Skip to content

Commit

Permalink
Merge pull request #254 from scdanieli/lan-790
Browse files Browse the repository at this point in the history
feat: restrict permissions for Tags by Organizations (LAN-790)
  • Loading branch information
barredterra authored Jan 17, 2024
2 parents d98ef69 + 4ab60f8 commit 1288cd6
Show file tree
Hide file tree
Showing 8 changed files with 328 additions and 5 deletions.
13 changes: 8 additions & 5 deletions landa/hooks.py
Original file line number Diff line number Diff line change
Expand Up @@ -229,13 +229,12 @@

permission_query_conditions = {
"Report": "landa.permissions.report_query",
"Tag": "landa.organization_management.tag.tag.get_permission_query_conditions",
}

# has_permission = {
# "Contact": "landa.address_and_contact.has_permission",
# "Address": "landa.address_and_contact.has_permission"
# "Event": "frappe.desk.doctype.event.event.has_permission",
# }
has_permission = {
"Tag": "landa.organization_management.tag.tag.has_permission",
}

# DocType Class
# ---------------
Expand Down Expand Up @@ -308,6 +307,9 @@
"Water Body Management Local Organization": {
"after_insert": "landa.water_body_management.utils.create_version_log",
},
"Tag": {
"before_insert": "landa.organization_management.tag.tag.before_insert",
},
}

# Scheduled Tasks
Expand Down Expand Up @@ -354,6 +356,7 @@
"erpnext.stock.doctype.delivery_note.delivery_note.make_sales_invoice": "landa.landa_stock.delivery_note.delivery_note.make_landa_sales_invoice",
"frappe.desk.like.toggle_like": "landa.utils.no_liked_by",
"frappe.contacts.doctype.address.address.get_address_display": "landa.organization_management.address.address.get_address_display",
"frappe.desk.doctype.tag.tag.add_tag": "landa.organization_management.tag.tag.add_tag",
}

#
Expand Down
196 changes: 196 additions & 0 deletions landa/organization_management/custom/tag.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
{
"custom_fields": [
{
"_assign": null,
"_comments": null,
"_liked_by": null,
"_user_tags": null,
"allow_in_quick_entry": 0,
"allow_on_submit": 0,
"bold": 0,
"collapsible": 0,
"collapsible_depends_on": null,
"columns": 0,
"creation": "2024-01-02 16:44:06.931009",
"default": null,
"depends_on": null,
"description": null,
"docstatus": 0,
"dt": "Tag",
"fetch_from": null,
"fetch_if_empty": 0,
"fieldname": "organizations",
"fieldtype": "Table",
"hidden": 0,
"hide_border": 0,
"hide_days": 0,
"hide_seconds": 0,
"idx": 1,
"ignore_user_permissions": 0,
"ignore_xss_filter": 0,
"in_global_search": 0,
"in_list_view": 0,
"in_preview": 0,
"in_standard_filter": 0,
"insert_after": "description",
"label": "Organizations",
"length": 0,
"mandatory_depends_on": null,
"modified": "2024-01-02 16:44:06.931009",
"modified_by": "Administrator",
"name": "Tag-organizations",
"no_copy": 0,
"non_negative": 0,
"options": "Tag Organization",
"owner": "Administrator",
"parent": null,
"parentfield": null,
"parenttype": null,
"permlevel": 0,
"precision": "",
"print_hide": 0,
"print_hide_if_no_value": 0,
"print_width": null,
"read_only": 0,
"read_only_depends_on": null,
"report_hide": 0,
"reqd": 0,
"search_index": 0,
"translatable": 0,
"unique": 0,
"width": null
}
],
"custom_perms": [
{
"_assign": null,
"_comments": null,
"_liked_by": null,
"_user_tags": null,
"amend": 0,
"cancel": 0,
"create": 1,
"creation": "2016-05-25 09:43:44.767581",
"delete": 1,
"docstatus": 0,
"email": 1,
"export": 1,
"idx": 1,
"if_owner": 0,
"import": 0,
"modified": "2024-01-03 23:21:12.987064",
"modified_by": "Administrator",
"name": "503e791796",
"owner": "Administrator",
"parent": "Tag",
"parentfield": "permissions",
"parenttype": "DocType",
"permlevel": 0,
"print": 1,
"read": 1,
"report": 1,
"role": "System Manager",
"select": 0,
"set_user_permissions": 0,
"share": 1,
"submit": 0,
"write": 1
},
{
"_assign": null,
"_comments": null,
"_liked_by": null,
"_user_tags": null,
"amend": 0,
"cancel": 0,
"create": 1,
"creation": "2016-05-25 09:43:44.767581",
"delete": 0,
"docstatus": 0,
"email": 1,
"export": 1,
"idx": 2,
"if_owner": 0,
"import": 0,
"modified": "2024-01-03 23:21:13.162344",
"modified_by": "Administrator",
"name": "dde00b6d17",
"owner": "Administrator",
"parent": "Tag",
"parentfield": "permissions",
"parenttype": "DocType",
"permlevel": 0,
"print": 1,
"read": 1,
"report": 1,
"role": "All",
"select": 0,
"set_user_permissions": 0,
"share": 1,
"submit": 0,
"write": 1
},
{
"_assign": null,
"_comments": null,
"_liked_by": null,
"_user_tags": null,
"amend": 0,
"cancel": 0,
"create": 1,
"creation": "2024-01-03 23:21:13.186968",
"delete": 1,
"docstatus": 0,
"email": 0,
"export": 0,
"idx": 0,
"if_owner": 0,
"import": 0,
"modified": "2024-01-03 23:21:13.186968",
"modified_by": "Administrator",
"name": "b7de9df6bd",
"owner": "Administrator",
"parent": "Tag",
"parentfield": "permissions",
"parenttype": "DocType",
"permlevel": 0,
"print": 0,
"read": 1,
"report": 0,
"role": "LANDA State Organization Employee",
"select": 0,
"set_user_permissions": 0,
"share": 0,
"submit": 0,
"write": 1
}
],
"doctype": "Tag",
"property_setters": [
{
"_assign": null,
"_comments": null,
"_liked_by": null,
"_user_tags": null,
"creation": "2024-01-02 16:43:05.963829",
"default_value": null,
"doc_type": "Tag",
"docstatus": 0,
"doctype_or_field": "DocType",
"field_name": null,
"idx": 0,
"modified": "2024-01-02 16:43:05.963829",
"modified_by": "Administrator",
"name": "Tag-main-title_field",
"owner": "Administrator",
"parent": null,
"parentfield": null,
"parenttype": null,
"property": "title_field",
"property_type": "Data",
"row_name": null,
"value": ""
}
],
"sync_on_migrate": 1
}
Empty file.
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{
"actions": [],
"allow_rename": 1,
"creation": "2024-01-02 14:54:10.801210",
"doctype": "DocType",
"editable_grid": 1,
"engine": "InnoDB",
"field_order": [
"organization"
],
"fields": [
{
"fieldname": "organization",
"fieldtype": "Link",
"in_list_view": 1,
"label": "Organization",
"options": "Organization",
"reqd": 1
}
],
"istable": 1,
"links": [],
"modified": "2024-01-02 14:54:10.801210",
"modified_by": "Administrator",
"module": "Organization Management",
"name": "Tag Organization",
"owner": "Administrator",
"permissions": [],
"sort_field": "modified",
"sort_order": "DESC"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Copyright (c) 2024, ALYF GmbH and contributors
# For license information, please see license.txt

# import frappe
from frappe.model.document import Document


class TagOrganization(Document):
pass
58 changes: 58 additions & 0 deletions landa/organization_management/tag/tag.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# Copyright (c) 2024, ALYF GmbH and contributors
# For license information, please see license.txt

import frappe
from frappe.core.doctype.user_permission.user_permission import get_permitted_documents
from frappe.desk.doctype.tag.tag import add_tag as frappe_add_tag

from landa.utils import get_current_member_data


def has_permission(doc, user):
if not user:
user = frappe.session.user

user_roles = frappe.get_roles(user)

if "System Manager" in user_roles or "LANDA State Organization Employee" in user_roles:
return True

permitted_documents = get_permitted_documents("Organization")
return any(org.organization in permitted_documents for org in doc.get("organizations"))


def get_permission_query_conditions(user):
if not user:
user = frappe.session.user

user_roles = frappe.get_roles(user)

if "System Manager" in user_roles or "LANDA State Organization Employee" in user_roles:
return None

permitted_organizations = ", ".join(f"'{org}'" for org in get_permitted_documents("Organization"))

return f"""exists (
select 1 from `tabTag Organization`
where
`tabTag Organization`.parent = `tabTag`.name and
`tabTag Organization`.organization in ({permitted_organizations})
)"""


def before_insert(doc, method):
doc.append("organizations", {"organization": get_current_member_data().get("organization")})


@frappe.whitelist()
def add_tag(tag, dt, dn, color=None):
organization = get_current_member_data().get("organization")

if organization and frappe.db.exists("Tag", tag):
tag_doc = frappe.get_doc("Tag", tag)

if organization not in [org.organization for org in tag_doc.organizations]:
tag_doc.append("organizations", {"organization": organization})
tag_doc.save(ignore_permissions=True)

return frappe_add_tag(tag, dt, dn, color)
1 change: 1 addition & 0 deletions landa/patches.txt
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,4 @@ landa.patches.add_water_body_title_in_stocking
landa.patches.multi_to_polygon
landa.patches.add_award_types
landa.patches.multi_to_line
landa.patches.add_organization_to_tags
25 changes: 25 additions & 0 deletions landa/patches/add_organization_to_tags.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
import frappe
from frappe.modules.utils import sync_customizations

from landa.utils import get_member_and_organization


def execute():
"""Add organization to tags"""
# make sure Tag Organization is available
frappe.reload_doc("organization_management", "doctype", "tag_organization")

# make sure Tag is customized
sync_customizations("landa")

tags = frappe.get_all("Tag", fields=["name", "owner"])

for tag in tags:
owner_organization = get_member_and_organization(tag["owner"])[1]

if owner_organization:
tag_doc = frappe.get_doc("Tag", tag["name"])

if all(org.organization != owner_organization for org in tag_doc.get("organizations", [])):
tag_doc.append("organizations", {"organization": owner_organization})
tag_doc.save(ignore_permissions=True)

0 comments on commit 1288cd6

Please sign in to comment.