brotherton-erpnext/erpnext/patches/v4_0/update_user_properties.py

# Copyright (c) 2013, Web Notes Technologies Pvt. Ltd. and Contributors
# License: GNU General Public License v3. See license.txt

from __future__ import unicode_literals
import frappe
import frappe.permissions
import frappe.defaults

def execute():
	frappe.reload_doc("core", "doctype", "docperm")
	frappe.reload_doc("hr", "doctype", "employee")
	update_user_permissions()
	update_user_match()
	add_employee_user_permissions_to_leave_approver()
	update_permissions()
	remove_duplicate_user_permissions()
	frappe.defaults.clear_cache()
	frappe.clear_cache()

def update_user_permissions():
	frappe.reload_doc("core", "doctype", "docfield")
	
	for d in frappe.db.sql("""select parent, defkey, defvalue from tabDefaultValue
		where parent not in ('__global', '__default')""", as_dict=True):
		df = frappe.db.sql("""select options from tabDocField
			where fieldname=%s and fieldtype='Link'""", d.defkey, as_dict=True)
		
		if df:
			frappe.db.sql("""update tabDefaultValue
				set defkey=%s, parenttype='User Permission'
				where defkey=%s and
				parent not in ('__global', '__default')""", (df[0].options, d.defkey))

def update_user_match():
	import frappe.defaults
	doctype_matches = {}
	for doctype, match in frappe.db.sql("""select parent, `match` from `tabDocPerm`
		where `match` like %s and ifnull(`match`, '')!="leave_approver:user" """, "%:user"):
		doctype_matches.setdefault(doctype, []).append(match)
	
	for doctype, user_matches in doctype_matches.items():
		meta = frappe.get_meta(doctype)
		
		# for each user with roles of this doctype, check if match condition applies
		for user in frappe.db.sql_list("""select name from `tabUser`
			where enabled=1 and user_type='System User'"""):
			
			user_roles = frappe.get_roles(user)
			
			perms = meta.get({"doctype": "DocPerm", "permlevel": 0, 
				"role": ["in", [["All"] + user_roles]], "read": 1})

			# user does not have required roles
			if not perms:
				continue
			
			# assume match
			user_match = True
			for perm in perms:
				if not perm.match:
					# aha! non match found
					user_match = False
					break
			
			if not user_match:
				continue
			
			# if match condition applies, restrict that user
			# add that doc's restriction to that user
			for match in user_matches:
				for name in frappe.db.sql_list("""select name from `tab{doctype}`
					where `{field}`=%s""".format(doctype=doctype, field=match.split(":")[0]), user):
					
					frappe.defaults.add_default(doctype, name, user, "User Permission")
					
def add_employee_user_permissions_to_leave_approver():
	from frappe.core.page.user_permissions import user_permissions
	
	# add restrict rights to HR User and HR Manager
	frappe.db.sql("""update `tabDocPerm` set `restrict`=1 where parent in ('Employee', 'Leave Application')
		and role in ('HR User', 'HR Manager') and permlevel=0 and `read`=1""")
	frappe.clear_cache()
	
	# add Employee user_permissions (in on_update method)
	for employee in frappe.db.sql_list("""select name from `tabEmployee`
		where (exists(select leave_approver from `tabEmployee Leave Approver`
			where `tabEmployee Leave Approver`.parent=`tabEmployee`.name)
		or ifnull(`reports_to`, '')!='') and docstatus<2 and status='Active'"""):
		
		frappe.get_doc("Employee", employee).save()

def update_permissions():
	# clear match conditions other than owner
	frappe.db.sql("""update tabDocPerm set `match`=''
		where ifnull(`match`,'') not in ('', 'owner')""")

def remove_duplicate_user_permissions():
	# remove duplicate user_permissions (if they exist)
	for d in frappe.db.sql("""select parent, defkey, defvalue,
		count(*) as cnt from tabDefaultValue
		where parent not in ('__global', '__default')
		group by parent, defkey, defvalue""", as_dict=1):
		if d.cnt > 1:
			# order by parenttype so that restriction does not get removed!
			frappe.db.sql("""delete from tabDefaultValue where `parent`=%s and `defkey`=%s and
				`defvalue`=%s order by parenttype limit %s""", (d.parent, d.defkey, d.defvalue, d.cnt-1))
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`# Copyright (c) 2013, Web Notes Technologies Pvt. Ltd. and Contributors`
			`# License: GNU General Public License v3. See license.txt`

			`from __future__ import unicode_literals`
-webnotes +frappe :boom: 2014-02-14 10:17:51 +00:00			`import frappe`
			`import frappe.permissions`
			`import frappe.defaults`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
			`def execute():`
-webnotes +frappe :boom: 2014-02-14 10:17:51 +00:00			`frappe.reload_doc("core", "doctype", "docperm")`
fix update user properties patch 2014-05-10 16:46:39 +00:00			`frappe.reload_doc("hr", "doctype", "employee")`
Started permission relogication 2014-05-27 03:09:35 +00:00			`update_user_permissions()`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`update_user_match()`
Started permission relogication 2014-05-27 03:09:35 +00:00			`add_employee_user_permissions_to_leave_approver()`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`update_permissions()`
Started permission relogication 2014-05-27 03:09:35 +00:00			`remove_duplicate_user_permissions()`
-webnotes +frappe :boom: 2014-02-14 10:17:51 +00:00			`frappe.defaults.clear_cache()`
			`frappe.clear_cache()`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
Started permission relogication 2014-05-27 03:09:35 +00:00			`def update_user_permissions():`
-webnotes +frappe :boom: 2014-02-14 10:17:51 +00:00			`frappe.reload_doc("core", "doctype", "docfield")`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			`for d in frappe.db.sql("""select parent, defkey, defvalue from tabDefaultValue`
removed control panel 2014-04-04 06:30:36 +00:00			`where parent not in ('__global', '__default')""", as_dict=True):`
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			`df = frappe.db.sql("""select options from tabDocField`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`where fieldname=%s and fieldtype='Link'""", d.defkey, as_dict=True)`

			`if df:`
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			`frappe.db.sql("""update tabDefaultValue`
Started permission relogication 2014-05-27 03:09:35 +00:00			`set defkey=%s, parenttype='User Permission'`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`where defkey=%s and`
removed control panel 2014-04-04 06:30:36 +00:00			`parent not in ('__global', '__default')""", (df[0].options, d.defkey))`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
			`def update_user_match():`
-webnotes +frappe :boom: 2014-02-14 10:17:51 +00:00			`import frappe.defaults`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`doctype_matches = {}`
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			for doctype, match in frappe.db.sql("""select parent, `match` from `tabDocPerm`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			where `match` like %s and ifnull(`match`, '')!="leave_approver:user" """, "%:user"):
			`doctype_matches.setdefault(doctype, []).append(match)`

			`for doctype, user_matches in doctype_matches.items():`
frappe/frappe#478 2014-03-27 12:21:41 +00:00			`meta = frappe.get_meta(doctype)`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
			`# for each user with roles of this doctype, check if match condition applies`
rename Profile to User frappe/frappe#470 2014-03-11 10:45:05 +00:00			for user in frappe.db.sql_list("""select name from `tabUser`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`where enabled=1 and user_type='System User'"""):`

rename Profile to User frappe/frappe#470 2014-03-11 10:45:05 +00:00			`user_roles = frappe.get_roles(user)`
updates for restriction 2014-01-24 05:40:01 +00:00
			`perms = meta.get({"doctype": "DocPerm", "permlevel": 0,`
			`"role": ["in", [["All"] + user_roles]], "read": 1})`

Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`# user does not have required roles`
			`if not perms:`
			`continue`

			`# assume match`
			`user_match = True`
			`for perm in perms:`
			`if not perm.match:`
			`# aha! non match found`
			`user_match = False`
			`break`

			`if not user_match:`
			`continue`

			`# if match condition applies, restrict that user`
			`# add that doc's restriction to that user`
			`for match in user_matches:`
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			for name in frappe.db.sql_list("""select name from `tab{doctype}`
rename Profile to User frappe/frappe#470 2014-03-11 10:45:05 +00:00			where `{field}`=%s""".format(doctype=doctype, field=match.split(":")[0]), user):
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
Started permission relogication 2014-05-27 03:09:35 +00:00			`frappe.defaults.add_default(doctype, name, user, "User Permission")`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
Started permission relogication 2014-05-27 03:09:35 +00:00			`def add_employee_user_permissions_to_leave_approver():`
			`from frappe.core.page.user_permissions import user_permissions`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
			`# add restrict rights to HR User and HR Manager`
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			frappe.db.sql("""update `tabDocPerm` set `restrict`=1 where parent in ('Employee', 'Leave Application')
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			and role in ('HR User', 'HR Manager') and permlevel=0 and `read`=1""")
frappe/frappe#478, frappe tests pass, .txt renamed to .json 2014-03-31 11:57:06 +00:00			`frappe.clear_cache()`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
Started permission relogication 2014-05-27 03:09:35 +00:00			`# add Employee user_permissions (in on_update method)`
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			for employee in frappe.db.sql_list("""select name from `tabEmployee`
fix update user properties patch 2014-05-10 16:46:39 +00:00			where (exists(select leave_approver from `tabEmployee Leave Approver`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			where `tabEmployee Leave Approver`.parent=`tabEmployee`.name)
fix update user properties patch 2014-05-10 16:46:39 +00:00			or ifnull(`reports_to`, '')!='') and docstatus<2 and status='Active'"""):
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
fix update user properties patch 2014-05-10 16:46:39 +00:00			`frappe.get_doc("Employee", employee).save()`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00
			`def update_permissions():`
			`# clear match conditions other than owner`
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			frappe.db.sql("""update tabDocPerm set `match`=''
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			where ifnull(`match`,'') not in ('', 'owner')""")

Started permission relogication 2014-05-27 03:09:35 +00:00			`def remove_duplicate_user_permissions():`
			`# remove duplicate user_permissions (if they exist)`
Changed frappe.conn to frappe.db 2014-02-26 07:05:33 +00:00			`for d in frappe.db.sql("""select parent, defkey, defvalue,`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`count(*) as cnt from tabDefaultValue`
removed control panel 2014-04-04 06:30:36 +00:00			`where parent not in ('__global', '__default')`
Moved demo to separate app, moved patches folder 2013-12-27 12:00:24 +00:00			`group by parent, defkey, defvalue""", as_dict=1):`
			`if d.cnt > 1:`
			`# order by parenttype so that restriction does not get removed!`
3to4 fixes 2014-02-27 07:48:20 +00:00			frappe.db.sql("""delete from tabDefaultValue where `parent`=%s and `defkey`=%s and
			`defvalue`=%s order by parenttype limit %s""", (d.parent, d.defkey, d.defvalue, d.cnt-1))