refactor!: Remove "Set user permission" permtype (#20090)

This has never worked and setting user permission requires system
manager role always (because of permissions on list view)

frappe/contacts/doctype/address/address.json

@@ -204,7 +204,6 @@
    "read": 1,
    "report": 1,
    "role": "System Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   }

frappe/contacts/doctype/address_template/address_template.json

@@ -53,7 +53,6 @@
    "read": 1,
    "report": 1,
    "role": "System Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   }
@@ -62,4 +61,4 @@
  "sort_field": "modified",
  "sort_order": "DESC",
  "states": []
-}
+}

frappe/contacts/doctype/contact/contact.json

@@ -275,7 +275,6 @@
    "read": 1,
    "report": 1,
    "role": "System Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   },

frappe/core/doctype/custom_docperm/custom_docperm.json

@@ -27,7 +27,6 @@
   "report",
   "export",
   "import",
-  "set_user_permissions",
   "column_break_19",
   "share",
   "print",
@@ -179,13 +178,6 @@
    "fieldtype": "Check",
    "label": "Import"
   },
-  {
-   "default": "0",
-   "description": "This role update User Permissions for a user",
-   "fieldname": "set_user_permissions",
-   "fieldtype": "Check",
-   "label": "Set User Permissions"
-  },
   {
    "fieldname": "column_break_19",
    "fieldtype": "Column Break"
@@ -223,7 +215,7 @@
   }
  ],
  "links": [],
- "modified": "2020-12-03 15:20:48.296730",
+ "modified": "2023-02-20 13:19:04.889081",
  "modified_by": "Administrator",
  "module": "Core",
  "name": "Custom DocPerm",

frappe/core/doctype/docperm/docperm.json

@@ -26,7 +26,6 @@
   "report",
   "export",
   "import",
-  "set_user_permissions",
   "column_break_19",
   "share",
   "print",
@@ -178,13 +177,6 @@
    "fieldtype": "Check",
    "label": "Import"
   },
-  {
-   "default": "0",
-   "description": "This role update User Permissions for a user",
-   "fieldname": "set_user_permissions",
-   "fieldtype": "Check",
-   "label": "Set User Permissions"
-  },
   {
    "fieldname": "column_break_19",
    "fieldtype": "Column Break"
@@ -218,7 +210,7 @@
  "idx": 1,
  "istable": 1,
  "links": [],
- "modified": "2020-12-03 15:15:30.488212",
+ "modified": "2023-02-20 13:21:45.071310",
  "modified_by": "Administrator",
  "module": "Core",
  "name": "DocPerm",

frappe/core/doctype/doctype/doctype.py

@@ -1604,11 +1604,6 @@ def validate_permissions(doctype, for_remove=False, alert=False):
 			d.set("import", 0)
 			d.set("export", 0)
 
-		for ptype, label in [["set_user_permissions", _("Set User Permissions")]]:
-			if d.get(ptype):
-				d.set(ptype, 0)
-				frappe.msgprint(_("{0} cannot be set for Single types").format(label))
-
 	def check_if_submittable(d):
 		if d.submit and not issubmittable:
 			frappe.throw(_("{0}: Cannot set Assign Submit if not Submittable").format(get_txt(d)))

frappe/core/doctype/user/user.json

@@ -769,7 +769,6 @@
    "read": 1,
    "report": 1,
    "role": "System Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   },
@@ -793,4 +792,4 @@
  "states": [],
  "title_field": "full_name",
  "track_changes": 1
-}
+}

frappe/core/page/permission_manager/permission_manager.js

@@ -320,7 +320,6 @@ frappe.PermissionEngine = class PermissionEngine {
 			"report",
 			"import",
 			"export",
-			"set_user_permissions",
 			"share",
 		];
 	}

frappe/custom/fixtures/temp_doctype.json

@@ -57,7 +57,6 @@
       "report": 1,
       "export": 1,
       "import": 0,
-      "set_user_permissions": 0,
       "share": 1,
       "print": 1,
       "email": 1,

frappe/custom/fixtures/temp_singles.json

@@ -57,7 +57,6 @@
       "report": 1,
       "export": 1,
       "import": 0,
-      "set_user_permissions": 0,
       "share": 1,
       "print": 1,
       "email": 1,

frappe/email/doctype/email_account/email_account.json

@@ -628,7 +628,6 @@
    "delete": 1,
    "read": 1,
    "role": "System Manager",
-   "set_user_permissions": 1,
    "write": 1
   },
   {
@@ -640,4 +639,4 @@
  "sort_order": "DESC",
  "states": [],
  "track_changes": 1
-}
+}

frappe/email/doctype/email_domain/email_domain.json

@@ -145,7 +145,6 @@
    "delete": 1,
    "read": 1,
    "role": "System Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   }
@@ -154,4 +153,4 @@
  "sort_order": "DESC",
  "states": [],
  "track_changes": 1
-}
+}

frappe/email/doctype/newsletter/newsletter.json

@@ -251,7 +251,6 @@
    "read": 1,
    "report": 1,
    "role": "Newsletter Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   }
@@ -261,4 +260,4 @@
  "sort_order": "ASC",
  "title_field": "subject",
  "track_changes": 1
-}
+}

frappe/geo/doctype/country/country.json

@@ -69,7 +69,6 @@
    "read": 1,
    "report": 1,
    "role": "System Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   },
@@ -87,4 +86,4 @@
  "states": [],
  "track_changes": 1,
  "translated_doctype": 1
-}
+}

frappe/permissions.py

@@ -22,7 +22,6 @@ rights = (
 	"report",
 	"import",
 	"export",
-	"set_user_permissions",
 	"share",
 )
 
@@ -459,29 +458,6 @@ def get_doctypes_with_custom_docperms():
 	return [d.parent for d in doctypes]
 
 
-def can_set_user_permissions(doctype, docname=None):
-	# System Manager can always set user permissions
-	if frappe.session.user == "Administrator" or "System Manager" in frappe.get_roles():
-		return True
-
-	meta = frappe.get_meta(doctype)
-
-	# check if current user has read permission for docname
-	if docname and not has_permission(doctype, "read", docname):
-		return False
-
-	# check if current user has a role that can set permission
-	if get_role_permissions(meta).set_user_permissions != 1:
-		return False
-
-	return True
-
-
-def set_user_permission_if_allowed(doctype, name, user, with_message=False):
-	if get_role_permissions(frappe.get_meta(doctype), user).set_user_permissions != 1:
-		add_user_permission(doctype, name, user)
-
-
 def add_user_permission(
 	doctype,
 	name,

frappe/printing/doctype/print_heading/print_heading.json

@@ -1,145 +1,143 @@
 {
- "allow_copy": 0, 
- "allow_guest_to_view": 0, 
- "allow_import": 1, 
- "allow_rename": 1, 
- "autoname": "field:print_heading", 
- "beta": 0, 
- "creation": "2013-01-10 16:34:24", 
- "custom": 0, 
- "docstatus": 0, 
- "doctype": "DocType", 
- "document_type": "Setup", 
- "editable_grid": 0, 
+ "allow_copy": 0,
+ "allow_guest_to_view": 0,
+ "allow_import": 1,
+ "allow_rename": 1,
+ "autoname": "field:print_heading",
+ "beta": 0,
+ "creation": "2013-01-10 16:34:24",
+ "custom": 0,
+ "docstatus": 0,
+ "doctype": "DocType",
+ "document_type": "Setup",
+ "editable_grid": 0,
  "fields": [
   {
-   "allow_bulk_edit": 0, 
-   "allow_on_submit": 1, 
-   "bold": 0, 
-   "collapsible": 0, 
-   "columns": 0, 
-   "fieldname": "print_heading", 
-   "fieldtype": "Data", 
-   "hidden": 0, 
-   "ignore_user_permissions": 0, 
-   "ignore_xss_filter": 0, 
-   "in_filter": 1, 
-   "in_global_search": 0, 
-   "in_list_view": 1, 
-   "in_standard_filter": 0, 
-   "label": "Print Heading", 
-   "length": 0, 
-   "no_copy": 0, 
-   "oldfieldname": "print_heading", 
-   "oldfieldtype": "Data", 
-   "permlevel": 0, 
-   "print_hide": 0, 
-   "print_hide_if_no_value": 0, 
-   "read_only": 0, 
-   "remember_last_selected_value": 0, 
-   "report_hide": 0, 
-   "reqd": 1, 
-   "search_index": 0, 
-   "set_only_once": 0, 
+   "allow_bulk_edit": 0,
+   "allow_on_submit": 1,
+   "bold": 0,
+   "collapsible": 0,
+   "columns": 0,
+   "fieldname": "print_heading",
+   "fieldtype": "Data",
+   "hidden": 0,
+   "ignore_user_permissions": 0,
+   "ignore_xss_filter": 0,
+   "in_filter": 1,
+   "in_global_search": 0,
+   "in_list_view": 1,
+   "in_standard_filter": 0,
+   "label": "Print Heading",
+   "length": 0,
+   "no_copy": 0,
+   "oldfieldname": "print_heading",
+   "oldfieldtype": "Data",
+   "permlevel": 0,
+   "print_hide": 0,
+   "print_hide_if_no_value": 0,
+   "read_only": 0,
+   "remember_last_selected_value": 0,
+   "report_hide": 0,
+   "reqd": 1,
+   "search_index": 0,
+   "set_only_once": 0,
    "unique": 0
-  }, 
+  },
   {
-   "allow_bulk_edit": 0, 
-   "allow_on_submit": 0, 
-   "bold": 0, 
-   "collapsible": 0, 
-   "columns": 0, 
-   "fieldname": "description", 
-   "fieldtype": "Small Text", 
-   "hidden": 0, 
-   "ignore_user_permissions": 0, 
-   "ignore_xss_filter": 0, 
-   "in_filter": 0, 
-   "in_global_search": 0, 
-   "in_list_view": 1, 
-   "in_standard_filter": 0, 
-   "label": "Description", 
-   "length": 0, 
-   "no_copy": 0, 
-   "oldfieldname": "description", 
-   "oldfieldtype": "Small Text", 
-   "permlevel": 0, 
-   "print_hide": 0, 
-   "print_hide_if_no_value": 0, 
-   "read_only": 0, 
-   "remember_last_selected_value": 0, 
-   "report_hide": 0, 
-   "reqd": 0, 
-   "search_index": 0, 
-   "set_only_once": 0, 
-   "unique": 0, 
+   "allow_bulk_edit": 0,
+   "allow_on_submit": 0,
+   "bold": 0,
+   "collapsible": 0,
+   "columns": 0,
+   "fieldname": "description",
+   "fieldtype": "Small Text",
+   "hidden": 0,
+   "ignore_user_permissions": 0,
+   "ignore_xss_filter": 0,
+   "in_filter": 0,
+   "in_global_search": 0,
+   "in_list_view": 1,
+   "in_standard_filter": 0,
+   "label": "Description",
+   "length": 0,
+   "no_copy": 0,
+   "oldfieldname": "description",
+   "oldfieldtype": "Small Text",
+   "permlevel": 0,
+   "print_hide": 0,
+   "print_hide_if_no_value": 0,
+   "read_only": 0,
+   "remember_last_selected_value": 0,
+   "report_hide": 0,
+   "reqd": 0,
+   "search_index": 0,
+   "set_only_once": 0,
+   "unique": 0,
    "width": "300px"
   }
- ], 
- "has_web_view": 0, 
- "hide_heading": 0, 
- "hide_toolbar": 0, 
- "icon": "fa fa-font", 
- "idx": 1, 
- "image_view": 0, 
- "in_create": 0, 
- "is_submittable": 0, 
- "issingle": 0, 
- "istable": 0, 
- "max_attachments": 0, 
- "modified": "2017-05-03 05:59:09.131569", 
- "modified_by": "Administrator", 
- "module": "Printing", 
- "name": "Print Heading", 
- "owner": "Administrator", 
+ ],
+ "has_web_view": 0,
+ "hide_heading": 0,
+ "hide_toolbar": 0,
+ "icon": "fa fa-font",
+ "idx": 1,
+ "image_view": 0,
+ "in_create": 0,
+ "is_submittable": 0,
+ "issingle": 0,
+ "istable": 0,
+ "max_attachments": 0,
+ "modified": "2017-05-03 05:59:09.131569",
+ "modified_by": "Administrator",
+ "module": "Printing",
+ "name": "Print Heading",
+ "owner": "Administrator",
  "permissions": [
   {
-   "amend": 0, 
-   "apply_user_permissions": 0, 
-   "cancel": 0, 
-   "create": 1, 
-   "delete": 1, 
-   "email": 1, 
-   "export": 0, 
-   "if_owner": 0, 
-   "import": 0, 
-   "permlevel": 0, 
-   "print": 1, 
-   "read": 1, 
-   "report": 1, 
-   "role": "System Manager", 
-   "set_user_permissions": 0, 
-   "share": 1, 
-   "submit": 0, 
+   "amend": 0,
+   "apply_user_permissions": 0,
+   "cancel": 0,
+   "create": 1,
+   "delete": 1,
+   "email": 1,
+   "export": 0,
+   "if_owner": 0,
+   "import": 0,
+   "permlevel": 0,
+   "print": 1,
+   "read": 1,
+   "report": 1,
+   "role": "System Manager",
+   "share": 1,
+   "submit": 0,
    "write": 1
-  }, 
+  },
   {
-   "amend": 0, 
-   "apply_user_permissions": 0, 
-   "cancel": 0, 
-   "create": 0, 
-   "delete": 0, 
-   "email": 0, 
-   "export": 0, 
-   "if_owner": 0, 
-   "import": 0, 
-   "permlevel": 0, 
-   "print": 0, 
-   "read": 1, 
-   "report": 0, 
-   "role": "All", 
-   "set_user_permissions": 0, 
-   "share": 0, 
-   "submit": 0, 
+   "amend": 0,
+   "apply_user_permissions": 0,
+   "cancel": 0,
+   "create": 0,
+   "delete": 0,
+   "email": 0,
+   "export": 0,
+   "if_owner": 0,
+   "import": 0,
+   "permlevel": 0,
+   "print": 0,
+   "read": 1,
+   "report": 0,
+   "role": "All",
+   "share": 0,
+   "submit": 0,
    "write": 0
   }
- ], 
- "quick_entry": 1, 
- "read_only": 0, 
- "read_only_onload": 0, 
- "search_fields": "print_heading", 
- "show_name_in_global_search": 0, 
- "sort_order": "DESC", 
- "track_changes": 0, 
+ ],
+ "quick_entry": 1,
+ "read_only": 0,
+ "read_only_onload": 0,
+ "search_fields": "print_heading",
+ "show_name_in_global_search": 0,
+ "sort_order": "DESC",
+ "track_changes": 0,
  "track_seen": 0
-}
+}

frappe/public/js/frappe/list/list_view.js

@@ -1526,7 +1526,7 @@ frappe.views.ListView = class ListView extends frappe.views.BaseList {
 			});
 		}
 
-		if (frappe.model.can_set_user_permissions(doctype)) {
+		if (frappe.user_roles.includes("System Manager")) {
 			items.push({
 				label: __("User Permissions", null, "Button in list view menu"),
 				action: () =>

frappe/public/js/frappe/model/model.js

@@ -449,14 +449,6 @@ $.extend(frappe.model, {
 		return frappe.boot.user.can_share.indexOf(doctype) !== -1;
 	},
 
-	can_set_user_permissions: function (doctype, frm) {
-		// system manager can always set user permissions
-		if (frappe.user_roles.includes("System Manager")) return true;
-
-		if (frm) return frm.perm[0].set_user_permissions === 1;
-		return frappe.boot.user.can_set_user_permissions.indexOf(doctype) !== -1;
-	},
-
 	has_value: function (dt, dn, fn) {
 		// return true if property has value
 		var val = locals[dt] && locals[dt][dn] && locals[dt][dn][fn];

frappe/public/js/frappe/model/perm.js

@@ -30,7 +30,6 @@ $.extend(frappe.perm, {
 		"print",
 		"email",
 		"share",
-		"set_user_permissions",
 	],
 
 	doctype_perm: {},

frappe/public/js/frappe/views/reports/query_report.js

@@ -1681,7 +1681,7 @@ frappe.views.QueryReport = class QueryReport extends frappe.views.BaseList {
 						doctype: "Report",
 						name: this.report_name,
 					}),
-				condition: () => frappe.model.can_set_user_permissions("Report"),
+				condition: () => frappe.user.has_role("System Manager"),
 				standard: true,
 			},
 		];

frappe/public/js/frappe/views/reports/report_view.js

@@ -1581,7 +1581,7 @@ frappe.views.ReportView = class ReportView extends frappe.views.ListView {
 		}
 
 		// user permissions
-		if (this.report_name && frappe.model.can_set_user_permissions("Report")) {
+		if (this.report_name && frappe.user.has_role("System Manager")) {
 			items.push({
 				label: __("User Permissions"),
 				action: () => {

frappe/utils/user.py

@@ -40,7 +40,6 @@ class UserPermissions:
 		self.can_export = []
 		self.can_print = []
 		self.can_email = []
-		self.can_set_user_permissions = []
 		self.allow_modules = []
 		self.in_create = []
 		self.setup_user()
@@ -152,7 +151,7 @@ class UserPermissions:
 			if p.get("read") or p.get("write") or p.get("create"):
 				if p.get("report"):
 					self.can_get_report.append(dt)
-				for key in ("import", "export", "print", "email", "set_user_permissions"):
+				for key in ("import", "export", "print", "email"):
 					if p.get(key):
 						getattr(self, "can_" + key).append(dt)
 
@@ -248,7 +247,6 @@ class UserPermissions:
 			"can_import",
 			"can_print",
 			"can_email",
-			"can_set_user_permissions",
 		):
 			d[key] = list(set(getattr(self, key)))
 

frappe/website/doctype/blog_category/blog_category.json

@@ -81,7 +81,6 @@
    "read": 1,
    "report": 1,
    "role": "Website Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   },
@@ -98,4 +97,4 @@
  "states": [],
  "title_field": "title",
  "track_changes": 1
-}
+}

frappe/website/doctype/blog_post/blog_post.json

@@ -230,7 +230,6 @@
    "read": 1,
    "report": 1,
    "role": "Website Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   },
@@ -251,4 +250,4 @@
  "states": [],
  "title_field": "title",
  "track_changes": 1
-}
+}

frappe/website/doctype/blogger/blogger.json

@@ -82,7 +82,6 @@
    "read": 1,
    "report": 1,
    "role": "Website Manager",
-   "set_user_permissions": 1,
    "share": 1,
    "write": 1
   },
@@ -100,4 +99,4 @@
  "states": [],
  "title_field": "full_name",
  "track_changes": 1
-}
+}