3446026555
The license.txt file has been replaced with LICENSE for quite a while now. INAL but it didn't seem accurate to say "hey, checkout license.txt although there's no such file". Apart from this, there were inconsistencies in the headers altogether...this change brings consistency.
149 lines
No EOL
4.3 KiB
Python
149 lines
No EOL
4.3 KiB
Python
# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
|
|
# License: MIT. See LICENSE
|
|
import frappe, unittest
|
|
from frappe.desk.form.load import getdoctype, getdoc
|
|
from frappe.core.page.permission_manager.permission_manager import update, reset, add
|
|
from frappe.custom.doctype.property_setter.property_setter import make_property_setter
|
|
|
|
test_dependencies = ['Blog Category', 'Blogger']
|
|
|
|
class TestFormLoad(unittest.TestCase):
|
|
def test_load(self):
|
|
getdoctype("DocType")
|
|
meta = list(filter(lambda d: d.name=="DocType", frappe.response.docs))[0]
|
|
self.assertEqual(meta.name, "DocType")
|
|
self.assertTrue(meta.get("__js"))
|
|
|
|
frappe.response.docs = []
|
|
getdoctype("Event")
|
|
meta = list(filter(lambda d: d.name=="Event", frappe.response.docs))[0]
|
|
self.assertTrue(meta.get("__calendar_js"))
|
|
|
|
def test_fieldlevel_permissions_in_load(self):
|
|
blog = frappe.get_doc({
|
|
"doctype": "Blog Post",
|
|
"blog_category": "-test-blog-category-1",
|
|
"blog_intro": "Test Blog Intro",
|
|
"blogger": "_Test Blogger 1",
|
|
"content": "Test Blog Content",
|
|
"title": "_Test Blog Post {}".format(frappe.utils.now()),
|
|
"published": 0
|
|
})
|
|
|
|
blog.insert()
|
|
|
|
user = frappe.get_doc('User', 'test@example.com')
|
|
|
|
user_roles = frappe.get_roles()
|
|
user.remove_roles(*user_roles)
|
|
user.add_roles('Blogger')
|
|
|
|
blog_post_property_setter = make_property_setter('Blog Post', 'published', 'permlevel', 1, 'Int')
|
|
reset('Blog Post')
|
|
|
|
# test field level permission before role level permissions are defined
|
|
frappe.set_user(user.name)
|
|
blog_doc = get_blog(blog.name)
|
|
|
|
self.assertEqual(blog_doc.published, None)
|
|
|
|
# this will be ignored because user does not
|
|
# have write access on `published` field (or on permlevel 1 fields)
|
|
blog_doc.published = 1
|
|
blog_doc.save()
|
|
|
|
# since published field has higher permlevel
|
|
self.assertEqual(blog_doc.published, 0)
|
|
|
|
# test field level permission after role level permissions are defined
|
|
frappe.set_user('Administrator')
|
|
add('Blog Post', 'Website Manager', 1)
|
|
update('Blog Post', 'Website Manager', 1, 'write', 1)
|
|
|
|
frappe.set_user(user.name)
|
|
blog_doc = get_blog(blog.name)
|
|
|
|
self.assertEqual(blog_doc.name, blog.name)
|
|
# since published field has higher permlevel
|
|
self.assertEqual(blog_doc.published, None)
|
|
|
|
# this will be ignored because user does not
|
|
# have write access on `published` field (or on permlevel 1 fields)
|
|
blog_doc.published = 1
|
|
blog_doc.save()
|
|
|
|
# since published field has higher permlevel
|
|
self.assertEqual(blog_doc.published, 0)
|
|
|
|
frappe.set_user('Administrator')
|
|
user.add_roles('Website Manager')
|
|
frappe.set_user(user.name)
|
|
|
|
doc = frappe.get_doc('Blog Post', blog.name)
|
|
doc.published = 1
|
|
doc.save()
|
|
|
|
blog_doc = get_blog(blog.name)
|
|
# now user should be allowed to read field with higher permlevel
|
|
# (after adding Website Manager role)
|
|
self.assertEqual(blog_doc.published, 1)
|
|
|
|
frappe.set_user('Administrator')
|
|
|
|
# reset user roles
|
|
user.remove_roles('Blogger', 'Website Manager')
|
|
user.add_roles(*user_roles)
|
|
|
|
blog_doc.delete()
|
|
frappe.delete_doc(blog_post_property_setter.doctype, blog_post_property_setter.name)
|
|
|
|
def test_fieldlevel_permissions_in_load_for_child_table(self):
|
|
contact = frappe.new_doc('Contact')
|
|
contact.first_name = '_Test Contact 1'
|
|
contact.append('phone_nos', {'phone': '123456'})
|
|
contact.insert()
|
|
|
|
user = frappe.get_doc('User', 'test@example.com')
|
|
|
|
user_roles = frappe.get_roles()
|
|
user.remove_roles(*user_roles)
|
|
user.add_roles('Accounts User')
|
|
|
|
make_property_setter('Contact Phone', 'phone', 'permlevel', 1, 'Int')
|
|
reset('Contact Phone')
|
|
add('Contact', 'Sales User', 1)
|
|
update('Contact', 'Sales User', 1, 'write', 1)
|
|
|
|
frappe.set_user(user.name)
|
|
|
|
contact = frappe.get_doc('Contact', '_Test Contact 1')
|
|
|
|
contact.phone_nos[0].phone = '654321'
|
|
contact.save()
|
|
|
|
self.assertEqual(contact.phone_nos[0].phone, '123456')
|
|
|
|
frappe.set_user('Administrator')
|
|
user.add_roles('Sales User')
|
|
frappe.set_user(user.name)
|
|
|
|
contact.phone_nos[0].phone = '654321'
|
|
contact.save()
|
|
|
|
contact = frappe.get_doc('Contact', '_Test Contact 1')
|
|
self.assertEqual(contact.phone_nos[0].phone, '654321')
|
|
|
|
frappe.set_user('Administrator')
|
|
|
|
# reset user roles
|
|
user.remove_roles('Accounts User', 'Sales User')
|
|
user.add_roles(*user_roles)
|
|
|
|
contact.delete()
|
|
|
|
|
|
def get_blog(blog_name):
|
|
frappe.response.docs = []
|
|
getdoc('Blog Post', blog_name)
|
|
doc = frappe.response.docs[0]
|
|
return doc |