def setUp(self): frappe.clear_cache(doctype="Blog Post") if not frappe.flags.permission_user_setup_done: user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Website Manager") user.add_roles("System Manager") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Blogger") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Sales User") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Website Manager") frappe.flags.permission_user_setup_done = True reset("Blogger") reset("Blog Post") frappe.db.sql("delete from `tabUser Permission`") frappe.set_user("*****@*****.**")
def test_fieldlevel_permissions_in_load(self): blog = frappe.get_doc({ "doctype": "Blog Post", "blog_category": "-test-blog-category-1", "blog_intro": "Test Blog Intro", "blogger": "_Test Blogger 1", "content": "Test Blog Content", "title": "_Test Blog Post {}".format(frappe.utils.now()), "published": 0 }) blog.insert() user = frappe.get_doc('User', '*****@*****.**') user_roles = frappe.get_roles() user.remove_roles(*user_roles) user.add_roles('Blogger') blog_post_property_setter = make_property_setter('Blog Post', 'published', 'permlevel', 1, 'Int') reset('Blog Post') add('Blog Post', 'Website Manager', 1) update('Blog Post', 'Website Manager', 1, 'write', 1) frappe.set_user(user.name) blog_doc = get_blog(blog.name) self.assertEqual(blog_doc.name, blog.name) # since published field has higher permlevel self.assertEqual(blog_doc.published, None) # this will be ignored because user does not # have write access on `published` field (or on permlevel 1 fields) blog_doc.published = 1 blog_doc.save() # since published field has higher permlevel self.assertEqual(blog_doc.published, 0) frappe.set_user('Administrator') user.add_roles('Website Manager') frappe.set_user(user.name) doc = frappe.get_doc('Blog Post', blog.name) doc.published = 1 doc.save() blog_doc = get_blog(blog.name) # now user should be allowed to read field with higher permlevel # (after adding Website Manager role) self.assertEqual(blog_doc.published, 1) frappe.set_user('Administrator') # reset user roles user.remove_roles('Blogger', 'Website Manager') user.add_roles(*user_roles) blog_doc.delete() frappe.delete_doc(blog_post_property_setter.doctype, blog_post_property_setter.name)
def set_print_email_permissions(): # reset Page perms from frappe.core.page.permission_manager.permission_manager import reset reset("Page") reset("Report") if "allow_print" not in frappe.db.get_table_columns("DocType"): return # patch to move print, email into DocPerm # NOTE: allow_print and allow_email are misnamed. They were used to hide print / hide email for doctype, hide_print, hide_email in frappe.db.sql( """select name, ifnull(allow_print, 0), ifnull(allow_email, 0) from `tabDocType` where ifnull(issingle, 0)=0 and ifnull(istable, 0)=0 and (ifnull(allow_print, 0)=0 or ifnull(allow_email, 0)=0)"""): if not hide_print: frappe.db.sql( """update `tabDocPerm` set `print`=1 where permlevel=0 and `read`=1 and parent=%s""", doctype) if not hide_email: frappe.db.sql( """update `tabDocPerm` set `email`=1 where permlevel=0 and `read`=1 and parent=%s""", doctype)
def test_reportview_get(self): user = frappe.get_doc("User", "*****@*****.**") add_child_table_to_blog_post() user_roles = frappe.get_roles() user.remove_roles(*user_roles) user.add_roles("Blogger") make_property_setter("Blog Post", "published", "permlevel", 1, "Int") reset("Blog Post") add("Blog Post", "Website Manager", 1) update("Blog Post", "Website Manager", 1, "write", 1) frappe.set_user(user.name) frappe.local.request = frappe._dict() frappe.local.request.method = "POST" frappe.local.form_dict = frappe._dict({ "doctype": "Blog Post", "fields": ["published", "title", "`tabTest Child`.`test_field`"], }) # even if * is passed, fields which are not accessible should be filtered out response = execute_cmd("frappe.desk.reportview.get") self.assertListEqual(response["keys"], ["title"]) frappe.local.form_dict = frappe._dict({ "doctype": "Blog Post", "fields": ["*"], }) response = execute_cmd("frappe.desk.reportview.get") self.assertNotIn("published", response["keys"]) frappe.set_user("Administrator") user.add_roles("Website Manager") frappe.set_user(user.name) frappe.set_user("Administrator") # Admin should be able to see access all fields frappe.local.form_dict = frappe._dict({ "doctype": "Blog Post", "fields": ["published", "title", "`tabTest Child`.`test_field`"], }) response = execute_cmd("frappe.desk.reportview.get") self.assertListEqual(response["keys"], ["published", "title", "test_field"]) # reset user roles user.remove_roles("Blogger", "Website Manager") user.add_roles(*user_roles)
def test_fieldlevel_permissions_in_load(self): user = frappe.get_doc('User', '*****@*****.**') user.remove_roles('Website Manager') user.add_roles('Blogger') reset('Blog Post') frappe.db.set_value('DocField', { 'fieldname': 'published', 'parent': 'Blog Post' }, 'permlevel', 1) update('Blog Post', 'Website Manager', 0, 'permlevel', 1) frappe.set_user(user.name) # print frappe.as_json(get_valid_perms('Blog Post')) frappe.clear_cache(doctype='Blog Post') blog = frappe.db.get_value('Blog Post', {'title': '_Test Blog Post'}) getdoc('Blog Post', blog) checked = False for doc in frappe.response.docs: if doc.name == blog: self.assertEqual(doc.published, None) checked = True self.assertTrue(checked, True) frappe.db.set_value('DocField', { 'fieldname': 'published', 'parent': 'Blog Post' }, 'permlevel', 0) reset('Blog Post') frappe.clear_cache(doctype='Blog Post') frappe.response.docs = [] getdoc('Blog Post', blog) checked = False for doc in frappe.response.docs: if doc.name == blog: self.assertEqual(doc.published, 1) checked = True self.assertTrue(checked, True) frappe.set_user('Administrator')
def setUp(self): items = create_items() reset('Stock Entry') # delete SLE and BINs for all items frappe.db.sql( "delete from `tabStock Ledger Entry` where item_code in (%s)" % (', '.join(['%s'] * len(items))), items) frappe.db.sql( "delete from `tabBin` where item_code in (%s)" % (', '.join(['%s'] * len(items))), items)
def tearDown(self): frappe.set_user("Administrator") frappe.db.set_value("Blogger", "_Test Blogger 1", "user", None) clear_user_permissions_for_doctype("Blog Category") clear_user_permissions_for_doctype("Blog Post") clear_user_permissions_for_doctype("Blogger") reset('Blogger') reset('Blog Post') self.set_ignore_user_permissions_if_missing(0)
def setUp(self): items = create_items() reset("Stock Entry") # delete SLE and BINs for all items frappe.db.sql( "delete from `tabStock Ledger Entry` where item_code in (%s)" % (", ".join(["%s"] * len(items))), items, ) frappe.db.sql( "delete from `tabBin` where item_code in (%s)" % (", ".join(["%s"] * len(items))), items)
def setUp(self): frappe.clear_cache(doctype="Blog Post") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Website Manager") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Blogger") reset('Blogger') reset('Blog Post') self.set_ignore_user_permissions_if_missing(0) frappe.set_user("*****@*****.**")
def test_fieldlevel_permissions_in_load(self): user = frappe.get_doc('User', '*****@*****.**') user.remove_roles('Website Manager') user.add_roles('Blogger') reset('Blog Post') frappe.db.sql('update tabDocField set permlevel=1 where fieldname="published" and parent="Blog Post"') update('Blog Post', 'Website Manager', 0, 'permlevel', 1) frappe.set_user(user.name) # print frappe.as_json(get_valid_perms('Blog Post')) frappe.clear_cache(doctype='Blog Post') blog = frappe.db.get_value('Blog Post', {'title': '_Test Blog Post'}) getdoc('Blog Post', blog) checked = False for doc in frappe.response.docs: if doc.name == blog: self.assertEquals(doc.published, None) checked = True self.assertTrue(checked, True) frappe.db.sql('update tabDocField set permlevel=0 where fieldname="published" and parent="Blog Post"') reset('Blog Post') frappe.clear_cache(doctype='Blog Post') frappe.response.docs = [] getdoc('Blog Post', blog) checked = False for doc in frappe.response.docs: if doc.name == blog: self.assertEquals(doc.published, 1) checked = True self.assertTrue(checked, True) frappe.set_user('Administrator')
def execute(): # reset Page perms from frappe.core.page.permission_manager.permission_manager import reset reset("Page") reset("Report") # patch to move print, email into DocPerm for doctype, hide_print, hide_email in frappe.db.sql("""select name, ifnull(allow_print, 0), ifnull(allow_email, 0) from `tabDocType` where ifnull(issingle, 0)=0 and ifnull(istable, 0)=0 and (ifnull(allow_print, 0)=0 or ifnull(allow_email, 0)=0)"""): if not hide_print: frappe.db.sql("""update `tabDocPerm` set `print`=1 where permlevel=0 and `read`=1 and parent=%s""", doctype) if not hide_email: frappe.db.sql("""update `tabDocPerm` set `email`=1 where permlevel=0 and `read`=1 and parent=%s""", doctype)
def test_fieldlevel_permissions_in_load_for_child_table(self): contact = frappe.new_doc('Contact') contact.first_name = '_Test Contact 1' contact.append('phone_nos', {'phone': '123456'}) contact.insert() user = frappe.get_doc('User', '*****@*****.**') user_roles = frappe.get_roles() user.remove_roles(*user_roles) user.add_roles('Accounts User') make_property_setter('Contact Phone', 'phone', 'permlevel', 1, 'Int') reset('Contact Phone') add('Contact', 'Sales User', 1) update('Contact', 'Sales User', 1, 'write', 1) frappe.set_user(user.name) contact = frappe.get_doc('Contact', '_Test Contact 1') contact.phone_nos[0].phone = '654321' contact.save() self.assertEqual(contact.phone_nos[0].phone, '123456') frappe.set_user('Administrator') user.add_roles('Sales User') frappe.set_user(user.name) contact.phone_nos[0].phone = '654321' contact.save() contact = frappe.get_doc('Contact', '_Test Contact 1') self.assertEqual(contact.phone_nos[0].phone, '654321') frappe.set_user('Administrator') # reset user roles user.remove_roles('Accounts User', 'Sales User') user.add_roles(*user_roles) contact.delete()
def test_fieldlevel_permissions_in_load_for_child_table(self): contact = frappe.new_doc("Contact") contact.first_name = "_Test Contact 1" contact.append("phone_nos", {"phone": "123456"}) contact.insert() user = frappe.get_doc("User", "*****@*****.**") user_roles = frappe.get_roles() user.remove_roles(*user_roles) user.add_roles("Accounts User") make_property_setter("Contact Phone", "phone", "permlevel", 1, "Int") reset("Contact Phone") add("Contact", "Sales User", 1) update("Contact", "Sales User", 1, "write", 1) frappe.set_user(user.name) contact = frappe.get_doc("Contact", "_Test Contact 1") contact.phone_nos[0].phone = "654321" contact.save() self.assertEqual(contact.phone_nos[0].phone, "123456") frappe.set_user("Administrator") user.add_roles("Sales User") frappe.set_user(user.name) contact.phone_nos[0].phone = "654321" contact.save() contact = frappe.get_doc("Contact", "_Test Contact 1") self.assertEqual(contact.phone_nos[0].phone, "654321") frappe.set_user("Administrator") # reset user roles user.remove_roles("Accounts User", "Sales User") user.add_roles(*user_roles) contact.delete()
def test_strict_user_permissions(self): """If `Strict User Permissions` is checked in System Settings, show records even if User Permissions are missing for a linked doctype""" frappe.set_user('Administrator') frappe.db.sql('DELETE FROM `tabContact`') frappe.db.sql('DELETE FROM `tabContact Email`') frappe.db.sql('DELETE FROM `tabContact Phone`') reset('Salutation') reset('Contact') make_test_records_for_doctype('Contact', force=True) add_user_permission("Salutation", "Mr", "*****@*****.**") self.set_strict_user_permissions(0) allowed_contact = frappe.get_doc('Contact', '_Test Contact For _Test Customer') other_contact = frappe.get_doc('Contact', '_Test Contact For _Test Supplier') frappe.set_user("*****@*****.**") self.assertTrue(allowed_contact.has_permission('read')) self.assertTrue(other_contact.has_permission('read')) self.assertEqual(len(frappe.get_list("Contact")), 2) frappe.set_user("Administrator") self.set_strict_user_permissions(1) frappe.set_user("*****@*****.**") self.assertTrue(allowed_contact.has_permission('read')) self.assertFalse(other_contact.has_permission('read')) self.assertTrue(len(frappe.get_list("Contact")), 1) frappe.set_user("Administrator") self.set_strict_user_permissions(0) clear_user_permissions_for_doctype("Salutation") clear_user_permissions_for_doctype("Contact")
def setUp(self): frappe.clear_cache(doctype="Blog Post") if not frappe.flags.permission_user_setup_done: user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Website Manager") user.add_roles("System Manager") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Blogger") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Sales User") frappe.flags.permission_user_setup_done = True reset('Blogger') reset('Blog Post') frappe.db.sql('delete from `tabUser Permission`') frappe.set_user("*****@*****.**")
def set_print_email_permissions(): # reset Page perms from frappe.core.page.permission_manager.permission_manager import reset reset("Page") reset("Report") if "allow_print" not in frappe.db.get_table_columns("DocType"): return # patch to move print, email into DocPerm # NOTE: allow_print and allow_email are misnamed. They were used to hide print / hide email for doctype, hide_print, hide_email in frappe.db.sql("""select name, ifnull(allow_print, 0), ifnull(allow_email, 0) from `tabDocType` where ifnull(issingle, 0)=0 and ifnull(istable, 0)=0 and (ifnull(allow_print, 0)=0 or ifnull(allow_email, 0)=0)"""): if not hide_print: frappe.db.sql("""update `tabDocPerm` set `print`=1 where permlevel=0 and `read`=1 and parent=%s""", doctype) if not hide_email: frappe.db.sql("""update `tabDocPerm` set `email`=1 where permlevel=0 and `read`=1 and parent=%s""", doctype)
def tearDown(self): frappe.set_user("Administrator") frappe.db.set_value("Blogger", "_Test Blogger 1", "user", None) clear_user_permissions_for_doctype("Blog Category") clear_user_permissions_for_doctype("Blog Post") clear_user_permissions_for_doctype("Blogger") clear_user_permissions_for_doctype("Contact") clear_user_permissions_for_doctype("Salutation") reset('Blogger') reset('Blog Post') reset('Contact') reset('Salutation') self.set_ignore_user_permissions_if_missing(0)
def test_strict_user_permissions(self): """If `Strict User Permissions` is checked in System Settings, show records even if User Permissions are missing for a linked doctype""" frappe.set_user('Administrator') frappe.db.sql('delete from tabContact') reset('Salutation') reset('Contact') make_test_records_for_doctype('Contact', force=True) add_user_permission("Salutation", "Mr", "*****@*****.**") self.set_strict_user_permissions(0) allowed_contact = frappe.get_doc('Contact', '_Test Contact for _Test Customer') other_contact = frappe.get_doc('Contact', '_Test Contact for _Test Supplier') frappe.set_user("*****@*****.**") self.assertTrue(allowed_contact.has_permission('read')) self.assertTrue(other_contact.has_permission('read')) self.assertEqual(len(frappe.get_list("Contact")), 2) frappe.set_user("Administrator") self.set_strict_user_permissions(1) frappe.set_user("*****@*****.**") self.assertTrue(allowed_contact.has_permission('read')) self.assertFalse(other_contact.has_permission('read')) self.assertTrue(len(frappe.get_list("Contact")), 1) frappe.set_user("Administrator") self.set_strict_user_permissions(0) clear_user_permissions_for_doctype("Salutation") clear_user_permissions_for_doctype("Contact")
def setUp(self): frappe.clear_cache(doctype="Blog Post") frappe.clear_cache(doctype="Contact") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Website Manager") user.add_roles("System Manager") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Blogger") user = frappe.get_doc("User", "*****@*****.**") user.add_roles("Sales User") reset('Blogger') reset('Blog Post') reset('Contact') reset('Salutation') frappe.db.sql('delete from `tabUser Permission`') self.set_ignore_user_permissions_if_missing(0) frappe.set_user("*****@*****.**")