Role and User Permissions
This commit is contained in:
Anand Doshi
parent
a57842e32b
commit
11259e8eaa
22 changed files with 169 additions and 167 deletions
|
|
@ -27,7 +27,7 @@ def get_data():
|
|||
{
|
||||
"type": "page",
|
||||
"name": "user-permissions",
|
||||
"label": _("User Permissions"),
|
||||
"label": _("User Permissions Manager"),
|
||||
"icon": "icon-user",
|
||||
"description": _("Set Permissions per User")
|
||||
},
|
||||
|
|
|
|||
|
|
@ -84,16 +84,20 @@ def create_custom_field_if_values_exist(doctype, df):
|
|||
df = frappe._dict(df)
|
||||
if df.fieldname in frappe.db.get_table_columns(doctype) and \
|
||||
frappe.db.sql("""select count(*) from `tab{doctype}`
|
||||
where ifnull({fieldname},'')!=''""".format(doctype=doctype, fieldname=df.fieldname))[0][0] and \
|
||||
not frappe.db.get_value("Custom Field", {"dt": doctype, "fieldname": df.fieldname}):
|
||||
frappe.get_doc({
|
||||
"doctype":"Custom Field",
|
||||
"dt": doctype,
|
||||
"permlevel": df.permlevel or 0,
|
||||
"label": df.label,
|
||||
"fieldname": df.fieldname,
|
||||
"fieldtype": df.fieldtype,
|
||||
"options": df.options,
|
||||
"insert_after": df.insert_after
|
||||
}).insert()
|
||||
where ifnull({fieldname},'')!=''""".format(doctype=doctype, fieldname=df.fieldname))[0][0]:
|
||||
|
||||
create_custom_field(doctype, df)
|
||||
|
||||
|
||||
def create_custom_field(doctype, df):
|
||||
if not frappe.db.get_value("Custom Field", {"dt": doctype, "fieldname": df.fieldname}):
|
||||
frappe.get_doc({
|
||||
"doctype":"Custom Field",
|
||||
"dt": doctype,
|
||||
"permlevel": df.permlevel or 0,
|
||||
"label": df.label,
|
||||
"fieldname": df.fieldname,
|
||||
"fieldtype": df.fieldtype,
|
||||
"options": df.options,
|
||||
"insert_after": df.insert_after
|
||||
}).insert()
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ cur_frm.cscript.refresh = function(doc) {
|
|||
frappe.route_options = {
|
||||
"user": doc.name
|
||||
};
|
||||
frappe.set_route("user-properties");
|
||||
frappe.set_route("user-permissions");
|
||||
})
|
||||
|
||||
if(has_common(user_roles, ["Administrator", "System Manager"])) {
|
||||
|
|
|
|||
|
|
@ -173,8 +173,8 @@ frappe.PermissionEngine = Class.extend({
|
|||
</table>\
|
||||
</div>").appendTo(this.body);
|
||||
|
||||
$.each([["Document Type", 150], ["Role", 150], ["Level", 40],
|
||||
["Permissions", 370], ["", 40]], function(i, col) {
|
||||
$.each([["Document Type", 150], ["Role", 170], ["Level", 40],
|
||||
["Permissions", 350], ["", 40]], function(i, col) {
|
||||
$("<th>").html(col[0]).css("width", col[1]+"px")
|
||||
.appendTo(me.table.find("thead tr"));
|
||||
});
|
||||
|
|
@ -214,7 +214,9 @@ frappe.PermissionEngine = Class.extend({
|
|||
me.set_show_users(role_cell, d.role);
|
||||
|
||||
if (d.permlevel===0) {
|
||||
add_check(role_cell, d, "apply_user_permissions").removeClass("col-md-4");
|
||||
add_check(role_cell, d, "apply_user_permissions")
|
||||
.removeClass("col-md-4")
|
||||
.css({"margin-top": "15px"});
|
||||
}
|
||||
|
||||
var cell = add_cell(row, d, "permlevel");
|
||||
|
|
@ -385,7 +387,7 @@ var permissions_help = ['<table class="table table-bordered" style="background-c
|
|||
':</h4>',
|
||||
'<ol>',
|
||||
'<li>',
|
||||
__('Permissions are set on Roles and Document Types (called DocTypes) by setting rights like Read, Write, Create, Delete, Submit, Cancel, Amend, Report, Import, Export, Print, Email, Only Restricted Documents and Can Restrict Others.'),
|
||||
__('Permissions are set on Roles and Document Types (called DocTypes) by setting rights like Read, Write, Create, Delete, Submit, Cancel, Amend, Report, Import, Export, Print, Email and Set User Permissions.'),
|
||||
'</li>',
|
||||
'<li>',
|
||||
__('Permissions get applied on Users based on what Roles they are assigned.'),
|
||||
|
|
@ -437,7 +439,7 @@ var permissions_help = ['<table class="table table-bordered" style="background-c
|
|||
__('If a Role does not have access at Level 0, then higher levels are meaningless.'),
|
||||
'</li>',
|
||||
'<li>',
|
||||
__("Permissions at higher levels are 'Field Level' permissions. All Fields have a 'Permission Level' set against them and the rules defined at that permissions apply to the field. This is useful in case you want to hide or make certain field read-only."),
|
||||
__("Permissions at higher levels are 'Field Level' permissions. All Fields have a 'Permission Level' set against them and the rules defined at that permissions apply to the field. This is useful in case you want to hide or make certain field read-only for certain Roles."),
|
||||
'</li>',
|
||||
'<li>',
|
||||
__('You can use Customize Form to set levels on fields.')
|
||||
|
|
@ -447,27 +449,18 @@ var permissions_help = ['<table class="table table-bordered" style="background-c
|
|||
'</td></tr>',
|
||||
'<tr><td>',
|
||||
'<h4><i class="icon-shield"></i> ',
|
||||
__('Restricting Users'),
|
||||
__('User Permissions'),
|
||||
':</h4>',
|
||||
'<ol>',
|
||||
'<li>',
|
||||
__("To give acess to a role for only specific records, check the 'Restricted' perimssion. User Restriction Records are used to restrict users with such role to specific records.")
|
||||
+ ' (<a href="#user-properties">' + __('Setup > User Restriction') + '</a>)',
|
||||
__("To give acess to a role for only specific records, check the 'Apply User Permissions'. User Permissions are used to limit users with such role to specific records.")
|
||||
+ ' (<a href="#user-permissions">' + __('Setup > User Permissions Manager') + '</a>)',
|
||||
'</li>',
|
||||
'<li>',
|
||||
__("If 'Restricted' is not checked, you can still restrict permissions based on certain values, like Company or Territory in a document by setting User Restrictions. But unless any restriction is set, a user will have permissions based on the Role."),
|
||||
__("Once you have set this, the users will only be able access documents (eg. Blog Post) where the link exists (eg. Blogger)."),
|
||||
'</li>',
|
||||
'<li>',
|
||||
__("Permissions at higher levels are 'Field Level' permissions. All Fields have a 'Permission Level' set against them and the rules defined at that permissions apply to the field. This is useful in case you want to hide or make certain field read-only."),
|
||||
'</li>',
|
||||
'<li>',
|
||||
__("If 'Restricted' is checked, the owner is always allowed based on Role."),
|
||||
'</li>',
|
||||
'<li>',
|
||||
__("Once you have set this, the users will only be able access documents where the link (e.g Company) exists."),
|
||||
'</li>',
|
||||
'<li>',
|
||||
__("Apart from System Manager, roles with 'Can Restrict Others' permission can restrict other users for that Document Type."),
|
||||
__("Apart from System Manager, roles with 'Set User Permissions' right can set permissions for other users for that Document Type."),
|
||||
'</li>',
|
||||
'</ol>',
|
||||
'</td></tr>',
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ frappe.pages['user-permissions'].onload = function(wrapper) {
|
|||
frappe.ui.make_app_page({
|
||||
parent: wrapper,
|
||||
title: "User Permissions Manager",
|
||||
icon: "icon-user",
|
||||
single_column: true
|
||||
});
|
||||
$(wrapper).find(".layout-main").html("<div class='user-settings' style='min-height: 200px;'></div>\
|
||||
|
|
@ -14,10 +15,7 @@ frappe.pages['user-permissions'].onload = function(wrapper) {
|
|||
+ "</li>"
|
||||
|
||||
+ "<li>"
|
||||
+ __("These permissions will apply for all transactions where the permitted record is linked.")
|
||||
|
||||
+ __("For example, if Company C is added to User Permissions of user X, \
|
||||
user X will only be able to see transactions that has company C as a linked value.")
|
||||
+ __("These permissions will apply for all transactions where the permitted record is linked. For example, if Company C is added to User Permissions of user X, user X will only be able to see transactions that has company C as a linked value.")
|
||||
+ "</li>"
|
||||
|
||||
+ "<li>"
|
||||
|
|
@ -61,16 +59,16 @@ frappe.UserPermissions = Class.extend({
|
|||
options: (["Select User..."].concat(r.message.users)).join("\n")
|
||||
});
|
||||
|
||||
me.filters.property = me.wrapper.appframe.add_field({
|
||||
fieldname: "property",
|
||||
label: __("Property"),
|
||||
me.filters.doctype = me.wrapper.appframe.add_field({
|
||||
fieldname: "doctype",
|
||||
label: __("DocType"),
|
||||
fieldtype: "Select",
|
||||
options: (["Select Property..."].concat(me.get_link_names())).join("\n")
|
||||
options: (["Select DocType..."].concat(me.get_link_names())).join("\n")
|
||||
});
|
||||
|
||||
me.filters.user_permission = me.wrapper.appframe.add_field({
|
||||
fieldname: "user_permission",
|
||||
label: __("User Permission"),
|
||||
label: __("Name"),
|
||||
fieldtype: "Link",
|
||||
options: "[Select]"
|
||||
});
|
||||
|
|
@ -83,8 +81,8 @@ frappe.UserPermissions = Class.extend({
|
|||
});
|
||||
|
||||
// change options in user_permission link
|
||||
me.filters.property.$input.on("change", function() {
|
||||
me.filters.user_permission.df.options = $(this).val();
|
||||
me.filters.doctype.$input.on("change", function() {
|
||||
me.filters.user_permission.df.options = me.get_doctype();
|
||||
});
|
||||
|
||||
me.set_from_route();
|
||||
|
|
@ -112,9 +110,9 @@ frappe.UserPermissions = Class.extend({
|
|||
var user = this.filters.user.$input.val();
|
||||
return user=="Select User..." ? null : user;
|
||||
},
|
||||
get_property: function() {
|
||||
var property = this.filters.property.$input.val();
|
||||
return property=="Select Property..." ? null : property;
|
||||
get_doctype: function() {
|
||||
var doctype = this.filters.doctype.$input.val();
|
||||
return doctype=="Select DocType..." ? null : doctype;
|
||||
},
|
||||
get_user_permission: function() {
|
||||
// autosuggest hack!
|
||||
|
|
@ -127,9 +125,9 @@ frappe.UserPermissions = Class.extend({
|
|||
if(!prop_list || !prop_list.length) {
|
||||
this.body.html("<div class='alert alert-info'>"+__("No User Permissions found.")+"</div>");
|
||||
} else {
|
||||
this.show_property_table();
|
||||
this.show_user_permissions_table();
|
||||
}
|
||||
this.show_add_property();
|
||||
this.show_add_user_permission();
|
||||
},
|
||||
refresh: function() {
|
||||
var me = this;
|
||||
|
|
@ -137,8 +135,8 @@ frappe.UserPermissions = Class.extend({
|
|||
this.body.html("<div class='alert alert-info'>"+__("Loading")+"...</div>");
|
||||
return;
|
||||
}
|
||||
if(!me.get_user() && !me.get_property()) {
|
||||
this.body.html("<div class='alert alert-warning'>"+__("Select User or Property to start.")+"</div>");
|
||||
if(!me.get_user() && !me.get_doctype()) {
|
||||
this.body.html("<div class='alert alert-warning'>"+__("Select User or DocType to start.")+"</div>");
|
||||
return;
|
||||
}
|
||||
// get permissions
|
||||
|
|
@ -148,7 +146,7 @@ frappe.UserPermissions = Class.extend({
|
|||
method: "get_permissions",
|
||||
args: {
|
||||
parent: me.get_user(),
|
||||
defkey: me.get_property(),
|
||||
defkey: me.get_doctype(),
|
||||
defvalue: me.get_user_permission()
|
||||
},
|
||||
callback: function(r) {
|
||||
|
|
@ -156,14 +154,14 @@ frappe.UserPermissions = Class.extend({
|
|||
}
|
||||
});
|
||||
},
|
||||
show_property_table: function() {
|
||||
show_user_permissions_table: function() {
|
||||
var me = this;
|
||||
this.table = $("<table class='table table-bordered'>\
|
||||
<thead><tr></tr></thead>\
|
||||
<tbody></tbody>\
|
||||
</table>").appendTo(this.body);
|
||||
|
||||
$.each([[__("User"), 150], [__("Type"), 150], [__("Restricted To"),150], ["", 50]],
|
||||
$.each([[__("User"), 150], [__("DocType"), 150], [__("User Permission"),150], ["", 50]],
|
||||
function(i, col) {
|
||||
$("<th>").html(col[0]).css("width", col[1]+"px")
|
||||
.appendTo(me.table.find("thead tr"));
|
||||
|
|
@ -212,17 +210,17 @@ frappe.UserPermissions = Class.extend({
|
|||
});
|
||||
},
|
||||
|
||||
show_add_property: function() {
|
||||
show_add_user_permission: function() {
|
||||
var me = this;
|
||||
$("<button class='btn btn-info'>"+__("Add A User Permission")+"</button>")
|
||||
.appendTo($("<p>").appendTo(this.body))
|
||||
.click(function() {
|
||||
var d = new frappe.ui.Dialog({
|
||||
title: "Add New Property",
|
||||
title: "Add New User Permission",
|
||||
fields: [
|
||||
{fieldtype:"Select", label:__("User"),
|
||||
options:me.options.users, reqd:1, fieldname:"user"},
|
||||
{fieldtype:"Select", label: __("Property"), fieldname:"defkey",
|
||||
{fieldtype:"Select", label: __("DocType"), fieldname:"defkey",
|
||||
options:me.get_link_names(), reqd:1},
|
||||
{fieldtype:"Link", label:__("Value"), fieldname:"defvalue",
|
||||
options:'[Select]', reqd:1},
|
||||
|
|
@ -233,8 +231,8 @@ frappe.UserPermissions = Class.extend({
|
|||
d.set_value("user", me.get_user());
|
||||
d.get_input("user").prop("disabled", true);
|
||||
}
|
||||
if(me.get_property()) {
|
||||
d.set_value("defkey", me.get_property());
|
||||
if(me.get_doctype()) {
|
||||
d.set_value("defkey", me.get_doctype());
|
||||
d.get_input("defkey").prop("disabled", true);
|
||||
}
|
||||
if(me.get_user_permission()) {
|
||||
|
|
|
|||
|
|
@ -1,16 +1,19 @@
|
|||
{
|
||||
"creation": "2013-01-01 18:50:55.000000",
|
||||
"docstatus": 0,
|
||||
"doctype": "Page",
|
||||
"icon": "icon-user",
|
||||
"idx": 1,
|
||||
"modified": "2014-05-26 11:11:56.000000",
|
||||
"modified_by": "Administrator",
|
||||
"module": "Core",
|
||||
"name": "user-permissions",
|
||||
"owner": "Administrator",
|
||||
"page_name": "user-permissions",
|
||||
"roles": [],
|
||||
"standard": "Yes",
|
||||
"content": null,
|
||||
"creation": "2013-01-01 18:50:55",
|
||||
"docstatus": 0,
|
||||
"doctype": "Page",
|
||||
"icon": "icon-user",
|
||||
"idx": 1,
|
||||
"modified": "2014-05-28 16:53:43.103533",
|
||||
"modified_by": "Administrator",
|
||||
"module": "Core",
|
||||
"name": "user-permissions",
|
||||
"owner": "Administrator",
|
||||
"page_name": "user-permissions",
|
||||
"roles": [],
|
||||
"script": null,
|
||||
"standard": "Yes",
|
||||
"style": null,
|
||||
"title": "User Permissions Manager"
|
||||
}
|
||||
}
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
from __future__ import unicode_literals
|
||||
import frappe
|
||||
from frappe import _
|
||||
import frappe.defaults
|
||||
import frappe.permissions
|
||||
from frappe.core.doctype.user.user import get_system_users
|
||||
|
|
@ -51,17 +52,17 @@ def _build_conditions(filters):
|
|||
|
||||
@frappe.whitelist()
|
||||
def remove(user, name, defkey, defvalue):
|
||||
if not frappe.permissions.can_set_user_permissions_for_user(user, defkey, defvalue):
|
||||
raise frappe.PermissionError("Cannot Remove Permission for User: {user} on DocType: {doctype} and Name: {name}".format(
|
||||
user=user, doctype=defkey, name=defvalue))
|
||||
if not frappe.permissions.can_set_user_permissions(defkey, defvalue):
|
||||
frappe.throw(_("Cannot remove permission for DocType: {0} and Name: {1}").format(
|
||||
defkey, defvalue), frappe.PermissionError)
|
||||
|
||||
frappe.permissions.remove_user_permission(defkey, defvalue, user, name)
|
||||
|
||||
@frappe.whitelist()
|
||||
def add(user, defkey, defvalue):
|
||||
if not frappe.permissions.can_set_user_permissions_for_user(user, defkey, defvalue):
|
||||
raise frappe.PermissionError("Cannot Set Permission for User: {user} on DocType: {doctype} and Name: {name}".format(
|
||||
user=user, doctype=defkey, name=defvalue))
|
||||
if not frappe.permissions.can_set_user_permissions(defkey, defvalue):
|
||||
frappe.throw(_("Cannot set permission for DocType: {0} and Name: {1}").format(
|
||||
defkey, defvalue), frappe.PermissionError)
|
||||
|
||||
frappe.permissions.add_user_permission(defkey, defvalue, user)
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ execute:frappe.db.sql("alter table `tabSessions` modify `user` varchar(255), eng
|
|||
frappe.patches.v4_0.remove_old_parent
|
||||
frappe.patches.v4_0.remove_index_sitemap
|
||||
frappe.patches.v4_0.add_delete_permission
|
||||
frappe.patches.v4_0.move_match_to_restricted
|
||||
frappe.patches.v4_0.set_todo_checked_as_closed
|
||||
frappe.patches.v4_0.website_sitemap_hierarchy
|
||||
frappe.patches.v4_0.webnotes_to_frappe
|
||||
|
|
@ -31,3 +30,4 @@ frappe.patches.v4_0.deprecate_link_selects
|
|||
frappe.patches.v4_0.set_user_gravatar
|
||||
frappe.patches.v4_0.update_custom_field_insert_after
|
||||
frappe.patches.v4_0.set_user_permissions
|
||||
frappe.patches.v4_0.create_custom_field_for_owner_match
|
||||
|
|
|
|||
38
frappe/patches/v4_0/create_custom_field_for_owner_match.py
Normal file
38
frappe/patches/v4_0/create_custom_field_for_owner_match.py
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright (c) 2013, Web Notes Technologies Pvt. Ltd. and Contributors
|
||||
# MIT License. See license.txt
|
||||
|
||||
from __future__ import unicode_literals
|
||||
import frappe
|
||||
from frappe.core.doctype.custom_field.custom_field import create_custom_field
|
||||
|
||||
def execute():
|
||||
if "match" in frappe.db.get_table_columns("DocPerm"):
|
||||
create_custom_field_for_owner_match()
|
||||
|
||||
def create_custom_field_for_owner_match():
|
||||
frappe.db.sql("""update `tabDocPerm` set apply_user_permissions=1 where `match`='owner'""")
|
||||
|
||||
for dt in frappe.db.sql_list("""select distinct parent from `tabDocPerm`
|
||||
where `match`='owner' and permlevel=0"""):
|
||||
|
||||
# a link field pointing to User already exists
|
||||
if frappe.db.get_value("DocField", {"parent": dt, "fieldtype": "Link", "options": "User",
|
||||
"default": "__user"}):
|
||||
print "User link field already exists for", dt
|
||||
continue
|
||||
|
||||
fieldname = "{}_owner".format(frappe.scrub(dt))
|
||||
|
||||
create_custom_field(dt, frappe._dict({
|
||||
"permlevel": 0,
|
||||
"label": "{} Owner".format(dt),
|
||||
"fieldname": fieldname,
|
||||
"fieldtype": "Link",
|
||||
"options": "User"
|
||||
}))
|
||||
|
||||
frappe.db.sql("""update `tab{doctype}` set `{fieldname}`=owner""".format(doctype=dt,
|
||||
fieldname=fieldname))
|
||||
|
||||
# commit is required so that we don't lose these changes because of an error in next loop's ddl
|
||||
frappe.db.commit()
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# Copyright (c) 2013, Web Notes Technologies Pvt. Ltd. and Contributors
|
||||
# MIT License. See license.txt
|
||||
|
||||
from __future__ import unicode_literals
|
||||
import frappe
|
||||
|
||||
def execute():
|
||||
frappe.reload_doc("core", "doctype", "docperm")
|
||||
frappe.db.sql("""update `tabDocPerm` set apply_user_permissions=1 where `match`='owner'""")
|
||||
frappe.clear_cache()
|
||||
|
|
@ -3,16 +3,22 @@
|
|||
|
||||
from __future__ import unicode_literals
|
||||
import frappe
|
||||
from frappe.core.page.user_permissions.user_permissions import add
|
||||
import frappe.permissions
|
||||
|
||||
def execute():
|
||||
if "match" in frappe.db.get_table_columns("DocPerm"):
|
||||
add_user_permissions_for_owner_match()
|
||||
frappe.reload_doc("core", "doctype", "docperm")
|
||||
table_columns = frappe.db.get_table_columns("DocPerm")
|
||||
|
||||
if "restricted" in table_columns:
|
||||
frappe.db.sql("""update `tabDocPerm` set apply_user_permissions=1 where ifnull(apply_user_permissions, 0)=0
|
||||
and restricted=1""")
|
||||
|
||||
if "match" in table_columns:
|
||||
frappe.db.sql("""update `tabDocPerm` set apply_user_permissions=1
|
||||
where ifnull(apply_user_permissions, 0)=0 and ifnull(`match`, '')!=''""")
|
||||
|
||||
# change Restriction to User Permission in tabDefaultValue
|
||||
frappe.db.sql("""update `tabDefaultValue` set parenttype='User Permission' where parenttype='Restriction'""")
|
||||
|
||||
frappe.clear_cache()
|
||||
|
||||
def add_user_permissions_for_owner_match():
|
||||
for dt, role in frappe.db.sql("""select distinct parent, role from `tabDocPerm` where `match`='owner'"""):
|
||||
for user in frappe.db.sql("""select distinct parent from `tabUserRole` where role=%s""", role):
|
||||
for name in frappe.db.sql_list("""select name from `tab{doctype}` where owner=%s""".format(dt), user):
|
||||
# add to user permissions
|
||||
add(user, dt, name)
|
||||
|
|
|
|||
|
|
@ -106,16 +106,6 @@ def has_controller_permissions(doc):
|
|||
|
||||
return True
|
||||
|
||||
def can_set_user_permissions_for_user(user, doctype, docname=None):
|
||||
if not can_set_user_permissions(doctype, docname):
|
||||
return False
|
||||
|
||||
# check if target user does not have permission to set user permissions
|
||||
if get_role_permissions(frappe.get_meta(doctype), user).set_user_permissions==1:
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
def can_set_user_permissions(doctype, docname=None):
|
||||
# System Manager can always set user permissions
|
||||
if "System Manager" in frappe.get_roles():
|
||||
|
|
|
|||
|
|
@ -88,35 +88,22 @@ frappe.ui.form.AssignTo = Class.extend({
|
|||
fields: [
|
||||
{fieldtype:'Link', fieldname:'assign_to', options:'User',
|
||||
label:__("Assign To"),
|
||||
description:__("Add to To Do List of"), reqd:true},
|
||||
description:__("Add to To Do List Of"), reqd:true},
|
||||
{fieldtype:'Data', fieldname:'description', label:__("Comment"), reqd:true},
|
||||
{fieldtype:'Date', fieldname:'date', label: __("Complete By")},
|
||||
{fieldtype:'Select', fieldname:'priority', label: __("Priority"),
|
||||
options:'Low\nMedium\nHigh', 'default':'Medium'},
|
||||
{fieldtype:'Check', fieldname:'notify',
|
||||
label:__("Notify By Email"), "default":1},
|
||||
{fieldtype:'Check', fieldname:'set_user_permissions',
|
||||
label:__("Add This To User Permission")
|
||||
+ ' <a class="assign-user-properties"><i class="icon-share"></i></a>'},
|
||||
label:__("Notify by Email"), "default":1},
|
||||
{fieldtype:'Button', label:__("Add"), fieldname:'add_btn'}
|
||||
]
|
||||
});
|
||||
|
||||
me.dialog.fields_dict.set_user_permissions.$wrapper
|
||||
.find(".assign-user-properties")
|
||||
.on("click", function() {
|
||||
frappe.route_options = {
|
||||
property: me.frm.doctype,
|
||||
user: me.dialog.get_value("assign_to")
|
||||
};
|
||||
frappe.set_route("user-properties");
|
||||
});
|
||||
|
||||
me.dialog.fields_dict.add_btn.input.onclick = function() {
|
||||
|
||||
var assign_to = me.dialog.fields_dict.assign_to.get_value();
|
||||
var args = me.dialog.get_values();
|
||||
if(assign_to) {
|
||||
if(args && assign_to) {
|
||||
return frappe.call({
|
||||
method:'frappe.widgets.form.assign_to.add',
|
||||
args: $.extend(args, {
|
||||
|
|
@ -139,22 +126,11 @@ frappe.ui.form.AssignTo = Class.extend({
|
|||
}
|
||||
me.dialog.clear();
|
||||
|
||||
(function toggle_set_user_permissions() {
|
||||
var can_set_user_permissions = frappe.model.can_set_user_permissions(me.frm.doctype, me.frm);
|
||||
me.dialog.fields_dict.set_user_permissions.$wrapper.toggle(can_set_user_permissions);
|
||||
me.dialog.get_input("set_user_permissions").prop("checked", can_set_user_permissions);
|
||||
})();
|
||||
|
||||
if(me.frm.meta.title_field) {
|
||||
me.dialog.set_value("description", me.frm.doc[me.frm.meta.title_field])
|
||||
}
|
||||
|
||||
me.dialog.show();
|
||||
|
||||
if(!frappe.perm.get_perm(me.frm.doctype)[0].set_user_permissions) {
|
||||
me.dialog.fields_dict.set_user_permissions.set_input(0);
|
||||
me.dialog.fields_dict.set_user_permissions.$wrapper.toggle(false);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -843,13 +843,17 @@ frappe.ui.form.ControlLink = frappe.ui.form.ControlData.extend({
|
|||
}
|
||||
});
|
||||
|
||||
var cache = {};
|
||||
this.$input.cache = {};
|
||||
this.$input.autocomplete({
|
||||
minLength: 0,
|
||||
source: function(request, response) {
|
||||
if (cache[request.term]!=null) {
|
||||
if (!me.$input.cache[me.df.options]) {
|
||||
me.$input.cache[me.df.options] = {};
|
||||
}
|
||||
|
||||
if (me.$input.cache[me.df.options][request.term]!=null) {
|
||||
// from cache
|
||||
response(cache[request.term]);
|
||||
response(me.$input.cache[me.df.options][request.term]);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -872,7 +876,7 @@ frappe.ui.form.ControlLink = frappe.ui.form.ControlData.extend({
|
|||
make_new: true
|
||||
});
|
||||
};
|
||||
cache[request.term] = r.results;
|
||||
me.$input.cache[me.df.options][request.term] = r.results;
|
||||
response(r.results);
|
||||
},
|
||||
});
|
||||
|
|
|
|||
|
|
@ -44,10 +44,10 @@ frappe.ui.form.InfoBar = Class.extend({
|
|||
this.$user_properties = this.appframe.add_icon_btn("2", "icon-shield",
|
||||
__("User Permissions Manager"), function() {
|
||||
frappe.route_options = {
|
||||
property: me.frm.doctype,
|
||||
restriction: me.frm.docname
|
||||
doctype: me.frm.doctype,
|
||||
name: me.frm.docname
|
||||
};
|
||||
frappe.set_route("user-properties");
|
||||
frappe.set_route("user-permissions");
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -259,7 +259,7 @@ frappe.views.DocListView = frappe.ui.Listing.extend({
|
|||
frappe.route_options = {
|
||||
property: me.doctype
|
||||
};
|
||||
frappe.set_route("user-properties");
|
||||
frappe.set_route("user-permissions");
|
||||
});
|
||||
}
|
||||
if(in_list(user_roles, "System Manager")) {
|
||||
|
|
|
|||
|
|
@ -72,12 +72,12 @@ frappe.views.QueryReport = Class.extend({
|
|||
"icon-download");
|
||||
|
||||
if(frappe.model.can_set_user_permissions("Report")) {
|
||||
this.appframe.add_primary_action(__("User Restrictions"), function() {
|
||||
this.appframe.add_primary_action(__("User Permissions"), function() {
|
||||
frappe.route_options = {
|
||||
property: "Report",
|
||||
restriction: me.report_name
|
||||
doctype: "Report",
|
||||
name: me.report_name
|
||||
};
|
||||
frappe.set_route("user-properties");
|
||||
frappe.set_route("user-permissions");
|
||||
}, "icon-shield");
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -558,10 +558,10 @@ frappe.views.ReportView = frappe.ui.Listing.extend({
|
|||
if(this.docname && frappe.model.can_set_user_permissions("Report")) {
|
||||
this.page.appframe.add_button(__("User Permissions Manager"), function() {
|
||||
frappe.route_options = {
|
||||
property: "Report",
|
||||
restriction: me.docname
|
||||
doctype: "Report",
|
||||
name: me.docname
|
||||
};
|
||||
frappe.set_route("user-properties");
|
||||
frappe.set_route("user-permissions");
|
||||
}, "icon-shield");
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"allow_attach": 1,
|
||||
"creation": "2013-03-19 12:02:15.000000",
|
||||
"creation": "2013-03-19 12:02:15",
|
||||
"description": "Settings for the About Us Page",
|
||||
"docstatus": 0,
|
||||
"doctype": "DocType",
|
||||
|
|
@ -18,6 +18,7 @@
|
|||
"description": "Introduce your company to the website visitor.",
|
||||
"fieldname": "company_introduction",
|
||||
"fieldtype": "Text Editor",
|
||||
"in_list_view": 1,
|
||||
"label": "Company Introduction",
|
||||
"permlevel": 0,
|
||||
"read_only": 0
|
||||
|
|
@ -33,6 +34,7 @@
|
|||
"description": "\"Company History\"",
|
||||
"fieldname": "company_history_heading",
|
||||
"fieldtype": "Data",
|
||||
"in_list_view": 1,
|
||||
"label": "Org History Heading",
|
||||
"permlevel": 0,
|
||||
"read_only": 0
|
||||
|
|
@ -80,13 +82,14 @@
|
|||
"icon": "icon-group",
|
||||
"idx": 1,
|
||||
"issingle": 1,
|
||||
"modified": "2013-12-20 19:22:52.000000",
|
||||
"modified": "2014-05-28 17:14:48.015912",
|
||||
"modified_by": "Administrator",
|
||||
"module": "Website",
|
||||
"name": "About Us Settings",
|
||||
"owner": "Administrator",
|
||||
"permissions": [
|
||||
{
|
||||
"apply_user_permissions": 0,
|
||||
"create": 1,
|
||||
"email": 1,
|
||||
"permlevel": 0,
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ class TestBlogPost(unittest.TestCase):
|
|||
def test_not_allowed_to_set_user_permissions(self):
|
||||
frappe.set_user("test2@example.com")
|
||||
|
||||
# this user can't add restriction
|
||||
# this user can't add user permissions
|
||||
self.assertRaises(frappe.PermissionError, add,
|
||||
"test2@example.com", "Blog Post", "_test-blog-post")
|
||||
|
||||
|
|
@ -101,7 +101,7 @@ class TestBlogPost(unittest.TestCase):
|
|||
|
||||
frappe.set_user("test2@example.com")
|
||||
|
||||
# user can only access restricted blog post
|
||||
# user can only access permitted blog post
|
||||
doc = frappe.get_doc("Blog Post", "_test-blog-post")
|
||||
self.assertTrue(doc.has_permission("read"))
|
||||
|
||||
|
|
@ -115,7 +115,7 @@ class TestBlogPost(unittest.TestCase):
|
|||
|
||||
frappe.set_user("test2@example.com")
|
||||
|
||||
# user cannot remove their own restriction
|
||||
# user cannot remove their own user permissions
|
||||
self.assertRaises(frappe.PermissionError, remove,
|
||||
"test2@example.com", defname, "Blog Post", "_test-blog-post")
|
||||
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@
|
|||
"icon": "icon-user",
|
||||
"idx": 1,
|
||||
"max_attachments": 1,
|
||||
"modified": "2014-05-27 03:49:07.960305",
|
||||
"modified": "2014-05-28 16:52:15.743071",
|
||||
"modified_by": "Administrator",
|
||||
"module": "Website",
|
||||
"name": "Blogger",
|
||||
|
|
@ -70,11 +70,16 @@
|
|||
"permissions": [
|
||||
{
|
||||
"create": 1,
|
||||
"delete": 1,
|
||||
"email": 1,
|
||||
"export": 1,
|
||||
"import": 1,
|
||||
"permlevel": 0,
|
||||
"print": 1,
|
||||
"read": 1,
|
||||
"report": 1,
|
||||
"role": "Website Manager",
|
||||
"set_user_permissions": 1,
|
||||
"write": 1
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ def add(args=None):
|
|||
if frappe.db.sql("""select owner from `tabToDo`
|
||||
where reference_type=%(doctype)s and reference_name=%(name)s and status="Open"
|
||||
and owner=%(assign_to)s""", args):
|
||||
frappe.msgprint(_("Already in todo"), raise_exception=True)
|
||||
frappe.msgprint(_("Already in user's To Do list"), raise_exception=True)
|
||||
return
|
||||
else:
|
||||
from frappe.utils import nowdate
|
||||
|
|
@ -50,15 +50,6 @@ def add(args=None):
|
|||
if frappe.get_meta(args['doctype']).get_field("assigned_to"):
|
||||
frappe.db.set_value(args['doctype'], args['name'], "assigned_to", args['assign_to'])
|
||||
|
||||
try:
|
||||
if cint(args.get("set_user_permissions")):
|
||||
from frappe.core.page.user_permissions import user_permissions
|
||||
user_permissions.add(args['assign_to'], args['doctype'], args['name'])
|
||||
frappe.msgprint(_("User Permission added"))
|
||||
except frappe.PermissionError:
|
||||
frappe.throw(_("Not permitted to set user permissions of User {0} for {1} {2}").format(args["assign_to"],
|
||||
args["doctype"], args["name"]))
|
||||
|
||||
# notify
|
||||
if not args.get("no_notification"):
|
||||
notify_assignment(d.assigned_by, d.owner, d.reference_type, d.reference_name, action='ASSIGN', description=args.get("description"), notify=args.get('notify'))
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue