refactor: remove redundant child table permission checks
The `check_parent_permission` calls in client.py are redundant because `frappe.has_permission` already handles child tables via `has_child_permission`, which performs the same validations plus additional permlevel checks.
This commit is contained in:
Sagar Vora
parent
84af5adecd
commit
3a3a83b644
2 changed files with 0 additions and 23 deletions
|
|
@ -9,7 +9,6 @@ import frappe.model
|
|||
import frappe.utils
|
||||
from frappe import _
|
||||
from frappe.desk.reportview import validate_args
|
||||
from frappe.model.db_query import check_parent_permission
|
||||
from frappe.model.utils import is_virtual_doctype
|
||||
from frappe.utils import attach_expanded_links, get_safe_filters
|
||||
from frappe.utils.caching import http_cache
|
||||
|
|
@ -47,8 +46,6 @@ def get_list(
|
|||
:param order_by: Order by this fieldname
|
||||
:param limit_start: Start at this index
|
||||
:param limit_page_length: Number of records to be returned (default 20)"""
|
||||
if frappe.is_table(doctype):
|
||||
check_parent_permission(parent, doctype)
|
||||
|
||||
args = frappe._dict(
|
||||
doctype=doctype,
|
||||
|
|
@ -90,8 +87,6 @@ def get(doctype, name=None, filters=None, parent=None):
|
|||
:param doctype: DocType of the document to be returned
|
||||
:param name: return document of this `name`
|
||||
:param filters: If name is not set, filter by these values and return the first match"""
|
||||
if frappe.is_table(doctype):
|
||||
check_parent_permission(parent, doctype)
|
||||
|
||||
if name:
|
||||
doc = frappe.get_doc(doctype, name)
|
||||
|
|
@ -113,8 +108,6 @@ def get_value(doctype, fieldname, filters=None, as_dict=True, debug=False, paren
|
|||
:param doctype: DocType to be queried
|
||||
:param fieldname: Field to be returned (default `name`)
|
||||
:param filters: dict or string for identifying the record"""
|
||||
if frappe.is_table(doctype):
|
||||
check_parent_permission(parent, doctype)
|
||||
|
||||
if not frappe.has_permission(doctype, parent_doctype=parent):
|
||||
frappe.throw(_("No permission for {0}").format(_(doctype)), frappe.PermissionError)
|
||||
|
|
|
|||
|
|
@ -1350,22 +1350,6 @@ def cast_name(column: str) -> str:
|
|||
return column
|
||||
|
||||
|
||||
def check_parent_permission(parent, child_doctype):
|
||||
if parent:
|
||||
# User may pass fake parent and get the information from the child table
|
||||
if child_doctype and not (
|
||||
frappe.db.exists("DocField", {"parent": parent, "options": child_doctype})
|
||||
or frappe.db.exists("Custom Field", {"dt": parent, "options": child_doctype})
|
||||
):
|
||||
raise frappe.PermissionError
|
||||
|
||||
if frappe.permissions.has_permission(parent):
|
||||
return
|
||||
|
||||
# Either parent not passed or the user doesn't have permission on parent doctype of child table!
|
||||
raise frappe.PermissionError
|
||||
|
||||
|
||||
def get_order_by(doctype, meta):
|
||||
order_by = ""
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue