[fix] [attachments] do not allow to remove if no write permissions
This commit is contained in:
Rushabh Mehta
parent
e72ee53610
commit
5e4a2ddb67
5 changed files with 25 additions and 9 deletions
|
|
@ -50,4 +50,11 @@ class DocType():
|
|||
path = webnotes.utils.get_path("public", "files", self.doc.file_name)
|
||||
if os.path.exists(path):
|
||||
os.remove(path)
|
||||
|
||||
|
||||
if self.doc.attached_to_name:
|
||||
# check persmission
|
||||
if not webnotes.has_permission(self.doc.attached_to_doctype,
|
||||
"write", self.doc.attached_to_name):
|
||||
webnotes.msgprint(webnotes._("No permission to write / remove."),
|
||||
raise_exception=True)
|
||||
|
||||
|
|
@ -22,6 +22,10 @@ cur_frm.cscript.refresh = function(doc) {
|
|||
cur_frm.toggle_display(['sb1', 'sb3'], false);
|
||||
|
||||
if(!doc.__islocal){
|
||||
cur_frm.add_custom_button("Set Properties", function() {
|
||||
wn.set_route("user-properties", doc.name);
|
||||
})
|
||||
|
||||
if(has_common(user_roles, ["Administrator", "System Manager"])) {
|
||||
cur_frm.toggle_display(['sb1', 'sb3'], true);
|
||||
}
|
||||
|
|
@ -39,10 +43,6 @@ cur_frm.cscript.refresh = function(doc) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
cur_frm.add_custom_button("Set Properties", function() {
|
||||
wn.set_route("user-properties", doc.name);
|
||||
})
|
||||
}
|
||||
|
||||
cur_frm.cscript.enabled = function(doc) {
|
||||
|
|
|
|||
|
|
@ -315,7 +315,7 @@ wn.PermissionEngine = Class.extend({
|
|||
callback: function(r) {
|
||||
if(r.exc) {
|
||||
// exception: reverse
|
||||
chk.attr("checked", chk.is(":checked") ? null : "checked");
|
||||
chk.get(0).checked = !chk.is(":checked");
|
||||
} else {
|
||||
me.get_perm(args.name)[args.ptype]=args.value;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ wn.ui.form.Attachments = Class.extend({
|
|||
var fileid = attachments[filename];
|
||||
|
||||
var me = this;
|
||||
$(repl('<div class="alert alert-info" style="margin-bottom: 7px">\
|
||||
var $attach = $(repl('<div class="alert alert-info" style="margin-bottom: 7px">\
|
||||
<span style="display: inline-block; width: 90%; \
|
||||
text-overflow: ellipsis; white-space: nowrap; overflow: hidden;">\
|
||||
<i class="icon-file"></i> <a href="%(href)s"\
|
||||
|
|
@ -91,7 +91,9 @@ wn.ui.form.Attachments = Class.extend({
|
|||
href: wn.utils.get_file_link(filename)
|
||||
}))
|
||||
.appendTo(this.$list)
|
||||
.find(".close")
|
||||
|
||||
var $close =
|
||||
$attach.find(".close")
|
||||
.data("fileid", fileid)
|
||||
.click(function() {
|
||||
var remove_btn = this;
|
||||
|
|
@ -107,7 +109,8 @@ wn.ui.form.Attachments = Class.extend({
|
|||
},
|
||||
callback: function(r,rt) {
|
||||
if(r.exc) {
|
||||
msgprint("There were errors.");
|
||||
if(!r._server_messages)
|
||||
msgprint("There were errors.");
|
||||
return;
|
||||
}
|
||||
me.remove_fileid(data);
|
||||
|
|
@ -117,6 +120,10 @@ wn.ui.form.Attachments = Class.extend({
|
|||
});
|
||||
return false;
|
||||
});
|
||||
|
||||
if(!wn.model.can_write(this.frm.doctype, this.frm.name)) {
|
||||
$close.remove();
|
||||
}
|
||||
},
|
||||
new_attachment: function(fieldname) {
|
||||
var me = this;
|
||||
|
|
|
|||
|
|
@ -50,6 +50,8 @@ wn.upload = {
|
|||
return;
|
||||
}
|
||||
|
||||
|
||||
|
||||
var _upload_file = function() {
|
||||
var msgbox = msgprint(wn._("Uploading..."));
|
||||
wn.call({
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue