Merge pull request #9609 from prssanna/child-table-perm-fix
fix: permission validation for child table fields
This commit is contained in:
mergify[bot]
GitHub
commit
ea7520f80e
3 changed files with 47 additions and 4 deletions
|
|
@ -801,8 +801,8 @@ class BaseDocument(object):
|
|||
else:
|
||||
# get values from old doc
|
||||
if self.get('parent_doc'):
|
||||
self.parent_doc.get_latest()
|
||||
ref_doc = [d for d in self.parent_doc.get(self.parentfield) if d.name == self.name][0]
|
||||
parent_doc = self.parent_doc.get_latest()
|
||||
ref_doc = [d for d in parent_doc.get(self.parentfield) if d.name == self.name][0]
|
||||
else:
|
||||
ref_doc = self.get_latest()
|
||||
|
||||
|
|
|
|||
|
|
@ -583,7 +583,7 @@ class Document(BaseDocument):
|
|||
|
||||
# check for child tables
|
||||
for df in self.meta.get_table_fields():
|
||||
high_permlevel_fields = frappe.get_meta(df.options).meta.get_high_permlevel_fields()
|
||||
high_permlevel_fields = frappe.get_meta(df.options).get_high_permlevel_fields()
|
||||
if high_permlevel_fields:
|
||||
for d in self.get(df.fieldname):
|
||||
d.reset_values_if_no_permlevel_access(has_access_to, high_permlevel_fields)
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ class TestFormLoad(unittest.TestCase):
|
|||
user.remove_roles(*user_roles)
|
||||
user.add_roles('Blogger')
|
||||
|
||||
make_property_setter('Blog Post', 'published', 'permlevel', 1, 'Int')
|
||||
make_property_setter('Blog Post', 'published', 'permlevel', 1, 'Int')
|
||||
reset('Blog Post')
|
||||
add('Blog Post', 'Website Manager', 1)
|
||||
update('Blog Post', 'Website Manager', 1, 'write', 1)
|
||||
|
|
@ -79,6 +79,49 @@ class TestFormLoad(unittest.TestCase):
|
|||
user.remove_roles('Blogger', 'Website Manager')
|
||||
user.add_roles(*user_roles)
|
||||
|
||||
def test_fieldlevel_permissions_in_load_for_child_table(self):
|
||||
contact = frappe.new_doc('Contact')
|
||||
contact.first_name = '_Test Contact 1'
|
||||
contact.append('phone_nos', {'phone': '123456'})
|
||||
contact.insert()
|
||||
|
||||
user = frappe.get_doc('User', 'test@example.com')
|
||||
|
||||
user_roles = frappe.get_roles()
|
||||
user.remove_roles(*user_roles)
|
||||
user.add_roles('Accounts User')
|
||||
|
||||
make_property_setter('Contact Phone', 'phone', 'permlevel', 1, 'Data')
|
||||
reset('Contact Phone')
|
||||
add('Contact', 'Sales User', 1)
|
||||
update('Contact', 'Sales User', 1, 'write', 1)
|
||||
|
||||
frappe.set_user(user.name)
|
||||
|
||||
contact = frappe.get_doc('Contact', '_Test Contact 1')
|
||||
|
||||
contact.phone_nos[0].phone = '654321'
|
||||
contact.save()
|
||||
|
||||
self.assertEqual(contact.phone_nos[0].phone, '123456')
|
||||
|
||||
frappe.set_user('Administrator')
|
||||
user.add_roles('Sales User')
|
||||
frappe.set_user(user.name)
|
||||
|
||||
contact.phone_nos[0].phone = '654321'
|
||||
contact.save()
|
||||
|
||||
contact = frappe.get_doc('Contact', '_Test Contact 1')
|
||||
self.assertEqual(contact.phone_nos[0].phone, '654321')
|
||||
|
||||
frappe.set_user('Administrator')
|
||||
|
||||
# reset user roles
|
||||
user.remove_roles('Accounts User', 'Sales User')
|
||||
user.add_roles(*user_roles)
|
||||
|
||||
|
||||
def get_blog(blog_name):
|
||||
frappe.response.docs = []
|
||||
getdoc('Blog Post', blog_name)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue