vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
55478 commits 1 branch 0 tags 587 MiB
Commit graph

282 commits

Author SHA1 Message Date
Priyal
90c28c0f6b fix: consider read permlevel access for select 2026-03-17 16:25:53 +05:30
Priyal
bfc3c5586c fix: improve perm check ux 2026-03-16 14:39:08 +05:30
Sagar Vora
2882ed4e69 refactor: better permission check for single doctypes 2025-12-22 12:13:26 +05:30
Sagar Vora
0a4ff25b54 fix: check user permissions on computed child tables 2025-11-28 17:08:22 +05:30
Saqib Ansari
04d1c9dc04 fix: linting issues 2025-11-06 15:23:45 +05:30
Saqib Ansari
52b88e9518 feat: add test cases 2025-11-06 15:17:45 +05:30
Saqib Ansari
50dd9f31c0 refactor: create same perm type for multiple doctypes 2025-11-03 17:48:57 +05:30
Saqib Ansari
e099d4a7a7 feat: apply custom permission types on docshare 2025-10-30 20:02:34 +05:30
Sagar Vora
a084f5a2f3 refactor: separate only computed CTs, with new include_computed flag 2025-10-14 12:31:47 +05:30
Sagar Vora
2c9c6c0fd5 fix: correct table_fields references 2025-10-01 12:25:00 +05:30
Sagar Vora
ceb4ee8bf2 perf: get ancestors only if needed 2025-06-24 11:58:55 +05:30
Sagar Vora
86fcea4578 refactor: reduce duplication 2025-06-24 11:49:49 +05:30
Akhil Narang
519a298db3
fix: add back accidentally removed logging 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-06-24 11:18:23 +05:30
Sagar Vora
e1f7556687
fix: ensure document name isn't None 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-06-24 11:18:23 +05:30
Akhil Narang
60dd0377e8
refactor: store hide_descendants within user permissions data 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-06-24 11:18:23 +05:30
Akhil Narang
6d8ebeb09f
fix: allow creating tree doctype if user permission grants access to the parent 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-06-24 11:18:23 +05:30
Akhil Narang
2b51d4f4d7
Revert "fix: permission error when permission docname is none" 
This reverts commit f1d0419fa8.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-06-24 11:18:23 +05:30
Ankush Menat
726474db94
fix: skip strict perm while writing on local document too (#32927) 
It's harmless: https://github.com/frappe/frappe/pull/32798#issuecomment-2969391481
 2025-06-13 15:42:24 +05:30
Ankush Menat
fe03ceb35e
fix: don't apply strict user permission on local document (#32798) 2025-06-13 05:59:30 +00:00
Ankush Menat
bebabc3211 fix: Handle support for DocType and virtual 
By falling back to original impl with warning.
This is just to allow "fearless usage".
 2025-06-11 09:55:45 +05:30
Ankush Menat
beefdb9a1f perf: use lazy doc for permission checks 🚀 
Co-Authored-By: Sagar Vora <sagar@resilient.tech>
 2025-06-11 09:55:45 +05:30
Ejaaz Khan
f1d0419fa8 fix: permission error when permission docname is none 2025-06-02 17:46:10 +05:30
Ankush Menat
dcf6a45537 chore: language 2025-05-17 18:02:47 +05:30
Ankush Menat
c70ba644a9
fix: Show doctype name in perm check errors (#32122) 
`meta.doctype` is always `DocType`
 2025-04-14 12:29:51 +00:00
Sagar Vora
60b889c3b8 fix: ensure correct context in sys.exc_info 2025-02-19 17:33:53 +05:30
Sagar Vora
09459d1d27 fix: ensure exception is always returned 2025-02-19 12:38:43 +05:30
Sagar Vora
f4062b4d7a fix: ensure consistent error in response 2025-02-19 12:10:59 +05:30
Ankush Menat
546260162d perf: Skip link checking on internal deletes 
These are deletes that aren't user triggered and these documents are
typically never "linked" somewhere else. So skip all expensive link /
dynamic link checks.
 2025-01-06 11:48:19 +05:30
Sumit Bhanushali
5d22ee7b2b fix: check at doc level when if owner role permission is checked during export from report view 
(cherry picked from commit c7ad3296c9664f5d6b2946f46082f57b91c1bac8)
 2024-12-09 07:22:32 +00:00
Akhil Narang
84ef6ec677
refactor: fixup with ruff 0.8.1 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-12-04 13:18:04 +05:30
Akhil Narang
d47057cbef
fix(permissions): cast docname to string 
Extension of #24988

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-10-22 13:09:43 +05:30
Sumit Bhanushali
847dd62ec0 feat: permission log 2024-09-30 14:54:32 +05:30
Ankush Menat
a1bb734079 fix: filter select perm in get_doctypes_with_read 
closes https://github.com/frappe/frappe/issues/26015

Extracted from https://github.com/frappe/frappe/pull/26018
 2024-04-18 15:15:47 +05:30
Akhil Narang
306c923986
chore: minor code cleanup 
- Use walrus operator where possible
- Drop redundant checks - we anyway can't iterate over an empty list

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-04-10 17:22:45 +05:30
Revant Nandgaonkar
7e16e902d9
feat: allow wildcard for doctype in permission hooks (#25729) 
* feat: allow wildcard for doctype in permission hooks

* fix: pass doctype to permission query

* fix: combine methods instead of alternate

* test: wildcard has_permssion hook

* test: wildcard has_permssion make note public

* fix: fetch list of hooks once
 2024-04-10 11:44:37 +05:30
Ankush Menat
99952880cc fix!: Don't let users with write access to UP bypass UP 
IDK why we truly need this, except maybe debugging sometimes. This just
causes confusion and people keep reporting this as security issue.
 2024-04-05 18:55:27 +05:30
barredterra
b6f12db08c fix: translate doctype in user-facing error message 2024-02-24 02:39:29 +01:00
Ankush Menat
99bb5d0303
fix: Cast to string to handle int PK (#24988) 2024-02-21 13:27:38 +00:00
Raffael Meyer
fc64e8a0fb
feat: pass doctype as context when translating label (#24903) 2024-02-18 19:42:15 +05:30
Ankush Menat
72c2207e0f refactor: useless use of dict in frappe.get_doc 2024-02-10 12:52:38 +05:30
Akhil Narang
26ae0f3460
fix: ruff fixes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-07 17:04:31 +05:30
Ankush Menat
de9ac89748 style: re-format with ruff 2024-02-05 18:53:33 +05:30
Gursheen Anand
f74939eb0c fix: skip strict user perms for single doctypes 2024-01-18 16:10:20 +05:30
Ankush Menat
447f02e8d3
fix!: Remove misleading "raise_exception" (#24266) 
frappe.permission.has_permission won't accept raise_exception anymore,
it was extremely misleading argument and actual purpose of the argument
was to print perm check logs.
 2024-01-11 08:24:18 +00:00
Ankush Menat
5ef8577cff
fix!: Stricter requirement for permission hooks (#24253) 
BREAKING CHANGE:

before: `has_permission` hooks need to explicitly return "False" to block a user.

after: `has_permission` hook need to explicitly return "True" (or truthy) value to allow user. They will be blocked otherwise.

Why? Everything related to permission should be block by default and allow if some checks pass.
 2024-01-11 01:35:08 +05:30
Ankush Menat
b3532024b5 fix: Accept "Falsy" values from perm controllers 2024-01-10 15:43:06 +05:30
Ankush Menat
914406d31b feat: extend perm debugging to popular controllers 
- [x] File
- [x] Communication
 2024-01-10 15:16:52 +05:30
Ankush Menat
3a8fc90961
feat: permission debugger (#24239) 
* feat: permission debugger

This PR adds a virtual doctype that can run has_permission for
doctype-docname-user-ptype combinations and spit out detailed log for
why/where some permissionw as denied or granted.

This isn't supposed to be programatic, it's just textual dump of what code is doing.

IMO a better debugger can be written but that will require extensive
rewrite of perm checks first. All debugging, error messages in current
systems are bolted on top with hacks to avoid messing with
implementation.

* fix: capture UP pass check

* fix: reset docname on changing doctype

* fix: docname is optional

* fix: debug doctype perms
 2024-01-10 09:29:13 +00:00
Ankush Menat
3349f2b6e6 fix: nested has_permission calls erase messages 2024-01-04 10:31:55 +05:30
Ankush Menat
04acd0bda4
fix: don't add fallback for child table (#24105) 2024-01-03 12:18:06 +00:00