From cd80266d82f0dd34b28e59e8418731b5b4132f62 Mon Sep 17 00:00:00 2001 From: kratos Date: Mon, 31 Dec 2018 11:26:58 +0530 Subject: [PATCH 1/4] fixes: Users list doctype with Postgres --- frappe/core/doctype/user/user.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py index ead7883447..02e77cfcec 100644 --- a/frappe/core/doctype/user/user.py +++ b/frappe/core/doctype/user/user.py @@ -891,10 +891,9 @@ def get_active_website_users(): def get_permission_query_conditions(user): if user=="Administrator": return "" - else: return """(`tabUser`.name not in ({standard_users}))""".format( - standard_users='"' + '", "'.join(STANDARD_USERS) + '"') + standard_users="'" + "', '".join(STANDARD_USERS) + "'") def has_permission(doc, user): if (user != "Administrator") and (doc.name in STANDARD_USERS): From 507e37e603a4d3de756d4cf29d5c8e15cde51fb7 Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Tue, 8 Jan 2019 12:27:25 +0530 Subject: [PATCH 2/4] fix: use ORM instead of manually adding quotes --- frappe/core/doctype/user/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py index 02e77cfcec..67305d2973 100644 --- a/frappe/core/doctype/user/user.py +++ b/frappe/core/doctype/user/user.py @@ -893,7 +893,7 @@ def get_permission_query_conditions(user): return "" else: return """(`tabUser`.name not in ({standard_users}))""".format( - standard_users="'" + "', '".join(STANDARD_USERS) + "'") + standard_users = ", ".join(frappe.db.escape(user) for user in STANDARD_USERS)) def has_permission(doc, user): if (user != "Administrator") and (doc.name in STANDARD_USERS): From 90b6baccf819db60035be6cad0b27496182dc5e6 Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Tue, 8 Jan 2019 12:30:23 +0530 Subject: [PATCH 3/4] fix: Remove extra bracket --- frappe/core/doctype/user/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py index 67305d2973..d9043a9321 100644 --- a/frappe/core/doctype/user/user.py +++ b/frappe/core/doctype/user/user.py @@ -893,7 +893,7 @@ def get_permission_query_conditions(user): return "" else: return """(`tabUser`.name not in ({standard_users}))""".format( - standard_users = ", ".join(frappe.db.escape(user) for user in STANDARD_USERS)) + standard_users = ", ".join(frappe.db.escape(user) for user in STANDARD_USERS) def has_permission(doc, user): if (user != "Administrator") and (doc.name in STANDARD_USERS): From d2b7a454293a35c57b645bfe0ca0e56f719e5641 Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Tue, 8 Jan 2019 15:51:50 +0530 Subject: [PATCH 4/4] Revert fix: Remove extra bracket :man_facepalming: --- frappe/core/doctype/user/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py index d9043a9321..67305d2973 100644 --- a/frappe/core/doctype/user/user.py +++ b/frappe/core/doctype/user/user.py @@ -893,7 +893,7 @@ def get_permission_query_conditions(user): return "" else: return """(`tabUser`.name not in ({standard_users}))""".format( - standard_users = ", ".join(frappe.db.escape(user) for user in STANDARD_USERS) + standard_users = ", ".join(frappe.db.escape(user) for user in STANDARD_USERS)) def has_permission(doc, user): if (user != "Administrator") and (doc.name in STANDARD_USERS):