vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: check at doc level when if owner role permission is checked during export from report view

Browse source 
(cherry picked from commit c7ad3296c9664f5d6b2946f46082f57b91c1bac8)
This commit is contained in:
Sumit Bhanushali 2024-12-04 17:24:34 +05:30 committed by Mergify
parent f8df660854
commit 5d22ee7b2b
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
frappe/desk/reportview.py
View file

@ -357,14 +357,13 @@ def export_query():
form_params["limit_page_length"] = None
form_params["as_list"] = True
doctype = form_params.pop("doctype")
form_params["fields"].append(f"`tab{doctype}`.`owner`")
file_format_type = form_params.pop("file_format_type")
title = form_params.pop("title", doctype)
csv_params = pop_csv_params(form_params)
add_totals_row = 1 if form_params.pop("add_totals_row", None) == "1" else None
translate_values = 1 if form_params.pop("translate_values", None) == "1" else None
frappe.permissions.can_export(doctype, raise_exception=True)
if selection := form_params.pop("selected_items", None):
form_params["filters"] = {"name": ("in", json.loads(selection))}
@ -378,6 +377,16 @@ def export_query():
db_query = DatabaseQuery(doctype)
ret = db_query.execute(**form_params)
if not frappe.permissions.can_export(doctype):
if frappe.permissions.can_export(doctype, is_owner=True):
for row in ret:
if row[-1] != frappe.session.user:
raise frappe.PermissionError(
_("You are not allowed to export {} doctype").format(doctype)
)
else:
raise frappe.PermissionError(_("You are not allowed to export {} doctype").format(doctype))
if add_totals_row:
ret = append_totals_row(ret)

4
frappe/permissions.py
View file

@ -593,11 +593,11 @@ def can_import(doctype, raise_exception=False):
return True
def can_export(doctype, raise_exception=False):
def can_export(doctype, raise_exception=False, is_owner=False):
if "System Manager" in frappe.get_roles():
return True
else:
role_permissions = frappe.permissions.get_role_permissions(doctype)
role_permissions = frappe.permissions.get_role_permissions(doctype, is_owner=is_owner)
has_access = role_permissions.get("export") or role_permissions.get("if_owner").get("export")
if not has_access and raise_exception:
raise frappe.PermissionError(_("You are not allowed to export {} doctype").format(doctype))