From 64202ad41652762b6d0640e4a442580babc18903 Mon Sep 17 00:00:00 2001 From: Faris Ansari Date: Wed, 29 Aug 2018 15:02:39 +0530 Subject: [PATCH 1/6] fix: Only a System Manager can register as a seller - every other user has read only access --- erpnext/hub_node/api.py | 17 +++++++++++++---- .../doctype/hub_settings/hub_settings.py | 3 +++ erpnext/public/js/hub/marketplace.js | 4 ++-- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/erpnext/hub_node/api.py b/erpnext/hub_node/api.py index 9f4499f7a0..8b186afa3e 100644 --- a/erpnext/hub_node/api.py +++ b/erpnext/hub_node/api.py @@ -162,14 +162,23 @@ def load_base64_image_from_items(items): def get_hub_connection(): + read_only = True + if frappe.db.exists('Data Migration Connector', 'Hub Connector'): hub_connector = frappe.get_doc('Data Migration Connector', 'Hub Connector') - hub_connection = hub_connector.get_connection() - return hub_connection.connection + + # full rights to user who registered as hub_seller + if hub_connector.username == frappe.session.user: + read_only = False + + if not read_only: + hub_connection = hub_connector.get_connection() + return hub_connection.connection # read-only connection - hub_connection = FrappeClient(frappe.conf.hub_url) - return hub_connection + if read_only: + hub_connection = FrappeClient(frappe.conf.hub_url) + return hub_connection def get_field_mappings(): diff --git a/erpnext/hub_node/doctype/hub_settings/hub_settings.py b/erpnext/hub_node/doctype/hub_settings/hub_settings.py index e445531d1e..fb7887ef8f 100644 --- a/erpnext/hub_node/doctype/hub_settings/hub_settings.py +++ b/erpnext/hub_node/doctype/hub_settings/hub_settings.py @@ -28,6 +28,9 @@ class HubSettings(Document): def register(self): """ Create a User on hub.erpnext.org and return username/password """ + if 'System Manager' not in frappe.get_roles(): + frappe.throw(_('Only users with System Manager role can register on Marketplace'), frappe.PermissionError) + # TODO: site_name for cloud sites protocol = 'http://' self.site_name = protocol + frappe.local.site + ':' + str(frappe.conf.webserver_port) diff --git a/erpnext/public/js/hub/marketplace.js b/erpnext/public/js/hub/marketplace.js index 373f552c20..67ac50208c 100644 --- a/erpnext/public/js/hub/marketplace.js +++ b/erpnext/public/js/hub/marketplace.js @@ -29,8 +29,8 @@ erpnext.hub.Marketplace = class Marketplace { this.make_body(); this.setup_events(); this.refresh(); - if (!is_registered) { - this.page.set_primary_action('Become A Seller', this.show_register_dialog.bind(this)) + if (!is_registered && frappe.user_roles.includes('System Manager')) { + this.page.set_primary_action('Become a Seller', this.show_register_dialog.bind(this)) } }); } From 8683bd82ede79cd02ea318d3a334b6d98e1a0a9d Mon Sep 17 00:00:00 2001 From: Faris Ansari Date: Wed, 29 Aug 2018 16:18:36 +0530 Subject: [PATCH 2/6] fix: Base64 extraction - use requests to fetch the image without storing it anywhere - only read local files --- erpnext/hub_node/api.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/erpnext/hub_node/api.py b/erpnext/hub_node/api.py index c46e6dce51..441d30b10d 100644 --- a/erpnext/hub_node/api.py +++ b/erpnext/hub_node/api.py @@ -137,25 +137,29 @@ def item_sync_postprocess(sync_details): def load_base64_image_from_items(items): - import io, base64, urllib, os + import io, base64, urllib, os, requests, tempfile from frappe.utils.file_manager import get_file_path for item in items: file_path = item['image'] file_name = os.path.basename(file_path) + base64content = None if file_path.startswith('http'): + # fetch content and then base64 it url = file_path - file_path = os.path.join('/tmp', file_name) - urllib.urlretrieve(url, file_path) + response = requests.get(url) + base64content = base64.b64encode(response.content) else: + # read file then base64 it file_path = os.path.abspath(get_file_path(file_path)) + with io.open(file_path, 'rb') as f: + base64content = base64.b64encode(f.read()) - with io.open(file_path, 'rb') as f: - image_data = json.dumps({ - 'file_name': file_name, - 'base64': base64.b64encode(f.read()) - }) + image_data = json.dumps({ + 'file_name': file_name, + 'base64': base64content + }) item['image'] = image_data From 458cf6fcc579c83496950af1759e755cf520fd89 Mon Sep 17 00:00:00 2001 From: Faris Ansari Date: Wed, 29 Aug 2018 16:19:39 +0530 Subject: [PATCH 3/6] style: remove trailing spaces --- erpnext/hub_node/doctype/hub_settings/hub_settings.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erpnext/hub_node/doctype/hub_settings/hub_settings.js b/erpnext/hub_node/doctype/hub_settings/hub_settings.js index ddd86b8711..be8fe21396 100644 --- a/erpnext/hub_node/doctype/hub_settings/hub_settings.js +++ b/erpnext/hub_node/doctype/hub_settings/hub_settings.js @@ -2,7 +2,7 @@ frappe.ui.form.on("Hub Settings", { refresh: function(frm) { frm.disable_save(); }, - + onload_post_render: function(frm) { if(frm.get_field("unregister_from_hub").$input) frm.get_field("unregister_from_hub").$input.addClass("btn-danger"); From b7126c23f7bb6a8bcacab7ce5472d7292dcde3ac Mon Sep 17 00:00:00 2001 From: Faris Ansari Date: Wed, 29 Aug 2018 17:13:16 +0530 Subject: [PATCH 4/6] fix(Hub Settings): Remove unused fields --- .../doctype/hub_settings/hub_settings.json | 233 +----------------- 1 file changed, 2 insertions(+), 231 deletions(-) diff --git a/erpnext/hub_node/doctype/hub_settings/hub_settings.json b/erpnext/hub_node/doctype/hub_settings/hub_settings.json index a0d8188d44..30eaa0b71a 100644 --- a/erpnext/hub_node/doctype/hub_settings/hub_settings.json +++ b/erpnext/hub_node/doctype/hub_settings/hub_settings.json @@ -76,38 +76,6 @@ "translatable": 0, "unique": 0 }, - { - "allow_bulk_edit": 0, - "allow_in_quick_entry": 0, - "allow_on_submit": 0, - "bold": 0, - "collapsible": 0, - "columns": 0, - "fieldname": "company_registered", - "fieldtype": "Check", - "hidden": 0, - "ignore_user_permissions": 0, - "ignore_xss_filter": 0, - "in_filter": 0, - "in_global_search": 0, - "in_list_view": 0, - "in_standard_filter": 0, - "label": "Company Registered", - "length": 0, - "no_copy": 0, - "permlevel": 0, - "precision": "", - "print_hide": 0, - "print_hide_if_no_value": 0, - "read_only": 1, - "remember_last_selected_value": 0, - "report_hide": 0, - "reqd": 0, - "search_index": 0, - "set_only_once": 0, - "translatable": 0, - "unique": 0 - }, { "allow_bulk_edit": 0, "allow_in_quick_entry": 0, @@ -334,203 +302,6 @@ "translatable": 0, "unique": 0 }, - { - "allow_bulk_edit": 0, - "allow_in_quick_entry": 0, - "allow_on_submit": 0, - "bold": 0, - "collapsible": 0, - "columns": 0, - "fieldname": "users_sb", - "fieldtype": "Section Break", - "hidden": 0, - "ignore_user_permissions": 0, - "ignore_xss_filter": 0, - "in_filter": 0, - "in_global_search": 0, - "in_list_view": 0, - "in_standard_filter": 0, - "label": "Enabled Users", - "length": 0, - "no_copy": 0, - "permlevel": 0, - "precision": "", - "print_hide": 0, - "print_hide_if_no_value": 0, - "read_only": 0, - "remember_last_selected_value": 0, - "report_hide": 0, - "reqd": 0, - "search_index": 0, - "set_only_once": 0, - "translatable": 0, - "unique": 0 - }, - { - "allow_bulk_edit": 0, - "allow_in_quick_entry": 0, - "allow_on_submit": 0, - "bold": 0, - "collapsible": 0, - "columns": 0, - "depends_on": "", - "fieldname": "publish_section", - "fieldtype": "Section Break", - "hidden": 0, - "ignore_user_permissions": 0, - "ignore_xss_filter": 0, - "in_filter": 0, - "in_global_search": 0, - "in_list_view": 0, - "in_standard_filter": 0, - "label": "Publish", - "length": 0, - "no_copy": 0, - "permlevel": 0, - "precision": "", - "print_hide": 0, - "print_hide_if_no_value": 0, - "read_only": 0, - "remember_last_selected_value": 0, - "report_hide": 0, - "reqd": 0, - "search_index": 0, - "set_only_once": 0, - "translatable": 0, - "unique": 0 - }, - { - "allow_bulk_edit": 0, - "allow_in_quick_entry": 0, - "allow_on_submit": 0, - "bold": 0, - "collapsible": 0, - "columns": 0, - "fieldname": "publish", - "fieldtype": "Check", - "hidden": 0, - "ignore_user_permissions": 0, - "ignore_xss_filter": 0, - "in_filter": 0, - "in_global_search": 0, - "in_list_view": 0, - "in_standard_filter": 0, - "label": "Publish Items to Hub", - "length": 0, - "no_copy": 0, - "permlevel": 0, - "precision": "", - "print_hide": 0, - "print_hide_if_no_value": 0, - "read_only": 0, - "remember_last_selected_value": 0, - "report_hide": 0, - "reqd": 0, - "search_index": 0, - "set_only_once": 0, - "translatable": 0, - "unique": 0 - }, - { - "allow_bulk_edit": 0, - "allow_in_quick_entry": 0, - "allow_on_submit": 0, - "bold": 0, - "collapsible": 0, - "columns": 0, - "depends_on": "publish", - "fieldname": "publish_pricing", - "fieldtype": "Check", - "hidden": 0, - "ignore_user_permissions": 0, - "ignore_xss_filter": 0, - "in_filter": 0, - "in_global_search": 0, - "in_list_view": 0, - "in_standard_filter": 0, - "label": "Publish Pricing", - "length": 0, - "no_copy": 0, - "permlevel": 0, - "precision": "", - "print_hide": 0, - "print_hide_if_no_value": 0, - "read_only": 0, - "remember_last_selected_value": 0, - "report_hide": 0, - "reqd": 0, - "search_index": 0, - "set_only_once": 0, - "translatable": 0, - "unique": 0 - }, - { - "allow_bulk_edit": 0, - "allow_in_quick_entry": 0, - "allow_on_submit": 0, - "bold": 0, - "collapsible": 0, - "columns": 0, - "depends_on": "eval:(doc.publish && doc.publish_pricing)", - "fieldname": "selling_price_list", - "fieldtype": "Link", - "hidden": 0, - "ignore_user_permissions": 0, - "ignore_xss_filter": 0, - "in_filter": 0, - "in_global_search": 0, - "in_list_view": 0, - "in_standard_filter": 0, - "label": "Selling Price List", - "length": 0, - "no_copy": 0, - "options": "Price List", - "permlevel": 0, - "precision": "", - "print_hide": 0, - "print_hide_if_no_value": 0, - "read_only": 0, - "remember_last_selected_value": 0, - "report_hide": 0, - "reqd": 0, - "search_index": 0, - "set_only_once": 0, - "translatable": 0, - "unique": 0 - }, - { - "allow_bulk_edit": 0, - "allow_in_quick_entry": 0, - "allow_on_submit": 0, - "bold": 0, - "collapsible": 0, - "columns": 0, - "depends_on": "publish", - "fieldname": "publish_availability", - "fieldtype": "Check", - "hidden": 0, - "ignore_user_permissions": 0, - "ignore_xss_filter": 0, - "in_filter": 0, - "in_global_search": 0, - "in_list_view": 0, - "in_standard_filter": 0, - "label": "Publish Availability", - "length": 0, - "no_copy": 0, - "permlevel": 0, - "precision": "", - "print_hide": 0, - "print_hide_if_no_value": 0, - "read_only": 0, - "remember_last_selected_value": 0, - "report_hide": 0, - "reqd": 0, - "search_index": 0, - "set_only_once": 0, - "translatable": 0, - "unique": 0 - }, { "allow_bulk_edit": 0, "allow_in_quick_entry": 0, @@ -675,8 +446,8 @@ "issingle": 1, "istable": 0, "max_attachments": 0, - "modified": "2018-07-30 10:43:28.818498", - "modified_by": "Administrator", + "modified": "2018-08-29 16:56:37.560417", + "modified_by": "faris@erpnext.com", "module": "Hub Node", "name": "Hub Settings", "name_case": "", From e4c772908959ff3736b6b6eb80ce188a04b556c0 Mon Sep 17 00:00:00 2001 From: Faris Ansari Date: Wed, 29 Aug 2018 17:13:43 +0530 Subject: [PATCH 5/6] fix(Hub Settings): Set site_name before seller registration --- erpnext/hub_node/doctype/hub_settings/hub_settings.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/erpnext/hub_node/doctype/hub_settings/hub_settings.py b/erpnext/hub_node/doctype/hub_settings/hub_settings.py index fb7887ef8f..e1120154d7 100644 --- a/erpnext/hub_node/doctype/hub_settings/hub_settings.py +++ b/erpnext/hub_node/doctype/hub_settings/hub_settings.py @@ -15,10 +15,7 @@ class HubSetupError(frappe.ValidationError): pass class HubSettings(Document): def validate(self): - protocol = 'http://' - self.site_name = protocol + frappe.local.site + ':' + str(frappe.conf.webserver_port) - if self.publish_pricing and not self.selling_price_list: - frappe.throw(_("Please select a Price List to publish pricing")) + self.site_name = frappe.utils.get_url() def get_hub_url(self): if not frappe.conf.hub_url: @@ -32,8 +29,7 @@ class HubSettings(Document): frappe.throw(_('Only users with System Manager role can register on Marketplace'), frappe.PermissionError) # TODO: site_name for cloud sites - protocol = 'http://' - self.site_name = protocol + frappe.local.site + ':' + str(frappe.conf.webserver_port) + self.site_name = frappe.utils.get_url() data = { 'profile': self.as_json() From 114d595de97508807c3505c86918a82daaf00a5c Mon Sep 17 00:00:00 2001 From: Faris Ansari Date: Wed, 29 Aug 2018 18:24:49 +0530 Subject: [PATCH 6/6] fix: Set hub_url in Hub Settings - add patch to set the value --- erpnext/hub_node/api.py | 4 +- .../doctype/hub_settings/hub_settings.js | 4 -- .../doctype/hub_settings/hub_settings.json | 40 +++++++++++++++++-- .../doctype/hub_settings/hub_settings.py | 4 +- erpnext/patches.txt | 1 + erpnext/patches/v11_0/update_hub_url.py | 5 +++ 6 files changed, 46 insertions(+), 12 deletions(-) create mode 100644 erpnext/patches/v11_0/update_hub_url.py diff --git a/erpnext/hub_node/api.py b/erpnext/hub_node/api.py index 441d30b10d..74219da83b 100644 --- a/erpnext/hub_node/api.py +++ b/erpnext/hub_node/api.py @@ -180,9 +180,9 @@ def get_hub_connection(): # read-only connection if read_only: - hub_connection = FrappeClient(frappe.conf.hub_url) + hub_url = frappe.db.get_single_value('Hub Settings', 'hub_url') + hub_connection = FrappeClient(hub_url) return hub_connection - def get_field_mappings(): return [] diff --git a/erpnext/hub_node/doctype/hub_settings/hub_settings.js b/erpnext/hub_node/doctype/hub_settings/hub_settings.js index be8fe21396..03314bb436 100644 --- a/erpnext/hub_node/doctype/hub_settings/hub_settings.js +++ b/erpnext/hub_node/doctype/hub_settings/hub_settings.js @@ -1,8 +1,4 @@ frappe.ui.form.on("Hub Settings", { - refresh: function(frm) { - frm.disable_save(); - }, - onload_post_render: function(frm) { if(frm.get_field("unregister_from_hub").$input) frm.get_field("unregister_from_hub").$input.addClass("btn-danger"); diff --git a/erpnext/hub_node/doctype/hub_settings/hub_settings.json b/erpnext/hub_node/doctype/hub_settings/hub_settings.json index 30eaa0b71a..e230515aae 100644 --- a/erpnext/hub_node/doctype/hub_settings/hub_settings.json +++ b/erpnext/hub_node/doctype/hub_settings/hub_settings.json @@ -12,6 +12,39 @@ "document_type": "", "editable_grid": 0, "fields": [ + { + "allow_bulk_edit": 0, + "allow_in_quick_entry": 0, + "allow_on_submit": 0, + "bold": 0, + "collapsible": 0, + "columns": 0, + "default": "https://hubmarket.org", + "fieldname": "hub_url", + "fieldtype": "Data", + "hidden": 0, + "ignore_user_permissions": 0, + "ignore_xss_filter": 0, + "in_filter": 0, + "in_global_search": 0, + "in_list_view": 0, + "in_standard_filter": 0, + "label": "Hub URL", + "length": 0, + "no_copy": 0, + "permlevel": 0, + "precision": "", + "print_hide": 0, + "print_hide_if_no_value": 0, + "read_only": 0, + "remember_last_selected_value": 0, + "report_hide": 0, + "reqd": 0, + "search_index": 0, + "set_only_once": 0, + "translatable": 0, + "unique": 0 + }, { "allow_bulk_edit": 0, "allow_in_quick_entry": 0, @@ -446,8 +479,8 @@ "issingle": 1, "istable": 0, "max_attachments": 0, - "modified": "2018-08-29 16:56:37.560417", - "modified_by": "faris@erpnext.com", + "modified": "2018-08-29 17:46:30.413159", + "modified_by": "Administrator", "module": "Hub Node", "name": "Hub Settings", "name_case": "", @@ -480,5 +513,6 @@ "sort_field": "modified", "sort_order": "DESC", "track_changes": 1, - "track_seen": 0 + "track_seen": 0, + "track_views": 0 } \ No newline at end of file diff --git a/erpnext/hub_node/doctype/hub_settings/hub_settings.py b/erpnext/hub_node/doctype/hub_settings/hub_settings.py index e1120154d7..7478db97a8 100644 --- a/erpnext/hub_node/doctype/hub_settings/hub_settings.py +++ b/erpnext/hub_node/doctype/hub_settings/hub_settings.py @@ -18,9 +18,7 @@ class HubSettings(Document): self.site_name = frappe.utils.get_url() def get_hub_url(self): - if not frappe.conf.hub_url: - frappe.throw('hub_url is not set in site_config') - return frappe.conf.hub_url + return self.hub_url def register(self): """ Create a User on hub.erpnext.org and return username/password """ diff --git a/erpnext/patches.txt b/erpnext/patches.txt index ce6996849a..6738598ba7 100644 --- a/erpnext/patches.txt +++ b/erpnext/patches.txt @@ -559,3 +559,4 @@ erpnext.patches.v11_0.add_item_group_defaults erpnext.patches.v10_0.update_address_template_for_india execute:frappe.delete_doc("Page", "hub") erpnext.patches.v11_0.reset_publish_in_hub_for_all_items +erpnext.patches.v11_0.update_hub_url \ No newline at end of file diff --git a/erpnext/patches/v11_0/update_hub_url.py b/erpnext/patches/v11_0/update_hub_url.py new file mode 100644 index 0000000000..ced2aaf7e0 --- /dev/null +++ b/erpnext/patches/v11_0/update_hub_url.py @@ -0,0 +1,5 @@ +import frappe + +def execute(): + frappe.reload_doc('hub_node', 'doctype', 'Hub Settings') + frappe.db.set_value('Hub Settings', 'Hub Settings', 'hub_url', 'https://hubmarket.org')