From c4a91d0bdeb1f6317776b7abd3414917e670b9c7 Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Thu, 18 Feb 2016 16:23:11 +0530 Subject: [PATCH 1/4] [fix] validate doctype name --- frappe/core/doctype/doctype/doctype.py | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/frappe/core/doctype/doctype/doctype.py b/frappe/core/doctype/doctype/doctype.py index 4dc3b611bc..e874aadc6f 100644 --- a/frappe/core/doctype/doctype/doctype.py +++ b/frappe/core/doctype/doctype/doctype.py @@ -35,9 +35,8 @@ class DocType(Document): - Clear permission table for child tables - Add `amended_from` and `ameneded_by` if Amendable""" self.check_developer_mode() - for c in [".", "/", "#", "&", "=", ":", "'", '"']: - if c in self.name: - frappe.throw(_("{0} not allowed in name").format(c)) + + self.validate_name() if self.issingle: self.allow_import = 0 @@ -154,6 +153,8 @@ class DocType(Document): self.check_developer_mode() + self.validate_name(new) + if merge: frappe.throw(_("DocType can not be merged")) @@ -230,6 +231,15 @@ class DocType(Document): self.name) return max_idx and max_idx[0][0] or 0 + def validate_name(self, name=None): + if not name: + name = self.name + + # a DocType's name should not start with a number or underscore + # and should only contain letters, numbers and underscore + if not re.match("^(?![\W])[^\d_][\w]+$", name, re.UNICODE): + frappe.throw(_("DocType's name should start with a letter and it can only consist of letters, numbers and underscores")) + def validate_fields_for_doctype(doctype): validate_fields(frappe.get_meta(doctype, cached=False)) From cedf84cbc76151f77c2e3f05192fbc6abcd643be Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Thu, 18 Feb 2016 19:15:59 +0530 Subject: [PATCH 2/4] [fix] print hide fields with higher perm levels - Fixes frappe/erpnext#4833 --- frappe/model/document.py | 21 ++++++++++++++------- frappe/templates/pages/print.py | 3 +++ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/frappe/model/document.py b/frappe/model/document.py index 2bd5c9841d..a1eb053094 100644 --- a/frappe/model/document.py +++ b/frappe/model/document.py @@ -375,14 +375,21 @@ class Document(BaseDocument): d.reset_values_if_no_permlevel_access(has_access_to, high_permlevel_fields) def get_permlevel_access(self): - user_roles = frappe.get_roles() - has_access_to = [] - for perm in self.meta.permissions: - if perm.role in user_roles and perm.permlevel > 0 and perm.write: - if perm.permlevel not in has_access_to: - has_access_to.append(perm.permlevel) + if not hasattr(self, "_has_access_to"): + user_roles = frappe.get_roles() + self._has_access_to = [] + for perm in self.meta.permissions: + if perm.role in user_roles and perm.permlevel > 0 and perm.write: + if perm.permlevel not in self._has_access_to: + self._has_access_to.append(perm.permlevel) - return has_access_to + return self._has_access_to + + def has_permlevel_access_to(self, fieldname, df=None): + if not df: + df = self.meta.get_field(fieldname) + + return df.permlevel in self.get_permlevel_access() def _set_defaults(self): if frappe.flags.in_import: diff --git a/frappe/templates/pages/print.py b/frappe/templates/pages/print.py index eb1988fce8..35184a5fa6 100644 --- a/frappe/templates/pages/print.py +++ b/frappe/templates/pages/print.py @@ -265,6 +265,9 @@ def is_visible(df, doc): if df.fieldname in doc.hide_in_print_layout: return False + if df.permlevel > 0 and not doc.has_permlevel_access_to(df.fieldname, df): + return False + return not doc.is_print_hide(df.fieldname, df) def has_value(df, doc): From ed6f2dc42f85edf82e9216d2af20e83935fe43bb Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Thu, 18 Feb 2016 19:49:45 +0530 Subject: [PATCH 3/4] [fix] synchronously load doctypes for linked with --- frappe/public/js/frappe/form/linked_with.js | 2 +- frappe/public/js/frappe/model/model.js | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/frappe/public/js/frappe/form/linked_with.js b/frappe/public/js/frappe/form/linked_with.js index 5c777001ba..344b79df59 100644 --- a/frappe/public/js/frappe/form/linked_with.js +++ b/frappe/public/js/frappe/form/linked_with.js @@ -65,7 +65,7 @@ frappe.ui.form.LinkedWith = Class.extend({ // add additional fields to __linked_doctypes me.frm.__linked_doctypes[dt].add_fields = frappe.listview_settings[dt].add_fields; } - }); + }, /*async*/ false); })); }, diff --git a/frappe/public/js/frappe/model/model.js b/frappe/public/js/frappe/model/model.js index 8c2634c5c9..1fd0754964 100644 --- a/frappe/public/js/frappe/model/model.js +++ b/frappe/public/js/frappe/model/model.js @@ -81,7 +81,7 @@ $.extend(frappe.model, { return docfield[0]; }, - with_doctype: function(doctype, callback) { + with_doctype: function(doctype, callback, async) { if(locals.DocType[doctype]) { callback && callback(); } else { @@ -98,6 +98,7 @@ $.extend(frappe.model, { with_parent: 1, cached_timestamp: cached_timestamp }, + async: async, freeze: true, callback: function(r) { if(r.exc) { From 238b1a4d8a71d72ac014e1466cba516e2623ba08 Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Thu, 18 Feb 2016 20:32:07 +0600 Subject: [PATCH 4/4] bumped to version 6.23.2 --- frappe/__version__.py | 2 +- frappe/hooks.py | 2 +- setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/frappe/__version__.py b/frappe/__version__.py index 5f095d505e..327d0f84fb 100644 --- a/frappe/__version__.py +++ b/frappe/__version__.py @@ -1,2 +1,2 @@ from __future__ import unicode_literals -__version__ = "6.23.1" +__version__ = "6.23.2" diff --git a/frappe/hooks.py b/frappe/hooks.py index 9355a5bb70..73615ee1af 100644 --- a/frappe/hooks.py +++ b/frappe/hooks.py @@ -5,7 +5,7 @@ app_publisher = "Frappe Technologies Pvt. Ltd." app_description = "Full stack web framework with Python, Javascript, MariaDB, Redis, Node" app_icon = "octicon octicon-circuit-board" -app_version = "6.23.1" +app_version = "6.23.2" app_color = "orange" source_link = "https://github.com/frappe/frappe" app_license = "MIT" diff --git a/setup.py b/setup.py index 4f40ca888e..841aaea605 100644 --- a/setup.py +++ b/setup.py @@ -1,7 +1,7 @@ from setuptools import setup, find_packages from pip.req import parse_requirements -version = "6.23.1" +version = "6.23.2" requirements = parse_requirements("requirements.txt", session="") setup(