From 0981f593ffa249eaa0d7732b1d58243c95fbfa14 Mon Sep 17 00:00:00 2001 From: marination Date: Thu, 24 Nov 2022 20:30:24 +0530 Subject: [PATCH] fix: Allow card actions (adding/dragging) if access to reference doctype - allow user to update kanban column cards order even without write access --- frappe/desk/doctype/kanban_board/kanban_board.py | 16 +++++++++++----- .../frappe/views/kanban/kanban_board.bundle.js | 14 +++----------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/frappe/desk/doctype/kanban_board/kanban_board.py b/frappe/desk/doctype/kanban_board/kanban_board.py index 83f0f46df0..c9eb48564d 100644 --- a/frappe/desk/doctype/kanban_board/kanban_board.py +++ b/frappe/desk/doctype/kanban_board/kanban_board.py @@ -88,6 +88,9 @@ def update_order(board_name, order): """Save the order of cards in columns""" board = frappe.get_doc("Kanban Board", board_name) doctype = board.reference_doctype + + frappe.has_permission(doctype, "write", throw=True) + fieldname = board.field_name order_dict = json.loads(order) @@ -103,8 +106,7 @@ def update_order(board_name, order): if column.column_name == col_name: column.order = json.dumps(cards) - board.save() - return board, updated_cards + return board.save(ignore_permissions=True), updated_cards @frappe.whitelist() @@ -114,6 +116,9 @@ def update_order_for_single_card( """Save the order of cards in columns""" board = frappe.get_doc("Kanban Board", board_name) doctype = board.reference_doctype + + frappe.has_permission(doctype, "write", throw=True) + fieldname = board.field_name old_index = frappe.parse_json(old_index) new_index = frappe.parse_json(new_index) @@ -130,7 +135,7 @@ def update_order_for_single_card( # save updated order board.columns[from_col_idx].order = frappe.as_json(from_col_order) board.columns[to_col_idx].order = frappe.as_json(to_col_order) - board.save() + board.save(ignore_permissions=True) # update changed value in doc frappe.set_value(doctype, docname, fieldname, to_colname) @@ -151,13 +156,14 @@ def get_kanban_column_order_and_index(board, colname): def add_card(board_name, docname, colname): board = frappe.get_doc("Kanban Board", board_name) + frappe.has_permission(board.reference_doctype, "write", throw=True) + col_order, col_idx = get_kanban_column_order_and_index(board, colname) col_order.insert(0, docname) board.columns[col_idx].order = frappe.as_json(col_order) - board.save() - return board + return board.save(ignore_permissions=True) @frappe.whitelist() diff --git a/frappe/public/js/frappe/views/kanban/kanban_board.bundle.js b/frappe/public/js/frappe/views/kanban/kanban_board.bundle.js index 52eb912c78..f8782e9f21 100644 --- a/frappe/public/js/frappe/views/kanban/kanban_board.bundle.js +++ b/frappe/public/js/frappe/views/kanban/kanban_board.bundle.js @@ -326,11 +326,7 @@ frappe.provide("frappe.views"); store.watch((state, getters) => { return state.empty_state; }, show_empty_state); - - if (self.board_perms.write) { - // If write access to Board, update Kanban cards order on load - store.dispatch("update_order"); - } + store.dispatch("update_order"); } function prepare() { @@ -338,13 +334,12 @@ frappe.provide("frappe.views"); if (self.$kanban_board.length === 0) { self.$kanban_board = $(frappe.render_template("kanban_board")); - // add column self.$kanban_board.appendTo(self.wrapper); } self.$filter_area = self.cur_list.$page.find(".active-tag-filters"); bind_events(); - setup_sortable(); // column + setup_sortable(); } function make_columns() { @@ -533,7 +528,7 @@ frappe.provide("frappe.views"); function init() { make_dom(); - setup_sortable(); // drag card + setup_sortable(); make_cards(); store.watch((state, getters) => { return state.cards; @@ -581,9 +576,6 @@ frappe.provide("frappe.views"); } function setup_sortable() { - // If no write access, editing board (by dragging card) should be blocked - if (!board_perms.write) return; - Sortable.create(self.$kanban_cards.get(0), { group: "cards", animation: 150,