vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
seitime-frappe/frappe/tests/test_boot.py
Ankush Menat 13162d8fbd fix: Only apply perm query to non-admin users
2023-01-30 11:24:16 +05:30

72 lines
2 KiB
Python
Raw Blame History

import frappe
from frappe.boot import get_unseen_notes, get_user_pages_or_reports
from frappe.desk.doctype.note.note import mark_as_seen
from frappe.tests.utils import FrappeTestCase
class TestBootData(FrappeTestCase):
def test_get_unseen_notes(self):
frappe.db.delete("Note")
frappe.db.delete("Note Seen By")
note = frappe.get_doc(
{
"doctype": "Note",
"title": "Test Note",
"notify_on_login": 1,
"content": "Test Note 1",
"public": 1,
}
)
note.insert()
frappe.set_user("test@example.com")
unseen_notes = [d.title for d in get_unseen_notes()]
self.assertListEqual(unseen_notes, ["Test Note"])
mark_as_seen(note.name)
unseen_notes = [d.title for d in get_unseen_notes()]
self.assertListEqual(unseen_notes, [])
def test_get_user_pages_or_reports_with_permission_query(self):
# Create a ToDo custom report with admin user
frappe.set_user("Administrator")
frappe.get_doc(
{
"doctype": "Report",
"ref_doctype": "ToDo",
"report_name": "Test Admin Report",
"report_type": "Report Builder",
"is_standard": "No",
}
).insert()
# Add permission query such that each user can only see their own custom reports
frappe.get_doc(
dict(
doctype="Server Script",
name="test_report_permission_query",
script_type="Permission Query",
reference_doctype="Report",
script="""conditions = f"(`tabReport`.is_standard = 'Yes' or `tabReport`.owner = '{frappe.session.user}')"
""",
)
).insert()
# Create a ToDo custom report with test user
frappe.set_user("test@example.com")
frappe.get_doc(
{
"doctype": "Report",
"ref_doctype": "ToDo",
"report_name": "Test User Report",
"report_type": "Report Builder",
"is_standard": "No",
}
).insert(ignore_permissions=True)
get_user_pages_or_reports("Report")
allowed_reports = frappe.cache().get_value("has_role:Report", user=frappe.session.user)
# Test user must not see admin user's report
self.assertNotIn("Test Admin Report", allowed_reports)
self.assertIn("Test User Report", allowed_reports)
Reference in a new issue View git blame Copy permalink