fix: add perm check to document follow
This commit is contained in:
Shrihari Mahabal
parent
374fa3cf6f
commit
56c602e94d
1 changed files with 6 additions and 0 deletions
|
|
@ -58,6 +58,9 @@ def follow_document(doctype: str, doc_name: str, user: str) -> Document | bool:
|
||||||
frappe.toast(_("Administrator can't follow"))
|
frappe.toast(_("Administrator can't follow"))
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
if user != frappe.session.user and not frappe.has_permission("Document Follow", "write"):
|
||||||
|
frappe.throw(_("You can only follow documents for yourself."), frappe.PermissionError)
|
||||||
|
|
||||||
if not frappe.db.get_value("User", user, "document_follow_notify", ignore=True, cache=True):
|
if not frappe.db.get_value("User", user, "document_follow_notify", ignore=True, cache=True):
|
||||||
frappe.toast(_("Document follow is not enabled for this user."))
|
frappe.toast(_("Document follow is not enabled for this user."))
|
||||||
return False
|
return False
|
||||||
|
|
@ -74,6 +77,9 @@ def follow_document(doctype: str, doc_name: str, user: str) -> Document | bool:
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
def unfollow_document(doctype: str, doc_name: str, user: str) -> bool:
|
def unfollow_document(doctype: str, doc_name: str, user: str) -> bool:
|
||||||
|
if user != frappe.session.user:
|
||||||
|
frappe.throw(_("You can only unfollow documents for yourself."), frappe.PermissionError)
|
||||||
|
|
||||||
doc = frappe.get_all(
|
doc = frappe.get_all(
|
||||||
"Document Follow",
|
"Document Follow",
|
||||||
filters={"ref_doctype": doctype, "ref_docname": doc_name, "user": user},
|
filters={"ref_doctype": doctype, "ref_docname": doc_name, "user": user},
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue