fix: Apply only if creator perm irrespective of user
This commit is contained in:
Deepesh Garg
parent
b51f13c291
commit
bd8862f1a4
1 changed files with 14 additions and 10 deletions
|
|
@ -108,11 +108,18 @@ def get_doc_permissions(doc, user=None, ptype=None):
|
|||
|
||||
meta = frappe.get_meta(doc.doctype)
|
||||
|
||||
def is_user_owner():
|
||||
doc_owner = doc.get('owner') or ''
|
||||
doc_owner = doc_owner.lower()
|
||||
session_user = frappe.session.user.lower()
|
||||
return doc_owner == session_user
|
||||
|
||||
|
||||
if has_controller_permissions(doc, ptype, user=user) == False :
|
||||
push_perm_check_log('Not allowed via controller permission check')
|
||||
return {ptype: 0}
|
||||
|
||||
permissions = copy.deepcopy(get_role_permissions(meta, user=user))
|
||||
permissions = copy.deepcopy(get_role_permissions(meta, user=user, is_owner=is_user_owner()))
|
||||
|
||||
if not cint(meta.is_submittable):
|
||||
permissions["submit"] = 0
|
||||
|
|
@ -120,13 +127,8 @@ def get_doc_permissions(doc, user=None, ptype=None):
|
|||
if not cint(meta.allow_import):
|
||||
permissions["import"] = 0
|
||||
|
||||
def is_user_owner():
|
||||
doc_owner = doc.get('owner') or ''
|
||||
doc_owner = doc_owner.lower()
|
||||
session_user = frappe.session.user.lower()
|
||||
return doc_owner == session_user
|
||||
|
||||
if is_user_owner():
|
||||
# Override with `if_owner` perms irrespective of user
|
||||
if permissions.get('has_if_owner_enabled'):
|
||||
# apply owner permissions on top of existing permissions
|
||||
# some access might be only for the owner
|
||||
# eg. everyone might have read access but only owner can delete
|
||||
|
|
@ -143,7 +145,7 @@ def get_doc_permissions(doc, user=None, ptype=None):
|
|||
|
||||
return permissions
|
||||
|
||||
def get_role_permissions(doctype_meta, user=None):
|
||||
def get_role_permissions(doctype_meta, user=None, is_owner=None):
|
||||
"""
|
||||
Returns dict of evaluated role permissions like
|
||||
{
|
||||
|
|
@ -183,6 +185,8 @@ def get_role_permissions(doctype_meta, user=None):
|
|||
applicable_permissions = list(filter(is_perm_applicable, getattr(doctype_meta, 'permissions', [])))
|
||||
has_if_owner_enabled = any(p.get('if_owner', 0) for p in applicable_permissions)
|
||||
|
||||
perms['has_if_owner_enabled'] = has_if_owner_enabled
|
||||
|
||||
for ptype in rights:
|
||||
pvalue = any(p.get(ptype, 0) for p in applicable_permissions)
|
||||
# check if any perm object allows perm type
|
||||
|
|
@ -191,7 +195,7 @@ def get_role_permissions(doctype_meta, user=None):
|
|||
and has_if_owner_enabled
|
||||
and not has_permission_without_if_owner_enabled(ptype)
|
||||
and ptype != 'create'):
|
||||
perms['if_owner'][ptype] = 1
|
||||
perms['if_owner'][ptype] = cint(pvalue and is_owner)
|
||||
# has no access if not owner
|
||||
# only provide select or read access so that user is able to at-least access list
|
||||
# (and the documents will be filtered based on owner sin further checks)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue