Fixes for apply user permissions and momentjs

2014-06-04 18:15:43 +05:30 · 2014-06-04 18:15:43 +05:30 · 85479bcbc0
commit 85479bcbc0
parent ec8240e890
7 changed files with 44 additions and 28 deletions
--- a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json
+++ b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json
@ -744,17 +744,17 @@
 "icon": "icon-file-text", 
 "idx": 1, 
 "is_submittable": 1, 
- "modified": "2014-05-27 03:49:15.589404", 
+ "modified": "2014-06-04 08:45:25.582170", 
 "modified_by": "Administrator", 
 "module": "Accounts", 
 "name": "Purchase Invoice", 
 "owner": "Administrator", 
 "permissions": [
  {
-   "amend": 0, 
+   "amend": 1, 
   "apply_user_permissions": 1, 
-   "cancel": 0, 
-   "create": 0, 
+   "cancel": 1, 
+   "create": 1, 
   "delete": 0, 
   "email": 1, 
   "permlevel": 0, 
@ -762,8 +762,8 @@
   "read": 1, 
   "report": 1, 
   "role": "Accounts User", 
-   "submit": 0, 
-   "write": 0
+   "submit": 1, 
+   "write": 1
  }, 
  {
   "amend": 0, 
--- a/erpnext/home/doctype/feed/feed.py
+++ b/erpnext/home/doctype/feed/feed.py
@ -16,9 +16,11 @@ def on_doctype_update():
 		frappe.db.sql("""alter table `tabFeed`
 			add index feed_doctype_docname_index(doc_type, doc_name)""")

-def get_permission_query_conditions():
-	user_permissions = frappe.defaults.get_user_permissions()
-	can_read = frappe.user.get_can_read()
+def get_permission_query_conditions(user):
+	if not user: user = frappe.session.user
+
+	user_permissions = frappe.defaults.get_user_permissions(user)
+	can_read = frappe.get_user(user).get_can_read()

 	can_read_doctypes = ['"{}"'.format(doctype) for doctype in
 		list(set(can_read) - set(user_permissions.keys()))]
--- a/erpnext/hooks.py
+++ b/erpnext/hooks.py
@ -28,10 +28,12 @@ standard_queries = "Customer:erpnext.selling.doctype.customer.customer.get_custo

 permission_query_conditions = {
 		"Feed": "erpnext.home.doctype.feed.feed.get_permission_query_conditions",
+		"Note": "erpnext.utilities.doctype.note.note.get_permission_query_conditions"
 	}

 has_permission = {
 		"Feed": "erpnext.home.doctype.feed.feed.has_permission",
+		"Note": "erpnext.utilities.doctype.note.note.has_permission"
 	}


--- a/erpnext/hr/doctype/leave_application/leave_application.py
+++ b/erpnext/hr/doctype/leave_application/leave_application.py
@ -209,7 +209,7 @@ class LeaveApplication(Document):
 	def notify(self, args):
 		args = frappe._dict(args)
 		from frappe.core.page.messages.messages import post
-		post({"txt": args.message, "contact": args.message_to, "subject": args.subject,
+		post(**{"txt": args.message, "contact": args.message_to, "subject": args.subject,
 			"notify": cint(self.follow_via_email)})

@frappe.whitelist()
--- a/erpnext/selling/doctype/quotation/quotation.js
+++ b/erpnext/selling/doctype/quotation/quotation.js
@ -13,10 +13,6 @@ cur_frm.cscript.sales_team_fname = "sales_team";
 {% include 'utilities/doctype/sms_control/sms_control.js' %}
 {% include 'accounts/doctype/sales_invoice/pos.js' %}

-frappe.ui.form.on("Quotation", "onload_post_render", function(frm) {
-	frm.get_field("quotation_details").grid.set_multiple_add("item_code");
-});
-
 erpnext.selling.QuotationController = erpnext.selling.SellingController.extend({
 	onload: function(doc, dt, dn) {
 		var me = this;
--- a/erpnext/utilities/doctype/note/note.py
+++ b/erpnext/utilities/doctype/note/note.py
@ -9,20 +9,34 @@ from frappe import _
 from frappe.model.document import Document

 class Note(Document):
-
 	def autoname(self):
 		# replace forbidden characters
 		import re
 		self.name = re.sub("[%'\"#*?`]", "", self.title.strip())

-	def onload(self):
-		if not self.public and frappe.session.user != self.owner:
-			if frappe.session.user not in [d.user for d in self.get("share_with")]:
-				frappe.throw(_("Not permitted"), frappe.PermissionError)
+def get_permission_query_conditions(user):
+	if not user: user = frappe.session.user

-	def validate(self):
-		if not self.get("__islocal"):
-			if frappe.session.user != self.owner:
-				if frappe.session.user not in frappe.db.sql_list("""select user from `tabNote User`
-					where parent=%s and permission='Edit'""", self.name):
-					frappe.throw(_("Not permitted"), frappe.PermissionError)
+	if user == "Administrator":
+		return ""
+
+	return """(`tabNote`.public=1 or `tabNote`.owner="{user}" or exists (
+		select name from `tabNote User`
+			where `tabNote User`.parent=`tabNote`.name
+			and `tabNote User`.user="{user}"))""".format(user=user)
+
+def has_permission(doc, ptype, user):
+	if doc.public == 1 or user == "Administrator":
+		return True
+
+	if user == doc.owner:
+		return True
+
+	note_user_map = dict((d.user, d) for d in doc.get("share_with"))
+	if user in note_user_map:
+		if ptype == "read":
+			return True
+		elif note_user_map.get(user).permission == "Edit":
+			return True
+
+	return False
--- a/erpnext/utilities/doctype/note_user/note_user.json
+++ b/erpnext/utilities/doctype/note_user/note_user.json
@ -1,5 +1,5 @@
 {
- "creation": "2013-05-24 14:24:48.000000", 
+ "creation": "2013-05-24 14:24:48", 
 "description": "List of users who can edit a particular Note", 
 "docstatus": 0, 
 "doctype": "DocType", 
@ -8,6 +8,7 @@
  {
   "fieldname": "user", 
   "fieldtype": "Link", 
+   "ignore_user_permissions": 1, 
   "in_list_view": 1, 
   "label": "User", 
   "options": "User", 
@ -26,9 +27,10 @@
 ], 
 "idx": 1, 
 "istable": 1, 
- "modified": "2013-12-20 19:23:23.000000", 
+ "modified": "2014-06-04 02:33:27.466061", 
 "modified_by": "Administrator", 
 "module": "Utilities", 
 "name": "Note User", 
- "owner": "Administrator"
+ "owner": "Administrator", 
+ "permissions": []
 }