refactor(Dashboard): refactor dashboard permissions

2020-03-26 14:50:57 +05:30 · 2020-03-26 14:50:57 +05:30 · 1bfb1a3d37
commit 1bfb1a3d37
parent 2f18dc30ac
6 changed files with 102 additions and 4 deletions
--- a/frappe/core/page/dashboard/dashboard.json
+++ b/frappe/core/page/dashboard/dashboard.json
@ -4,7 +4,7 @@
 "docstatus": 0,
 "doctype": "Page",
 "idx": 0,
- "modified": "2019-01-08 19:19:48.073410",
+ "modified": "2020-03-26 13:30:44.603948",
 "modified_by": "Administrator",
 "module": "Core",
 "name": "dashboard",
--- a/frappe/desk/doctype/dashboard/dashboard.json
+++ b/frappe/desk/doctype/dashboard/dashboard.json
@ -34,7 +34,7 @@
  }
 ],
 "links": [],
- "modified": "2020-01-26 20:00:10.069817",
+ "modified": "2020-03-25 21:09:37.080132",
 "modified_by": "Administrator",
 "module": "Desk",
 "name": "Dashboard",
@ -51,6 +51,27 @@
   "role": "System Manager",
   "share": 1,
   "write": 1
+  },
+  {
+   "create": 1,
+   "delete": 1,
+   "email": 1,
+   "export": 1,
+   "print": 1,
+   "read": 1,
+   "report": 1,
+   "role": "Dashboard Manager",
+   "share": 1,
+   "write": 1
+  },
+  {
+   "email": 1,
+   "export": 1,
+   "print": 1,
+   "read": 1,
+   "report": 1,
+   "role": "All",
+   "share": 1
  }
 ],
 "quick_entry": 1,
--- a/frappe/desk/doctype/dashboard_chart/dashboard_chart.json
+++ b/frappe/desk/doctype/dashboard_chart/dashboard_chart.json
@ -215,7 +215,7 @@
  }
 ],
 "links": [],
- "modified": "2020-03-13 19:19:37.162771",
+ "modified": "2020-03-26 13:41:11.126000",
 "modified_by": "Administrator",
 "module": "Desk",
 "name": "Dashboard Chart",
@ -232,6 +232,36 @@
   "role": "System Manager",
   "share": 1,
   "write": 1
+  },
+  {
+   "create": 1,
+   "delete": 1,
+   "email": 1,
+   "export": 1,
+   "print": 1,
+   "read": 1,
+   "report": 1,
+   "role": "Dashboard Manager",
+   "share": 1,
+   "write": 1
+  },
+  {
+   "email": 1,
+   "export": 1,
+   "print": 1,
+   "read": 1,
+   "report": 1,
+   "role": "Dashboard User",
+   "share": 1
+  },
+  {
+   "email": 1,
+   "export": 1,
+   "print": 1,
+   "read": 1,
+   "report": 1,
+   "role": "All",
+   "share": 1
  }
 ],
 "sort_field": "modified",
--- a/frappe/desk/doctype/dashboard_chart/dashboard_chart.py
+++ b/frappe/desk/doctype/dashboard_chart/dashboard_chart.py
@ -10,8 +10,53 @@ import json
 from frappe.core.page.dashboard.dashboard import cache_source, get_from_date_from_timespan
 from frappe.utils import nowdate, add_to_date, getdate, get_last_day, formatdate, get_datetime
 from frappe.model.naming import append_number_if_name_exists
+from frappe.boot import get_allowed_reports
 from frappe.model.document import Document

+
+def get_permission_query_conditions(user):
+
+	if not user:
+		user = frappe.session.user
+
+	if user == 'Administrator':
+		return
+
+	roles = frappe.get_roles(user)
+	if "System Manager" in roles or "Dashboard Manager" in roles or "Dashboard User" in roles:
+		return None
+
+	allowed_doctypes = tuple(frappe.permissions.get_doctypes_with_read())
+	allowed_reports = tuple([key.encode('UTF8') for key in get_allowed_reports()])
+
+	return '''
+			`tabDashboard Chart`.`chart_type` = 'Custom'
+			or `tabDashboard Chart`.`document_type` in {allowed_doctypes}
+			or `tabDashboard Chart`.`report_name` in {allowed_reports}
+		'''.format(
+			allowed_doctypes=allowed_doctypes,
+			allowed_reports=allowed_reports
+		)
+
+
+def has_permission(doc, ptype, user):
+	roles = frappe.get_roles(user)
+	if "System Manager" in roles or "Dashboard Manager" in roles or "Dashboard User" in roles:
+		return True
+
+	if doc.chart_type == 'Custom':
+		return True
+	elif doc.chart_type == 'Report':
+		allowed_reports = tuple([key.encode('UTF8') for key in get_allowed_reports()])
+		if doc.report_name in allowed_reports:
+			return True
+	else:
+		allowed_doctypes = tuple(frappe.permissions.get_doctypes_with_read())
+		if doc.document_type in allowed_doctypes:
+			return True
+
+	return False
+
@frappe.whitelist()
@cache_source
 def get(chart_name = None, chart = None, no_cache = None, filters = None, from_date = None,
--- a/frappe/hooks.py
+++ b/frappe/hooks.py
@ -87,6 +87,7 @@ permission_query_conditions = {
 	"ToDo": "frappe.desk.doctype.todo.todo.get_permission_query_conditions",
 	"User": "frappe.core.doctype.user.user.get_permission_query_conditions",
 	"Notification Log": "frappe.desk.doctype.notification_log.notification_log.get_permission_query_conditions",
+	"Dashboard Chart": "frappe.desk.doctype.dashboard_chart.dashboard_chart.get_permission_query_conditions",
 	"Notification Settings": "frappe.desk.doctype.notification_settings.notification_settings.get_permission_query_conditions",
 	"Note": "frappe.desk.doctype.note.note.get_permission_query_conditions",
 	"Kanban Board": "frappe.desk.doctype.kanban_board.kanban_board.get_permission_query_conditions",
@ -101,6 +102,7 @@ has_permission = {
 	"ToDo": "frappe.desk.doctype.todo.todo.has_permission",
 	"User": "frappe.core.doctype.user.user.has_permission",
 	"Note": "frappe.desk.doctype.note.note.has_permission",
+	"Dashboard Chart": "frappe.desk.doctype.dashboard_chart.dashboard_chart.has_permission",
 	"Kanban Board": "frappe.desk.doctype.kanban_board.kanban_board.has_permission",
 	"Contact": "frappe.contacts.address_and_contact.has_permission",
 	"Address": "frappe.contacts.address_and_contact.has_permission",
--- a/frappe/permissions.py
+++ b/frappe/permissions.py
@ -307,7 +307,7 @@ def has_controller_permissions(doc, ptype, user=None):
 	return None

 def get_doctypes_with_read():
-	return list(set([p.parent for p in get_valid_perms()]))
+	return list(set([p.parent.encode('UTF8') for p in get_valid_perms()]))

 def get_valid_perms(doctype=None, user=None):
 	'''Get valid permissions for the current user from DocPerm and Custom DocPerm'''