-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #254 from scdanieli/lan-790
feat: restrict permissions for Tags by Organizations (LAN-790)
- Loading branch information
Showing
8 changed files
with
328 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,196 @@ | ||
{ | ||
"custom_fields": [ | ||
{ | ||
"_assign": null, | ||
"_comments": null, | ||
"_liked_by": null, | ||
"_user_tags": null, | ||
"allow_in_quick_entry": 0, | ||
"allow_on_submit": 0, | ||
"bold": 0, | ||
"collapsible": 0, | ||
"collapsible_depends_on": null, | ||
"columns": 0, | ||
"creation": "2024-01-02 16:44:06.931009", | ||
"default": null, | ||
"depends_on": null, | ||
"description": null, | ||
"docstatus": 0, | ||
"dt": "Tag", | ||
"fetch_from": null, | ||
"fetch_if_empty": 0, | ||
"fieldname": "organizations", | ||
"fieldtype": "Table", | ||
"hidden": 0, | ||
"hide_border": 0, | ||
"hide_days": 0, | ||
"hide_seconds": 0, | ||
"idx": 1, | ||
"ignore_user_permissions": 0, | ||
"ignore_xss_filter": 0, | ||
"in_global_search": 0, | ||
"in_list_view": 0, | ||
"in_preview": 0, | ||
"in_standard_filter": 0, | ||
"insert_after": "description", | ||
"label": "Organizations", | ||
"length": 0, | ||
"mandatory_depends_on": null, | ||
"modified": "2024-01-02 16:44:06.931009", | ||
"modified_by": "Administrator", | ||
"name": "Tag-organizations", | ||
"no_copy": 0, | ||
"non_negative": 0, | ||
"options": "Tag Organization", | ||
"owner": "Administrator", | ||
"parent": null, | ||
"parentfield": null, | ||
"parenttype": null, | ||
"permlevel": 0, | ||
"precision": "", | ||
"print_hide": 0, | ||
"print_hide_if_no_value": 0, | ||
"print_width": null, | ||
"read_only": 0, | ||
"read_only_depends_on": null, | ||
"report_hide": 0, | ||
"reqd": 0, | ||
"search_index": 0, | ||
"translatable": 0, | ||
"unique": 0, | ||
"width": null | ||
} | ||
], | ||
"custom_perms": [ | ||
{ | ||
"_assign": null, | ||
"_comments": null, | ||
"_liked_by": null, | ||
"_user_tags": null, | ||
"amend": 0, | ||
"cancel": 0, | ||
"create": 1, | ||
"creation": "2016-05-25 09:43:44.767581", | ||
"delete": 1, | ||
"docstatus": 0, | ||
"email": 1, | ||
"export": 1, | ||
"idx": 1, | ||
"if_owner": 0, | ||
"import": 0, | ||
"modified": "2024-01-03 23:21:12.987064", | ||
"modified_by": "Administrator", | ||
"name": "503e791796", | ||
"owner": "Administrator", | ||
"parent": "Tag", | ||
"parentfield": "permissions", | ||
"parenttype": "DocType", | ||
"permlevel": 0, | ||
"print": 1, | ||
"read": 1, | ||
"report": 1, | ||
"role": "System Manager", | ||
"select": 0, | ||
"set_user_permissions": 0, | ||
"share": 1, | ||
"submit": 0, | ||
"write": 1 | ||
}, | ||
{ | ||
"_assign": null, | ||
"_comments": null, | ||
"_liked_by": null, | ||
"_user_tags": null, | ||
"amend": 0, | ||
"cancel": 0, | ||
"create": 1, | ||
"creation": "2016-05-25 09:43:44.767581", | ||
"delete": 0, | ||
"docstatus": 0, | ||
"email": 1, | ||
"export": 1, | ||
"idx": 2, | ||
"if_owner": 0, | ||
"import": 0, | ||
"modified": "2024-01-03 23:21:13.162344", | ||
"modified_by": "Administrator", | ||
"name": "dde00b6d17", | ||
"owner": "Administrator", | ||
"parent": "Tag", | ||
"parentfield": "permissions", | ||
"parenttype": "DocType", | ||
"permlevel": 0, | ||
"print": 1, | ||
"read": 1, | ||
"report": 1, | ||
"role": "All", | ||
"select": 0, | ||
"set_user_permissions": 0, | ||
"share": 1, | ||
"submit": 0, | ||
"write": 1 | ||
}, | ||
{ | ||
"_assign": null, | ||
"_comments": null, | ||
"_liked_by": null, | ||
"_user_tags": null, | ||
"amend": 0, | ||
"cancel": 0, | ||
"create": 1, | ||
"creation": "2024-01-03 23:21:13.186968", | ||
"delete": 1, | ||
"docstatus": 0, | ||
"email": 0, | ||
"export": 0, | ||
"idx": 0, | ||
"if_owner": 0, | ||
"import": 0, | ||
"modified": "2024-01-03 23:21:13.186968", | ||
"modified_by": "Administrator", | ||
"name": "b7de9df6bd", | ||
"owner": "Administrator", | ||
"parent": "Tag", | ||
"parentfield": "permissions", | ||
"parenttype": "DocType", | ||
"permlevel": 0, | ||
"print": 0, | ||
"read": 1, | ||
"report": 0, | ||
"role": "LANDA State Organization Employee", | ||
"select": 0, | ||
"set_user_permissions": 0, | ||
"share": 0, | ||
"submit": 0, | ||
"write": 1 | ||
} | ||
], | ||
"doctype": "Tag", | ||
"property_setters": [ | ||
{ | ||
"_assign": null, | ||
"_comments": null, | ||
"_liked_by": null, | ||
"_user_tags": null, | ||
"creation": "2024-01-02 16:43:05.963829", | ||
"default_value": null, | ||
"doc_type": "Tag", | ||
"docstatus": 0, | ||
"doctype_or_field": "DocType", | ||
"field_name": null, | ||
"idx": 0, | ||
"modified": "2024-01-02 16:43:05.963829", | ||
"modified_by": "Administrator", | ||
"name": "Tag-main-title_field", | ||
"owner": "Administrator", | ||
"parent": null, | ||
"parentfield": null, | ||
"parenttype": null, | ||
"property": "title_field", | ||
"property_type": "Data", | ||
"row_name": null, | ||
"value": "" | ||
} | ||
], | ||
"sync_on_migrate": 1 | ||
} |
Empty file.
31 changes: 31 additions & 0 deletions
31
landa/organization_management/doctype/tag_organization/tag_organization.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"actions": [], | ||
"allow_rename": 1, | ||
"creation": "2024-01-02 14:54:10.801210", | ||
"doctype": "DocType", | ||
"editable_grid": 1, | ||
"engine": "InnoDB", | ||
"field_order": [ | ||
"organization" | ||
], | ||
"fields": [ | ||
{ | ||
"fieldname": "organization", | ||
"fieldtype": "Link", | ||
"in_list_view": 1, | ||
"label": "Organization", | ||
"options": "Organization", | ||
"reqd": 1 | ||
} | ||
], | ||
"istable": 1, | ||
"links": [], | ||
"modified": "2024-01-02 14:54:10.801210", | ||
"modified_by": "Administrator", | ||
"module": "Organization Management", | ||
"name": "Tag Organization", | ||
"owner": "Administrator", | ||
"permissions": [], | ||
"sort_field": "modified", | ||
"sort_order": "DESC" | ||
} |
9 changes: 9 additions & 0 deletions
9
landa/organization_management/doctype/tag_organization/tag_organization.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Copyright (c) 2024, ALYF GmbH and contributors | ||
# For license information, please see license.txt | ||
|
||
# import frappe | ||
from frappe.model.document import Document | ||
|
||
|
||
class TagOrganization(Document): | ||
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# Copyright (c) 2024, ALYF GmbH and contributors | ||
# For license information, please see license.txt | ||
|
||
import frappe | ||
from frappe.core.doctype.user_permission.user_permission import get_permitted_documents | ||
from frappe.desk.doctype.tag.tag import add_tag as frappe_add_tag | ||
|
||
from landa.utils import get_current_member_data | ||
|
||
|
||
def has_permission(doc, user): | ||
if not user: | ||
user = frappe.session.user | ||
|
||
user_roles = frappe.get_roles(user) | ||
|
||
if "System Manager" in user_roles or "LANDA State Organization Employee" in user_roles: | ||
return True | ||
|
||
permitted_documents = get_permitted_documents("Organization") | ||
return any(org.organization in permitted_documents for org in doc.get("organizations")) | ||
|
||
|
||
def get_permission_query_conditions(user): | ||
if not user: | ||
user = frappe.session.user | ||
|
||
user_roles = frappe.get_roles(user) | ||
|
||
if "System Manager" in user_roles or "LANDA State Organization Employee" in user_roles: | ||
return None | ||
|
||
permitted_organizations = ", ".join(f"'{org}'" for org in get_permitted_documents("Organization")) | ||
|
||
return f"""exists ( | ||
select 1 from `tabTag Organization` | ||
where | ||
`tabTag Organization`.parent = `tabTag`.name and | ||
`tabTag Organization`.organization in ({permitted_organizations}) | ||
)""" | ||
|
||
|
||
def before_insert(doc, method): | ||
doc.append("organizations", {"organization": get_current_member_data().get("organization")}) | ||
|
||
|
||
@frappe.whitelist() | ||
def add_tag(tag, dt, dn, color=None): | ||
organization = get_current_member_data().get("organization") | ||
|
||
if organization and frappe.db.exists("Tag", tag): | ||
tag_doc = frappe.get_doc("Tag", tag) | ||
|
||
if organization not in [org.organization for org in tag_doc.organizations]: | ||
tag_doc.append("organizations", {"organization": organization}) | ||
tag_doc.save(ignore_permissions=True) | ||
|
||
return frappe_add_tag(tag, dt, dn, color) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
import frappe | ||
from frappe.modules.utils import sync_customizations | ||
|
||
from landa.utils import get_member_and_organization | ||
|
||
|
||
def execute(): | ||
"""Add organization to tags""" | ||
# make sure Tag Organization is available | ||
frappe.reload_doc("organization_management", "doctype", "tag_organization") | ||
|
||
# make sure Tag is customized | ||
sync_customizations("landa") | ||
|
||
tags = frappe.get_all("Tag", fields=["name", "owner"]) | ||
|
||
for tag in tags: | ||
owner_organization = get_member_and_organization(tag["owner"])[1] | ||
|
||
if owner_organization: | ||
tag_doc = frappe.get_doc("Tag", tag["name"]) | ||
|
||
if all(org.organization != owner_organization for org in tag_doc.get("organizations", [])): | ||
tag_doc.append("organizations", {"organization": owner_organization}) | ||
tag_doc.save(ignore_permissions=True) |