vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: role-perm validation (#35640)

Browse source
This commit is contained in:
Raffael Meyer 2026-01-22 12:31:22 +01:00 committed by GitHub
parent 9544593caa
commit f813fc1c1e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 65 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
frappe/core/doctype/doctype/doctype.py
View file

@ -1841,34 +1841,84 @@ def validate_permissions(doctype, for_remove=False, alert=False):
def check_permission_dependency(d):
if d.cancel and not d.submit:
frappe.throw(_("{0}: Cannot set Cancel without Submit").format(get_txt(d)))
frappe.throw(
_("{0}: The 'Cancel' permission cannot be granted without the 'Submit' permission.").format(
get_txt(d)
)
)
if (d.submit or d.cancel or d.amend) and not d.write:
frappe.throw(_("{0}: Cannot set Submit, Cancel, Amend without Write").format(get_txt(d)))
if d.amend and not d.write:
frappe.throw(_("{0}: Cannot set Amend without Cancel").format(get_txt(d)))
frappe.throw(
_(
"{0}: The 'Submit', 'Cancel', and 'Amend' permissions cannot be granted without the 'Write' permission."
).format(get_txt(d))
)
if d.amend and not d.create:
frappe.throw(
_("{0}: The 'Amend' permission cannot be granted without the 'Create' permission.").format(
get_txt(d)
)
)
if d.get("import") and not d.create:
frappe.throw(_("{0}: Cannot set Import without Create").format(get_txt(d)))
frappe.throw(
_("{0}: The 'Import' permission cannot be granted without the 'Create' permission.").format(
get_txt(d)
)
)
def remove_rights_for_single(d):
if not issingle:
return
if d.report:
frappe.msgprint(_("Report cannot be set for Single types"))
d.report = 0
if d.get("report"):
d.set("report", 0)
frappe.msgprint(
_(
"{0}: The 'Report' permission was removed because it cannot be granted for a 'single' DocType."
).format(get_txt(d))
)
if d.get("import"):
d.set("import", 0)
frappe.msgprint(
_(
"{0}: The 'Import' permission was removed because it cannot be granted for a 'single' DocType."
).format(get_txt(d))
)
if d.get("export"):
d.set("export", 0)
frappe.msgprint(
_(
"{0}: The 'Export' permission was removed because it cannot be granted for a 'single' DocType."
).format(get_txt(d))
)
def check_if_submittable(d):
if d.submit and not issubmittable:
frappe.throw(_("{0}: Cannot set Assign Submit if not Submittable").format(get_txt(d)))
elif d.amend and not issubmittable:
frappe.throw(_("{0}: Cannot set Assign Amend if not Submittable").format(get_txt(d)))
if issubmittable:
return
if d.submit:
frappe.throw(
_("{0}: The 'Submit' permission cannot be granted for a non-submittable DocType.").format(
get_txt(d)
)
)
if d.amend:
frappe.throw(
_("{0}: The 'Amend' permission cannot be granted for a non-submittable DocType.").format(
get_txt(d)
)
)
def check_if_importable(d):
if d.get("import") and not isimportable:
frappe.throw(_("{0}: Cannot set import as {1} is not importable").format(get_txt(d), doctype))
frappe.throw(
_("{0}: The 'Import' permission cannot be granted for a non-importable DocType.").format(
get_txt(d)
)
)
def validate_permission_for_all_role(d):
if frappe.session.user == "Administrator":
@ -1878,7 +1928,7 @@ def validate_permissions(doctype, for_remove=False, alert=False):
if d.role in AUTOMATIC_ROLES:
frappe.throw(
_(
"Row # {0}: Non administrator user can not set the role {1} to the custom doctype"
"Row # {0}: Non-administrator users cannot add the role {1} to a custom DocType."
).format(d.idx, frappe.bold(_(d.role))),
title=_("Permissions Error"),
)
@ -1888,7 +1938,7 @@ def validate_permissions(doctype, for_remove=False, alert=False):
if d.role in roles:
frappe.throw(
_(
"Row # {0}: Non administrator user can not set the role {1} to the custom doctype"
"Row # {0}: Non-administrator users cannot add the role {1} to a custom DocType."
).format(d.idx, frappe.bold(_(d.role))),
title=_("Permissions Error"),
)