2013-12-27 12:00:24 +00:00
|
|
|
# Copyright (c) 2013, Web Notes Technologies Pvt. Ltd. and Contributors
|
|
|
|
# License: GNU General Public License v3. See license.txt
|
|
|
|
|
|
|
|
from __future__ import unicode_literals
|
2014-02-14 10:17:51 +00:00
|
|
|
import frappe
|
|
|
|
import frappe.permissions
|
|
|
|
import frappe.model.doctype
|
|
|
|
import frappe.defaults
|
2013-12-27 12:00:24 +00:00
|
|
|
|
|
|
|
def execute():
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.reload_doc("core", "doctype", "docperm")
|
2013-12-27 12:00:24 +00:00
|
|
|
update_user_properties()
|
|
|
|
update_user_match()
|
|
|
|
add_employee_restrictions_to_leave_approver()
|
|
|
|
update_permissions()
|
|
|
|
remove_duplicate_restrictions()
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.defaults.clear_cache()
|
|
|
|
frappe.clear_cache()
|
2013-12-27 12:00:24 +00:00
|
|
|
|
|
|
|
def update_user_properties():
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.reload_doc("core", "doctype", "docfield")
|
2013-12-27 12:00:24 +00:00
|
|
|
|
2014-02-14 10:17:51 +00:00
|
|
|
for d in frappe.conn.sql("""select parent, defkey, defvalue from tabDefaultValue
|
2013-12-27 12:00:24 +00:00
|
|
|
where parent not in ('__global', 'Control Panel')""", as_dict=True):
|
2014-02-14 10:17:51 +00:00
|
|
|
df = frappe.conn.sql("""select options from tabDocField
|
2013-12-27 12:00:24 +00:00
|
|
|
where fieldname=%s and fieldtype='Link'""", d.defkey, as_dict=True)
|
|
|
|
|
|
|
|
if df:
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.conn.sql("""update tabDefaultValue
|
2013-12-27 12:00:24 +00:00
|
|
|
set defkey=%s, parenttype='Restriction'
|
|
|
|
where defkey=%s and
|
|
|
|
parent not in ('__global', 'Control Panel')""", (df[0].options, d.defkey))
|
|
|
|
|
|
|
|
def update_user_match():
|
2014-02-14 10:17:51 +00:00
|
|
|
import frappe.defaults
|
2013-12-27 12:00:24 +00:00
|
|
|
doctype_matches = {}
|
2014-02-14 10:17:51 +00:00
|
|
|
for doctype, match in frappe.conn.sql("""select parent, `match` from `tabDocPerm`
|
2013-12-27 12:00:24 +00:00
|
|
|
where `match` like %s and ifnull(`match`, '')!="leave_approver:user" """, "%:user"):
|
|
|
|
doctype_matches.setdefault(doctype, []).append(match)
|
|
|
|
|
|
|
|
for doctype, user_matches in doctype_matches.items():
|
2014-02-14 10:17:51 +00:00
|
|
|
meta = frappe.get_doctype(doctype)
|
2013-12-27 12:00:24 +00:00
|
|
|
|
|
|
|
# for each user with roles of this doctype, check if match condition applies
|
2014-02-14 10:17:51 +00:00
|
|
|
for profile in frappe.conn.sql_list("""select name from `tabProfile`
|
2013-12-27 12:00:24 +00:00
|
|
|
where enabled=1 and user_type='System User'"""):
|
|
|
|
|
2014-02-14 10:17:51 +00:00
|
|
|
user_roles = frappe.get_roles(profile)
|
2014-01-24 05:40:01 +00:00
|
|
|
|
|
|
|
perms = meta.get({"doctype": "DocPerm", "permlevel": 0,
|
|
|
|
"role": ["in", [["All"] + user_roles]], "read": 1})
|
|
|
|
|
2013-12-27 12:00:24 +00:00
|
|
|
# user does not have required roles
|
|
|
|
if not perms:
|
|
|
|
continue
|
|
|
|
|
|
|
|
# assume match
|
|
|
|
user_match = True
|
|
|
|
for perm in perms:
|
|
|
|
if not perm.match:
|
|
|
|
# aha! non match found
|
|
|
|
user_match = False
|
|
|
|
break
|
|
|
|
|
|
|
|
if not user_match:
|
|
|
|
continue
|
|
|
|
|
|
|
|
# if match condition applies, restrict that user
|
|
|
|
# add that doc's restriction to that user
|
|
|
|
for match in user_matches:
|
2014-02-14 10:17:51 +00:00
|
|
|
for name in frappe.conn.sql_list("""select name from `tab{doctype}`
|
2013-12-27 12:00:24 +00:00
|
|
|
where `{field}`=%s""".format(doctype=doctype, field=match.split(":")[0]), profile):
|
|
|
|
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.defaults.add_default(doctype, name, profile, "Restriction")
|
2013-12-27 12:00:24 +00:00
|
|
|
|
|
|
|
def add_employee_restrictions_to_leave_approver():
|
2014-02-14 10:17:51 +00:00
|
|
|
from frappe.core.page.user_properties import user_properties
|
2013-12-27 12:00:24 +00:00
|
|
|
|
|
|
|
# add restrict rights to HR User and HR Manager
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.conn.sql("""update `tabDocPerm` set `restrict`=1 where parent in ('Employee', 'Leave Application')
|
2013-12-27 12:00:24 +00:00
|
|
|
and role in ('HR User', 'HR Manager') and permlevel=0 and `read`=1""")
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.model.doctype.clear_cache()
|
2013-12-27 12:00:24 +00:00
|
|
|
|
|
|
|
# add Employee restrictions (in on_update method)
|
2014-02-14 10:17:51 +00:00
|
|
|
for employee in frappe.conn.sql_list("""select name from `tabEmployee`
|
2013-12-27 12:00:24 +00:00
|
|
|
where exists(select leave_approver from `tabEmployee Leave Approver`
|
|
|
|
where `tabEmployee Leave Approver`.parent=`tabEmployee`.name)
|
|
|
|
or ifnull(`reports_to`, '')!=''"""):
|
|
|
|
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.bean("Employee", employee).save()
|
2013-12-27 12:00:24 +00:00
|
|
|
|
|
|
|
def update_permissions():
|
|
|
|
# clear match conditions other than owner
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.conn.sql("""update tabDocPerm set `match`=''
|
2013-12-27 12:00:24 +00:00
|
|
|
where ifnull(`match`,'') not in ('', 'owner')""")
|
|
|
|
|
|
|
|
def remove_duplicate_restrictions():
|
|
|
|
# remove duplicate restrictions (if they exist)
|
2014-02-14 10:17:51 +00:00
|
|
|
for d in frappe.conn.sql("""select parent, defkey, defvalue,
|
2013-12-27 12:00:24 +00:00
|
|
|
count(*) as cnt from tabDefaultValue
|
|
|
|
where parent not in ('__global', 'Control Panel')
|
|
|
|
group by parent, defkey, defvalue""", as_dict=1):
|
|
|
|
if d.cnt > 1:
|
|
|
|
# order by parenttype so that restriction does not get removed!
|
2014-02-14 10:17:51 +00:00
|
|
|
frappe.conn.sql("""delete from tabDefaultValue where parent=%s, defkey=%s,
|
2013-12-27 12:00:24 +00:00
|
|
|
defvalue=%s order by parenttype limit %s""", (d.parent, d.defkey, d.defvalue, d.cnt-1))
|