vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: Only apply perm query to non-admin users

Browse source
This commit is contained in:
Ankush Menat 2023-01-30 11:24:16 +05:30
parent 57c991f055
commit 13162d8fbd
2 changed files with 2 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
frappe/boot.py
View file

@ -259,8 +259,8 @@ def _run_with_permission_query(query: "Query", doctype: str) -> list[dict]:
Note: Works only if 'WHERE' is the last clause in the query
"""
permission_query = DatabaseQuery(doctype, frappe.session.user).get_permission_query_conditions()
if permission_query:
return frappe.db.sql(f"{query} AND {permission_query}", as_dict=True) # nosemgrep
if permission_query and frappe.session.user != "Administrator":
return frappe.db.sql(f"{query} AND {permission_query}", as_dict=True)
return query.run(as_dict=True)

3
frappe/tests/test_boot.py
View file

@ -70,6 +70,3 @@ class TestBootData(FrappeTestCase):
# Test user must not see admin user's report
self.assertNotIn("Test Admin Report", allowed_reports)
self.assertIn("Test User Report", allowed_reports)
self.addCleanup(frappe.db.rollback)
self.addCleanup(frappe.set_user, "Administrator")