doc = dataent.get_doc('DocType', doctype)
return [p.as_dict() for p in doc.permissions]
else:
# also used to setup permissions via patch
path = get_file_path(meta.module, "DocType", doctype)
return read_doc_from_file(path).get("permissions")
def clear_user_permissions(user, for_doctype):
dataent.only_for('System Manager')
total = dataent.db.count('User Permission',
filters=dict(user=user, allow=for_doctype))
if total:
dataent.db.sql(
'DELETE FROM `tabUser Permission` WHERE user=%s AND allow=%s',
(user, for_doctype))
dataent.clear_cache()
return total
def update_icons(hidden_list, user=None):
"""update modules"""
if not user:
dataent.only_for('System Manager')
set_hidden_list(hidden_list, user)
dataent.msgprint(dataent._('Updated'),
indicator='green',
title=_('Success'),
alert=True)
def remove(doctype, role, permlevel):
dataent.only_for("System Manager")
setup_custom_perms(doctype)
name = dataent.get_value('Custom DocPerm', dict(parent=doctype, role=role, permlevel=permlevel))
dataent.db.sql('delete from `tabCustom DocPerm` where name=%s', name)
if not dataent.get_all('Custom DocPerm', dict(parent=doctype)):
dataent.throw(_('There must be atleast one permission rule.'), title=_('Cannot Remove'))
validate_permissions_for_doctype(doctype, for_remove=True)
def on_trash(doc):
if doc.communication_type != "Comment":
return
if doc.reference_doctype == "Message":
return
if (doc.comment_type or "Comment") != "Comment":
dataent.only_for("System Manager")
_comments = get_comments_from_parent(doc)
for c in _comments:
if c.get("name") == doc.name:
_comments.remove(c)
update_comments_in_parent(doc.reference_doctype, doc.reference_name,
_comments)
def get_module_icons(user=None):
if user != dataent.session.user:
dataent.only_for('System Manager')
if not user:
icons = dataent.db.get_all('Desktop Icon',
fields='*',
filters={'standard': 1},
order_by='idx')
else:
dataent.cache().hdel('desktop_icons', user)
icons = get_user_icons(user)
for icon in icons:
icon.value = dataent.db.escape(_(icon.label or icon.module_name))
return {'icons': icons, 'user': user}
def get_permissions(doctype=None, role=None):
dataent.only_for("System Manager")
if role:
out = get_all_perms(role)
if doctype:
out = [p for p in out if p.parent == doctype]
else:
out = dataent.get_all('Custom DocPerm', fields='*', filters=dict(parent = doctype), order_by="permlevel")
if not out:
out = dataent.get_all('DocPerm', fields='*', filters=dict(parent = doctype), order_by="permlevel")
linked_doctypes = {}
for d in out:
if not d.parent in linked_doctypes:
linked_doctypes[d.parent] = get_linked_doctypes(d.parent)
d.linked_doctypes = linked_doctypes[d.parent]
meta = dataent.get_meta(d.parent)
if meta:
d.is_submittable = meta.is_submittable
return out
def add_user_permissions(data):
''' Add and update the user permissions '''
dataent.only_for('System Manager')
if isinstance(data, dataent.string_types):
data = json.loads(data)
data = dataent._dict(data)
d = check_applicable_doc_perm(data.user, data.doctype, data.docname)
exists = dataent.db.exists(
"User Permission", {
"user": data.user,
"allow": data.doctype,
"for_value": data.docname,
"apply_to_all_doctypes": 1
})
if data.apply_to_all_doctypes == 1 and not exists:
remove_applicable(d, data.user, data.doctype, data.docname)
insert_user_perm(data.user, data.doctype, data.docname, apply_to_all=1)
return 1
elif len(data.applicable_doctypes) > 0 and data.apply_to_all_doctypes != 1:
remove_apply_to_all(data.user, data.doctype, data.docname)
update_applicable(d, data.applicable_doctypes, data.user, data.doctype,
data.docname)
for applicable in data.applicable_doctypes:
if applicable not in d:
insert_user_perm(data.user,
data.doctype,
data.docname,
applicable=applicable)
elif exists:
insert_user_perm(data.user,
data.doctype,
data.docname,
applicable=applicable)
return 1
return 0
def replace_abbr(company, old, new):
new = new.strip()
if not new:
dataent.throw(_("Abbr can not be blank or space"))
dataent.only_for("System Manager")
dataent.db.set_value("Company", company, "abbr", new)
def _rename_record(doc):
parts = doc[0].rsplit(" - ", 1)
if len(parts) == 1 or parts[1].lower() == old.lower():
dataent.rename_doc(dt, doc[0], parts[0] + " - " + new)
def _rename_records(dt):
# rename is expensive so let's be economical with memory usage
doc = (d for d in dataent.db.sql("select name from `tab%s` where company=%s" % (dt, '%s'), company))
for d in doc:
_rename_record(d)
for dt in ["Warehouse", "Account", "Cost Center", "Department",
"Sales Taxes and Charges Template", "Purchase Taxes and Charges Template"]:
_rename_records(dt)
dataent.db.commit()
def install_app(name, verbose=False, set_as_patched=True):
dataent.flags.in_install = name
dataent.flags.ignore_in_install = False
dataent.clear_cache()
app_hooks = dataent.get_hooks(app_name=name)
installed_apps = dataent.get_installed_apps()
# install pre-requisites
if app_hooks.required_apps:
for app in app_hooks.required_apps:
install_app(app)
dataent.flags.in_install = name
dataent.clear_cache()
if name not in dataent.get_all_apps():
raise Exception("App not in apps.txt")
if name in installed_apps:
dataent.msgprint(_("App {0} already installed").format(name))
return
print("\nInstalling {0}...".format(name))
if name != "dataent":
dataent.only_for("System Manager")
for before_install in app_hooks.before_install or []:
out = dataent.get_attr(before_install)()
if out == False:
return
if name != "dataent":
add_module_defs(name)
sync_for(name,
force=True,
sync_everything=True,
verbose=verbose,
reset_permissions=True)
sync_from_app(name)
add_to_installed_apps(name)
dataent.get_doc('Portal Settings', 'Portal Settings').sync_menu()
if set_as_patched:
set_all_patches_as_completed(name)
for after_install in app_hooks.after_install or []:
dataent.get_attr(after_install)()
sync_fixtures(name)
sync_customizations(name)
for after_sync in app_hooks.after_sync or []:
dataent.get_attr(after_sync)() #
dataent.flags.in_install = False
def clear_error_logs():
'''Flush all Error Logs'''
dataent.only_for('System Manager')
dataent.db.sql('''delete from `tabError Log`''')
def reset(doctype):
dataent.only_for("System Manager")
reset_perms(doctype)
clear_permissions_cache(doctype)
def clear_all_sessions(reason=None):
"""This effectively logs out all users"""
dataent.only_for("Administrator")
if not reason: reason = "Deleted All Active Session"
for sid in dataent.db.sql_list("select sid from `tabSessions`"):
delete_session(sid, reason=reason)
def update(doctype, role, permlevel, ptype, value=None):
dataent.only_for("System Manager")
out = update_permission_property(doctype, role, permlevel, ptype, value)
return 'refresh' if out else None
def add(parent, role, permlevel):
dataent.only_for("System Manager")
add_permission(parent, role, permlevel)
