def set_user_and_static_default_values(doc): user_permissions = get_user_permissions() defaults = frappe.defaults.get_defaults() for df in doc.meta.get("fields"): if df.fieldtype in type_map: # user permissions for link options doctype_user_permissions = user_permissions.get(df.options, []) # Allowed records for the reference doctype (link field) allowed_records = get_allowed_docs_for_doctype( doctype_user_permissions, df.parent) user_default_value = get_user_default_value( df, defaults, doctype_user_permissions, allowed_records) if user_default_value != None: # do not set default if the field on which current field is dependent is not set if is_dependent_field_set(df.depends_on, doc): doc.set(df.fieldname, user_default_value) else: if df.fieldname != doc.meta.title_field: static_default_value = get_static_default_value( df, doctype_user_permissions, allowed_records) if static_default_value != None and is_dependent_field_set( df.depends_on, doc): doc.set(df.fieldname, static_default_value)
def set_user_and_static_default_values(doc): user_permissions = get_user_permissions() defaults = frappe.defaults.get_defaults() for df in doc.meta.get("fields"): if df.fieldtype in data_fieldtypes: # user permissions for link options doctype_user_permissions = user_permissions.get(df.options, []) # Allowed records for the reference doctype (link field) along with default doc allowed_records, default_doc = filter_allowed_docs_for_doctype( doctype_user_permissions, df.parent, with_default_doc=True) user_default_value = get_user_default_value( df, defaults, doctype_user_permissions, allowed_records, default_doc) if user_default_value is not None: # if fieldtype is link check if doc exists if not df.fieldtype == "Link" or frappe.db.exists( df.options, user_default_value): doc.set(df.fieldname, user_default_value) else: if df.fieldname != doc.meta.title_field: static_default_value = get_static_default_value( df, doctype_user_permissions, allowed_records) if static_default_value is not None: doc.set(df.fieldname, static_default_value)
def user_has_permission(doc, verbose=True, user=None, user_permission_doctypes=None): from frappe.core.doctype.user_permission.user_permission import get_user_permissions user_permissions = get_user_permissions(user) user_permission_doctypes = get_user_permission_doctypes( user_permission_doctypes, user_permissions) def check_user_permission(d): meta = frappe.get_meta(d.get("doctype")) end_result = False messages = {} if not user_permission_doctypes: # no doctypes restricted end_result = True # check multiple sets of user_permission_doctypes using OR condition for doctypes in user_permission_doctypes: result = True for df in meta.get_fields_to_check_permissions(doctypes): if (d.get(df.fieldname) and d.get(df.fieldname) not in user_permissions.get( df.options, [])): result = False if verbose: msg = _( "Not allowed to access {0} with {1} = {2}").format( df.options, _(df.label), d.get(df.fieldname)) if d.parentfield: msg = "{doctype}, {row} #{idx}, ".format( doctype=_( d.doctype), row=_("Row"), idx=d.idx) + msg messages[df.fieldname] = msg end_result = end_result or result if not end_result and messages: for fieldname, msg in messages.items(): msgprint(msg) return end_result _user_has_permission = check_user_permission(doc) for d in doc.get_all_children(): _user_has_permission = check_user_permission( d) and _user_has_permission return _user_has_permission
def add_user_permission(doctype, name, user, apply=False): '''Add user permission''' from frappe.core.doctype.user_permission.user_permission import get_user_permissions if name not in get_user_permissions(user).get(doctype, []): if not frappe.db.exists(doctype, name): frappe.throw(_("{0} {1} not found").format(_(doctype), name), frappe.DoesNotExistError) frappe.get_doc(dict( doctype='User Permission', user=user, allow=doctype, for_value=name, apply_for_all_roles=apply )).insert()
def add_user_permission(doctype, name, user, apply=False): '''Add user permission''' from frappe.core.doctype.user_permission.user_permission import get_user_permissions if name not in get_user_permissions(user).get(doctype, []): if not frappe.db.exists(doctype, name): frappe.throw(_("{0} {1} not found").format(_(doctype), name), frappe.DoesNotExistError) frappe.get_doc(dict( doctype='User Permission', user=user, allow=doctype, for_value=name, apply_for_all_roles=apply )).insert()
def set_user_and_static_default_values(doc): user_permissions = get_user_permissions() defaults = frappe.defaults.get_defaults() for df in doc.meta.get("fields"): if df.fieldtype in type_map: user_default_value = get_user_default_value(df, defaults, user_permissions) if user_default_value is not None: doc.set(df.fieldname, user_default_value) else: if df.fieldname != doc.meta.title_field: static_default_value = get_static_default_value(df, user_permissions) if static_default_value is not None: doc.set(df.fieldname, static_default_value)
def user_has_permission(doc, verbose=True, user=None, user_permission_doctypes=None): from frappe.core.doctype.user_permission.user_permission import get_user_permissions user_permissions = get_user_permissions(user) user_permission_doctypes = get_user_permission_doctypes(user_permission_doctypes, user_permissions) def check_user_permission(d): meta = frappe.get_meta(d.get("doctype")) end_result = False messages = {} if not user_permission_doctypes: # no doctypes restricted end_result = True # check multiple sets of user_permission_doctypes using OR condition for doctypes in user_permission_doctypes: result = True for df in meta.get_fields_to_check_permissions(doctypes): if (d.get(df.fieldname) and d.get(df.fieldname) not in user_permissions.get(df.options, [])): result = False if verbose: msg = _("Not allowed to access {0} with {1} = {2}").format(df.options, _(df.label), d.get(df.fieldname)) if d.parentfield: msg = "{doctype}, {row} #{idx}, ".format(doctype=_(d.doctype), row=_("Row"), idx=d.idx) + msg messages[df.fieldname] = msg end_result = end_result or result if not end_result and messages: for fieldname, msg in messages.items(): msgprint(msg) return end_result _user_has_permission = check_user_permission(doc) for d in doc.get_all_children(): _user_has_permission = check_user_permission(d) and _user_has_permission return _user_has_permission
def set_user_and_static_default_values(doc): user_permissions = get_user_permissions() defaults = frappe.defaults.get_defaults() for df in doc.meta.get("fields"): if df.fieldtype in type_map: # user permissions for link options doctype_user_permissions = user_permissions.get(df.options, []) # Allowed records for the reference doctype (link field) allowed_records = get_allowed_docs_for_doctype(doctype_user_permissions, df.parent) user_default_value = get_user_default_value(df, defaults, doctype_user_permissions, allowed_records) if user_default_value is not None: doc.set(df.fieldname, user_default_value) else: if df.fieldname != doc.meta.title_field: static_default_value = get_static_default_value(df, doctype_user_permissions, allowed_records) if static_default_value is not None: doc.set(df.fieldname, static_default_value)
def set_dynamic_default_values(doc, parent_doc, parentfield): # these values should not be cached user_permissions = get_user_permissions() for df in frappe.get_meta(doc["doctype"]).get("fields"): if df.get("default"): if df.default.startswith(":"): default_value = get_default_based_on_another_field(df, user_permissions, parent_doc) if default_value is not None and not doc.get(df.fieldname): doc[df.fieldname] = default_value elif df.fieldtype == "Datetime" and df.default.lower() == "now": doc[df.fieldname] = now_datetime() if df.fieldtype == "Time": doc[df.fieldname] = nowtime() if parent_doc: doc["parent"] = parent_doc.name doc["parenttype"] = parent_doc.doctype if parentfield: doc["parentfield"] = parentfield
def set_user_and_static_default_values(doc): user_permissions = get_user_permissions() defaults = frappe.defaults.get_defaults() for df in doc.meta.get("fields"): if df.fieldtype in data_fieldtypes: # user permissions for link options doctype_user_permissions = user_permissions.get(df.options, []) # Allowed records for the reference doctype (link field) allowed_records = get_allowed_docs_for_doctype( doctype_user_permissions, df.parent) user_default_value = get_user_default_value( df, defaults, doctype_user_permissions, allowed_records) if user_default_value is not None: doc.set(df.fieldname, user_default_value) else: if df.fieldname != doc.meta.title_field: static_default_value = get_static_default_value( df, doctype_user_permissions, allowed_records) if static_default_value is not None: doc.set(df.fieldname, static_default_value)
def set_dynamic_default_values(doc, parent_doc, parentfield): # these values should not be cached user_permissions = get_user_permissions() for df in frappe.get_meta(doc["doctype"]).get("fields"): if df.get("default"): if df.default.startswith(":"): default_value = get_default_based_on_another_field(df, user_permissions, parent_doc) if default_value is not None and not doc.get(df.fieldname): doc[df.fieldname] = default_value elif df.fieldtype == "Datetime" and df.default.lower() == "now": doc[df.fieldname] = now_datetime() if df.fieldtype == "Time": doc[df.fieldname] = nowtime() if parent_doc: doc["parent"] = parent_doc.name doc["parenttype"] = parent_doc.doctype if parentfield: doc["parentfield"] = parentfield
def get_bootinfo(): """build and return boot info""" frappe.set_user_lang(frappe.session.user) bootinfo = frappe._dict() hooks = frappe.get_hooks() doclist = [] # user get_user(bootinfo) # system info bootinfo.sitename = frappe.local.site bootinfo.sysdefaults = frappe.defaults.get_defaults() bootinfo.user_permissions = get_user_permissions() bootinfo.server_date = frappe.utils.nowdate() if frappe.session['user'] != 'Guest': bootinfo.user_info = get_fullnames() bootinfo.sid = frappe.session['sid'] bootinfo.modules = {} bootinfo.module_list = [] load_desktop_icons(bootinfo) bootinfo.letter_heads = get_letter_heads() bootinfo.active_domains = frappe.get_active_domains() bootinfo.all_domains = [d.get("name") for d in frappe.get_all("Domain")] bootinfo.module_app = frappe.local.module_app bootinfo.single_types = frappe.db.sql_list("""select name from tabDocType where issingle=1""") add_home_page(bootinfo, doclist) bootinfo.page_info = get_allowed_pages() load_translations(bootinfo) add_timezone_info(bootinfo) load_conf_settings(bootinfo) load_print(bootinfo, doclist) doclist.extend(get_meta_bundle("Page")) bootinfo.home_folder = frappe.db.get_value("File", {"is_home_folder": 1}) # ipinfo if frappe.session.data.get('ipinfo'): bootinfo.ipinfo = frappe.session['data']['ipinfo'] # add docs bootinfo.docs = doclist for method in hooks.boot_session or []: frappe.get_attr(method)(bootinfo) if bootinfo.lang: bootinfo.lang = text_type(bootinfo.lang) bootinfo.versions = {k: v['version'] for k, v in get_versions().items()} bootinfo.error_report_email = frappe.get_hooks("error_report_email") bootinfo.calendars = sorted(frappe.get_hooks("calendars")) bootinfo.treeviews = frappe.get_hooks("treeviews") or [] bootinfo.lang_dict = get_lang_dict() bootinfo.feedback_triggers = get_enabled_feedback_trigger() bootinfo.gsuite_enabled = get_gsuite_status() bootinfo.update(get_email_accounts(user=frappe.session.user)) return bootinfo
def has_user_permission(doc, user=None, verbose=False): '''Returns True if User is allowed to view considering User Permissions''' from frappe.core.doctype.user_permission.user_permission import get_user_permissions user_permissions = get_user_permissions(user) if not user_permissions: return True # user can create own role permissions, so nothing applies if get_role_permissions('User Permission', user=user).get('write'): return True apply_strict_user_permissions = frappe.get_system_settings( 'apply_strict_user_permissions') if doc.get('doctype') in user_permissions: if (doc.get('name') not in user_permissions[doc.get('doctype')].get( "docs", []) and not doc.get('doctype') in user_permissions[doc.get('doctype')].get( "skip_for_doctype", [])): # don't have user permissions on the doc itself! if verbose: msgprint( _('Not allowed for {0} = {1}').format( _(doc.get('doctype')), doc.get('name'))) return False def check_user_permission(d): meta = frappe.get_meta(d.get("doctype")) # check all link fields for user permissions for field in meta.get_link_fields(): # if this type is restricted if field.ignore_user_permissions: continue if (field.options in user_permissions and not d.get("doctype") in user_permissions[field.options].get( "skip_for_doctype", [])): if not apply_strict_user_permissions: # ignore if link is not set if not d.get(field.fieldname): continue if not d.get(field.fieldname) in user_permissions.get( field.options, {}).get("docs", []): if d.get('parentfield'): # "Not allowed for Company = Restricted Company in Row 3" msg = _('Not allowed for {0} = {1} in Row {2}').format( _(field.options), d.get(field.fieldname), d.idx) else: # "Not allowed for Company = Restricted Company" msg = _('Not allowed for {0} = {1}').format( _(field.options), d.get(field.fieldname)) if verbose: msgprint(msg) return False return True result = check_user_permission(doc) if not result: return False for d in doc.get_all_children(): if not check_user_permission(d): return False return True
def get_user_permissions(user): from frappe.core.doctype.user_permission.user_permission import get_user_permissions return get_user_permissions(user)
def get_user_permissions(user): from frappe.core.doctype.user_permission.user_permission import get_user_permissions return get_user_permissions(user)
def get_bootinfo(): """build and return boot info""" frappe.set_user_lang(frappe.session.user) bootinfo = frappe._dict() hooks = frappe.get_hooks() doclist = [] # user get_user(bootinfo) # system info bootinfo.sitename = frappe.local.site bootinfo.sysdefaults = frappe.defaults.get_defaults() bootinfo.user_permissions = get_user_permissions() bootinfo.server_date = frappe.utils.nowdate() if frappe.session['user'] != 'Guest': bootinfo.user_info = get_fullnames() bootinfo.sid = frappe.session['sid']; bootinfo.modules = {} bootinfo.module_list = [] load_desktop_icons(bootinfo) bootinfo.letter_heads = get_letter_heads() bootinfo.active_domains = frappe.get_active_domains() bootinfo.all_domains = [d.get("name") for d in frappe.get_all("Domain")] bootinfo.module_app = frappe.local.module_app bootinfo.single_types = frappe.db.sql_list("""select name from tabDocType where issingle=1""") add_home_page(bootinfo, doclist) bootinfo.page_info = get_allowed_pages() load_translations(bootinfo) add_timezone_info(bootinfo) load_conf_settings(bootinfo) load_print(bootinfo, doclist) doclist.extend(get_meta_bundle("Page")) bootinfo.home_folder = frappe.db.get_value("File", {"is_home_folder": 1}) # ipinfo if frappe.session.data.get('ipinfo'): bootinfo.ipinfo = frappe.session['data']['ipinfo'] # add docs bootinfo.docs = doclist for method in hooks.boot_session or []: frappe.get_attr(method)(bootinfo) if bootinfo.lang: bootinfo.lang = text_type(bootinfo.lang) bootinfo.versions = {k: v['version'] for k, v in get_versions().items()} bootinfo.error_report_email = frappe.get_hooks("error_report_email") bootinfo.calendars = sorted(frappe.get_hooks("calendars")) bootinfo.treeviews = frappe.get_hooks("treeviews") or [] bootinfo.lang_dict = get_lang_dict() bootinfo.feedback_triggers = get_enabled_feedback_trigger() bootinfo.gsuite_enabled = get_gsuite_status() bootinfo.update(get_email_accounts(user=frappe.session.user)) return bootinfo
def has_user_permission(doc, user=None): '''Returns True if User is allowed to view considering User Permissions''' from frappe.core.doctype.user_permission.user_permission import get_user_permissions user_permissions = get_user_permissions(user) if not user_permissions: # no user permission rules specified for this doctype return True # user can create own role permissions, so nothing applies if get_role_permissions('User Permission', user=user).get('write'): return True apply_strict_user_permissions = frappe.get_system_settings('apply_strict_user_permissions') doctype = doc.get('doctype') docname = doc.get('name') # STEP 1: --------------------- # check user permissions on self if doctype in user_permissions: allowed_docs = get_allowed_docs_for_doctype(user_permissions.get(doctype, []), doctype) # if allowed_docs is empty it states that there is no applicable permission under the current doctype # only check if allowed_docs is not empty if allowed_docs and docname not in allowed_docs: # no user permissions for this doc specified push_perm_check_log(_('Not allowed for {0}: {1}').format(_(doctype), docname)) return False # STEP 2: --------------------------------- # check user permissions in all link fields def check_user_permission_on_link_fields(d): # check user permissions for all the link fields of the given # document object d # # called for both parent and child records meta = frappe.get_meta(d.get("doctype")) # check all link fields for user permissions for field in meta.get_link_fields(): if field.ignore_user_permissions: continue # empty value, do you still want to apply user permissions? if not d.get(field.fieldname) and not apply_strict_user_permissions: # nah, not strict continue if field.options not in user_permissions: continue # get the list of all allowed values for this link allowed_docs = get_allowed_docs_for_doctype(user_permissions.get(field.options, []), doctype) if allowed_docs and d.get(field.fieldname) not in allowed_docs: # restricted for this link field, and no matching values found # make the right message and exit if d.get('parentfield'): # "Not allowed for Company = Restricted Company in Row 3. Restricted field: reference_type" msg = _('Not allowed for {0}: {1} in Row {2}. Restricted field: {3}').format( _(field.options), d.get(field.fieldname), d.idx, field.fieldname) else: # "Not allowed for Company = Restricted Company. Restricted field: reference_type" msg = _('Not allowed for {0}: {1}. Restricted field: {2}').format( _(field.options), d.get(field.fieldname), field.fieldname) push_perm_check_log(msg) return False return True if not check_user_permission_on_link_fields(doc): return False for d in doc.get_all_children(): if not check_user_permission_on_link_fields(d): return False return True
def has_user_permission(doc, user=None): '''Returns True if User is allowed to view considering User Permissions''' from frappe.core.doctype.user_permission.user_permission import get_user_permissions user_permissions = get_user_permissions(user) if not user_permissions: # no user permission rules specified for this doctype return True # user can create own role permissions, so nothing applies if get_role_permissions('User Permission', user=user).get('write'): return True apply_strict_user_permissions = frappe.get_system_settings( 'apply_strict_user_permissions') doctype = doc.get('doctype') docname = doc.get('name') # STEP 1: --------------------- # check user permissions on self if doctype in user_permissions: allowed_docs = get_allowed_docs_for_doctype( user_permissions.get(doctype, []), doctype) # if allowed_docs is empty it states that there is no applicable permission under the current doctype # only check if allowed_docs is not empty if allowed_docs and docname not in allowed_docs: # no user permissions for this doc specified push_perm_check_log( _('Not allowed for {0}: {1}').format(_(doctype), docname)) return False # STEP 2: --------------------------------- # check user permissions in all link fields def check_user_permission_on_link_fields(d): # check user permissions for all the link fields of the given # document object d # # called for both parent and child records meta = frappe.get_meta(d.get("doctype")) # check all link fields for user permissions for field in meta.get_link_fields(): if field.ignore_user_permissions: continue # empty value, do you still want to apply user permissions? if not d.get( field.fieldname) and not apply_strict_user_permissions: # nah, not strict continue if field.options not in user_permissions: continue # get the list of all allowed values for this link allowed_docs = get_allowed_docs_for_doctype( user_permissions.get(field.options, []), doctype) if allowed_docs and d.get(field.fieldname) not in allowed_docs: # restricted for this link field, and no matching values found # make the right message and exit if d.get('parentfield'): # "Not allowed for Company = Restricted Company in Row 3. Restricted field: reference_type" msg = _( 'Not allowed for {0}: {1} in Row {2}. Restricted field: {3}' ).format(_(field.options), d.get(field.fieldname), d.idx, field.fieldname) else: # "Not allowed for Company = Restricted Company. Restricted field: reference_type" msg = _('Not allowed for {0}: {1}. Restricted field: {2}' ).format(_(field.options), d.get(field.fieldname), field.fieldname) push_perm_check_log(msg) return False return True if not check_user_permission_on_link_fields(doc): return False for d in doc.get_all_children(): if not check_user_permission_on_link_fields(d): return False return True
def get_permitted_documents(doctype): return [d.get('doc') for d in get_user_permissions().get(doctype, []) \ if d.get('doc')]