fix: Setup permission_map & use get_permitted_fields
This commit is contained in:
Gavin D'souza
parent
c0537c74da
commit
a22cbe8ae5
2 changed files with 31 additions and 15 deletions
|
|
@ -207,9 +207,15 @@ def get_permitted_fields(
|
|||
if set(valid_columns).issubset(default_fields):
|
||||
return valid_columns
|
||||
|
||||
if permission_type is None:
|
||||
permission_type = "select" if frappe.only_has_select_perm(doctype, user=user) else "read"
|
||||
|
||||
if permitted_fields := meta.get_permitted_fieldnames(
|
||||
parenttype=parenttype, user=user, permission_type=permission_type
|
||||
):
|
||||
if permission_type == "select":
|
||||
return permitted_fields
|
||||
|
||||
meta_fields = meta.default_fields.copy()
|
||||
optional_meta_fields = [x for x in optional_fields if x in valid_columns]
|
||||
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ class DatabaseQuery:
|
|||
self.ignore_ifnull = False
|
||||
self.flags = frappe._dict()
|
||||
self.reference_doctype = None
|
||||
self.permission_map = {}
|
||||
|
||||
@property
|
||||
def doctype_meta(self):
|
||||
|
|
@ -115,15 +116,8 @@ class DatabaseQuery:
|
|||
parent_doctype=None,
|
||||
) -> list:
|
||||
|
||||
if (
|
||||
not ignore_permissions
|
||||
and not frappe.has_permission(self.doctype, "select", user=user, parent_doctype=parent_doctype)
|
||||
and not frappe.has_permission(self.doctype, "read", user=user, parent_doctype=parent_doctype)
|
||||
):
|
||||
frappe.flags.error_message = _("Insufficient Permission for {0}").format(
|
||||
frappe.bold(self.doctype)
|
||||
)
|
||||
raise frappe.PermissionError(self.doctype)
|
||||
if not ignore_permissions:
|
||||
self.check_read_permission(self.doctype, parent_doctype=parent_doctype)
|
||||
|
||||
# filters and fields swappable
|
||||
# its hard to remember what comes first
|
||||
|
|
@ -495,14 +489,26 @@ class DatabaseQuery:
|
|||
frappe._dict(doctype=doctype, fieldname=fieldname, table_name=f"`tab{doctype}`")
|
||||
)
|
||||
|
||||
def check_read_permission(self, doctype):
|
||||
if not self.flags.ignore_permissions and not frappe.has_permission(
|
||||
def check_read_permission(self, doctype, parent_doctype=None):
|
||||
if self.flags.ignore_permissions:
|
||||
return
|
||||
|
||||
if doctype not in self.permission_map:
|
||||
self._set_permission_map(doctype, parent_doctype)
|
||||
|
||||
return self.permission_map[doctype]
|
||||
|
||||
def _set_permission_map(self, doctype, parent_doctype=None):
|
||||
ptype = "select" if frappe.only_has_select_perm(doctype) else "read"
|
||||
val = frappe.has_permission(
|
||||
doctype,
|
||||
ptype="select" if frappe.only_has_select_perm(doctype) else "read",
|
||||
parent_doctype=self.doctype,
|
||||
):
|
||||
ptype=ptype,
|
||||
parent_doctype=parent_doctype,
|
||||
)
|
||||
if not val:
|
||||
frappe.flags.error_message = _("Insufficient Permission for {0}").format(frappe.bold(doctype))
|
||||
raise frappe.PermissionError(doctype)
|
||||
self.permission_map[doctype] = ptype
|
||||
|
||||
def set_field_tables(self):
|
||||
"""If there are more than one table, the fieldname must not be ambiguous.
|
||||
|
|
@ -608,7 +614,11 @@ class DatabaseQuery:
|
|||
return
|
||||
|
||||
asterisk_fields = []
|
||||
permitted_fields = get_permitted_fields(doctype=self.doctype, parenttype=self.parent_doctype)
|
||||
permitted_fields = get_permitted_fields(
|
||||
doctype=self.doctype,
|
||||
parenttype=self.parent_doctype,
|
||||
permission_type=self.permission_map.get(self.doctype),
|
||||
)
|
||||
|
||||
for i, field in enumerate(self.fields):
|
||||
if "distinct" in field.lower():
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue