[fresh install] [fix] replace allow roles with explicit has_permission checks for doctype py files
This commit is contained in:
parent
44935e4608
commit
901773a139
@ -35,8 +35,6 @@ class DocType:
|
||||
self.account_list = []
|
||||
self.ac_details = {} # key: account id, values: debit_or_credit, lft, rgt
|
||||
|
||||
self.roles = webnotes.user.get_roles()
|
||||
|
||||
self.period_list = []
|
||||
self.period_start_date = {}
|
||||
self.period_end_date = {}
|
||||
@ -44,7 +42,7 @@ class DocType:
|
||||
self.fs_list = []
|
||||
self.root_bal = []
|
||||
self.flag = 0
|
||||
|
||||
|
||||
# Get defaults on load of MIS, MIS - Comparison Report and Financial statements
|
||||
# ----------------------------------------------------
|
||||
def get_comp(self):
|
||||
@ -75,6 +73,7 @@ class DocType:
|
||||
ret['month'] = mon
|
||||
|
||||
# ------------------------ get MIS Type on basis of roles of session user ------------------------------------------
|
||||
self.roles = webnotes.user.get_roles()
|
||||
if has_common(self.roles, ['Sales Manager']):
|
||||
type.append('Sales')
|
||||
if has_common(self.roles, ['Purchase Manager']):
|
||||
|
@ -13,8 +13,11 @@ class DocType():
|
||||
self.doc = doc
|
||||
self.doclist = doclist
|
||||
|
||||
@webnotes.whitelist(allow_roles=['System Manager', 'HR Manager', "HR User"])
|
||||
@webnotes.whitelist()
|
||||
def get_template():
|
||||
if not webnotes.has_permission("Attendance", "create"):
|
||||
raise webnotes.PermissionError
|
||||
|
||||
args = webnotes.form_dict
|
||||
global doclist
|
||||
doclist = webnotes.model.doctype.get("Attendance")
|
||||
@ -96,8 +99,11 @@ def get_naming_series():
|
||||
return series[0]
|
||||
|
||||
|
||||
@webnotes.whitelist(allow_roles=['System Manager', 'HR Manager', "HR User"])
|
||||
@webnotes.whitelist()
|
||||
def upload():
|
||||
if not webnotes.has_permission("Attendance", "create"):
|
||||
raise webnotes.PermissionError
|
||||
|
||||
from webnotes.utils.datautils import read_csv_content_from_uploaded_file
|
||||
from webnotes.modules import scrub
|
||||
|
||||
|
@ -119,11 +119,12 @@ class DocType(DocListController):
|
||||
def scrub_posting_time(self):
|
||||
if not self.doc.posting_time or self.doc.posting_time == '00:0':
|
||||
self.doc.posting_time = '00:00'
|
||||
|
||||
def on_doctype_update(self):
|
||||
if not webnotes.conn.sql("""show index from `tabStock Ledger Entry`
|
||||
where Key_name="posting_sort_index" """):
|
||||
webnotes.conn.commit()
|
||||
webnotes.conn.sql("""alter table `tabStock Ledger Entry`
|
||||
add index posting_sort_index(posting_date, posting_time, name)""")
|
||||
webnotes.conn.begin()
|
||||
|
||||
def on_doctype_update():
|
||||
print "on_doctype_update called for SLE"
|
||||
if not webnotes.conn.sql("""show index from `tabStock Ledger Entry`
|
||||
where Key_name="posting_sort_index" """):
|
||||
webnotes.conn.commit()
|
||||
webnotes.conn.sql("""alter table `tabStock Ledger Entry`
|
||||
add index posting_sort_index(posting_date, posting_time, name)""")
|
||||
webnotes.conn.begin()
|
@ -13,7 +13,7 @@ def get_doctypes():
|
||||
return webnotes.conn.sql_list("""select name from tabDocType
|
||||
where ifnull(allow_rename,0)=1 and module!='Core' order by name""")
|
||||
|
||||
@webnotes.whitelist(allow_roles=["System Manager"])
|
||||
@webnotes.whitelist()
|
||||
def upload(select_doctype=None, rows=None):
|
||||
from webnotes.utils.datautils import read_csv_content_from_uploaded_file
|
||||
from webnotes.modules import scrub
|
||||
@ -21,6 +21,9 @@ def upload(select_doctype=None, rows=None):
|
||||
|
||||
if not select_doctype:
|
||||
select_doctype = webnotes.form_dict.select_doctype
|
||||
|
||||
if not webnotes.has_permission(select_doctype, "write"):
|
||||
raise webnotes.PermissionError
|
||||
|
||||
if not rows:
|
||||
rows = read_csv_content_from_uploaded_file()
|
||||
|
Loading…
x
Reference in New Issue
Block a user