Permissions. Fixes frappe/erpnext#1554

2014-05-01 16:25:28 +05:30 · 2014-05-01 16:25:28 +05:30 · 9055965ffd
commit 9055965ffd
parent 8d7ea61415
5 changed files with 46 additions and 38 deletions
--- a/frappe/core/doctype/docperm/docperm.json
+++ b/frappe/core/doctype/docperm/docperm.json
@ -66,13 +66,6 @@
   "search_index": 0, 
   "width": "32px"
  }, 
-  {
-   "description": "Only restricted users can access", 
-   "fieldname": "restricted", 
-   "fieldtype": "Check", 
-   "label": "Only Restricted Documents", 
-   "permlevel": 0
-  }, 
  {
   "fieldname": "write", 
   "fieldtype": "Check", 
@ -177,11 +170,6 @@
   "label": "Import", 
   "permlevel": 0
  }, 
-  {
-   "fieldname": "column_break_19", 
-   "fieldtype": "Column Break", 
-   "permlevel": 0
-  }, 
  {
   "fieldname": "print", 
   "fieldtype": "Check", 
@ -194,11 +182,23 @@
   "label": "Email", 
   "permlevel": 0
  }, 
+  {
+   "fieldname": "column_break_19", 
+   "fieldtype": "Column Break", 
+   "permlevel": 0
+  }, 
+  {
+   "description": "Only restricted users can access", 
+   "fieldname": "restricted", 
+   "fieldtype": "Check", 
+   "label": "Only Restricted Documents", 
+   "permlevel": 0
+  }, 
  {
   "description": "This role can restrict users for accessing the record.", 
   "fieldname": "restrict", 
   "fieldtype": "Check", 
-   "label": "Can Restrict", 
+   "label": "Can Restrict Others", 
   "permlevel": 0
  }
 ], 
@ -207,7 +207,7 @@
 "idx": 1, 
 "issingle": 0, 
 "istable": 1, 
- "modified": "2014-04-30 00:31:21.598463", 
+ "modified": "2014-05-01 05:20:48.162224", 
 "modified_by": "Administrator", 
 "module": "Core", 
 "name": "DocPerm", 
--- a/frappe/core/doctype/doctype/doctype.json
+++ b/frappe/core/doctype/doctype/doctype.json
@ -162,12 +162,25 @@
   "search_index": 0
  }, 
  {
+   "fieldname": "description", 
+   "fieldtype": "Small Text", 
+   "hidden": 0, 
+   "label": "Description", 
+   "oldfieldname": "description", 
+   "oldfieldtype": "Text", 
+   "permlevel": 0, 
+   "reqd": 0, 
+   "search_index": 0
+  }, 
+  {
+   "depends_on": "eval:!doc.istable", 
   "fieldname": "sb2", 
   "fieldtype": "Section Break", 
   "label": "Permission Rules", 
   "permlevel": 0
  }, 
  {
+   "depends_on": "", 
   "fieldname": "permissions", 
   "fieldtype": "Table", 
   "hidden": 0, 
@ -180,6 +193,7 @@
   "search_index": 0
  }, 
  {
+   "depends_on": "eval:!doc.istable", 
   "fieldname": "sb3", 
   "fieldtype": "Section Break", 
   "permlevel": 0
@ -307,17 +321,6 @@
   "fieldtype": "Data", 
   "label": "Default Print Format", 
   "permlevel": 0
-  }, 
-  {
-   "fieldname": "description", 
-   "fieldtype": "Small Text", 
-   "hidden": 0, 
-   "label": "Description", 
-   "oldfieldname": "description", 
-   "oldfieldtype": "Text", 
-   "permlevel": 0, 
-   "reqd": 0, 
-   "search_index": 0
  }
 ], 
 "hide_heading": 0, 
@ -326,7 +329,7 @@
 "idx": 1, 
 "issingle": 0, 
 "istable": 0, 
- "modified": "2014-04-24 15:55:05.094304", 
+ "modified": "2014-05-01 05:27:22.582492", 
 "modified_by": "Administrator", 
 "module": "Core", 
 "name": "DocType", 
--- a/frappe/core/doctype/doctype/doctype.py
+++ b/frappe/core/doctype/doctype/doctype.py
@ -22,8 +22,13 @@ class DocType(Document):
 		self.scrub_field_names()
 		self.validate_title_field()
 		validate_fields(self.get("fields"))
-		if not self.istable:
+
+		if self.istable:
+			# no permission records for child table
+			self.permissions = []
+		else:
 			validate_permissions(self)
+
 		self.make_amendable()
 		self.check_link_replacement_error()

@ -217,7 +222,7 @@ def validate_fields(fields):
 	check_min_items_in_list(fields)

 def validate_permissions_for_doctype(doctype, for_remove=False):
-	validate_permissions(frappe.get_doc(doctype), for_remove)
+	validate_permissions(frappe.get_doc("DocType", doctype), for_remove)

 def validate_permissions(doctype, for_remove=False):
 	permissions = doctype.get("permissions")
--- a/frappe/core/doctype/user/user.js
+++ b/frappe/core/doctype/user/user.js
@ -224,7 +224,6 @@ frappe.RoleEditor = Class.extend({
 					+ '<th style="text-align: left">' + __('Document Type') + '</th>'
 					+ '<th>' + __('Level') + '</th>'
 					+ '<th>' + __('Read') + '</th>'
-					+ '<th>' + __('Only Restricted Documents') + '</th>'
 					+ '<th>' + __('Write') + '</th>'
 					+ '<th>' + __('Create') + '</th>'
 					+ '<th>' + __('Delete') + '</th>'
@ -236,7 +235,8 @@ frappe.RoleEditor = Class.extend({
 					// + '<th>' + __('Export') + '</th>'
 					// + '<th>' + __('Print') + '</th>'
 					// + '<th>' + __('Email') + '</th>'
-					+ '<th>' + __('Can Restrict') + '</th>'
+					+ '<th>' + __('Only Restricted Documents') + '</th>'
+					+ '<th>' + __('Can Restrict Others') + '</th>'
 					+ '</tr></thead><tbody></tbody></table>');

 				for(var i=0, l=r.message.length; i<l; i++) {
@ -257,7 +257,6 @@ frappe.RoleEditor = Class.extend({
 						<td style="text-align: left">%(parent)s</td>\
 						<td>%(permlevel)s</td>\
 						<td>%(read)s</td>\
-						<td>%(restricted)s</td>\
 						<td>%(write)s</td>\
 						<td>%(create)s</td>\
 						<td>%(delete)s</td>\
@ -269,7 +268,8 @@ frappe.RoleEditor = Class.extend({
 						// <td>%(export)s</td>\
 						// <td>%(print)s</td>\
 						// <td>%(email)s</td>'
-						+ '<td>%(restrict)s</td>\
+						+ '<td>%(restricted)s</td>\
+						<td>%(restrict)s</td>\
 						</tr>', perm))
 				}

--- a/frappe/core/page/permission_manager/permission_manager.js
+++ b/frappe/core/page/permission_manager/permission_manager.js
@ -109,7 +109,7 @@ frappe.PermissionEngine = Class.extend({
 					$.each(me.rights, function(i, r) {
 						if(d[r]===1) {
 							if(r==="restrict") {
-								d.rights.push(__("Can Restrict"));
+								d.rights.push(__("Can Restrict Others"));
 							} else if(r==="restricted") {
 								d.rights.push(__("Only Restricted Documents"));
 							} else {
@ -227,7 +227,7 @@ frappe.PermissionEngine = Class.extend({

 			$.each(me.rights, function(i, r) {
 				if(r==="restrict") {
-					add_check(perm_container, d, "restrict", "Can Restrict");
+					add_check(perm_container, d, "restrict", "Can Restrict Others");
 				} else if(r==="restricted") {
 					add_check(perm_container, d, "restricted", "Only Restricted Documents");
 				} else {
@ -239,8 +239,8 @@ frappe.PermissionEngine = Class.extend({
 			me.add_delete_button(row, d);
 		});
 	},
-	rights: ["read", "restricted", "write", "create", "delete", "submit", "cancel", "amend",
-		"report", "import", "export", "print", "email", "restrict"],
+	rights: ["read", "write", "create", "delete", "submit", "cancel", "amend",
+		"report", "import", "export", "print", "email", "restricted", "restrict"],

 	set_show_users: function(cell, role) {
 		cell.html("<a href='#'>"+role+"</a>")
@ -390,7 +390,7 @@ var permissions_help = ['<table class="table table-bordered" style="background-c
 		':</h4>',
 		'<ol>',
 			'<li>',
-				__('Permissions are set on Roles and Document Types (called DocTypes) by setting rights like Read, Restricted, Write, Create, Delete, Submit, Cancel, Amend, Report, Import, Export, Print, Email and Can Restrict.'),
+				__('Permissions are set on Roles and Document Types (called DocTypes) by setting rights like Read, Write, Create, Delete, Submit, Cancel, Amend, Report, Import, Export, Print, Email, Only Restricted Documents and Can Restrict Others.'),
 			'</li>',
 			'<li>',
 				__('Permissions get applied on Users based on what Roles they are assigned.'),
@ -472,7 +472,7 @@ var permissions_help = ['<table class="table table-bordered" style="background-c
 				__("Once you have set this, the users will only be able access documents where the link (e.g Company) exists."),
 			'</li>',
 			'<li>',
-				__("Apart from System Manager, roles with 'Can Restrict' permission can restrict other users for that Document Type."),
+				__("Apart from System Manager, roles with 'Can Restrict Others' permission can restrict other users for that Document Type."),
 			'</li>',
 		'</ol>',
 	'</td></tr>',