fix: Correctness in get_role_permissions and has_perm JS APIs (backport #18877) #18976
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Return value contains `if_owner` propert in object same as py - Elaborate code documentation
- If `doc` is passed to `has_perm`, checking for pre-stored doctype level perms is wrong - It gives back stale values that don't consider document level permissions and only change on reload (window property) - Get freshly evaluate perms at the doc level - If no `doc` is involved, doctype level custom window property can be used
- Test removes System Manager role for user and expects certain perms - On Kanban Board DocType, only System Manager is allowed to print/export/email/report/share - DocType level test only
- Cache documet level output of `get_perm` in `has_perm` as well
- Avoid caching documents like 'new-item-1', default to doctype perms instead - Use secure `whitelist_for_tests` decorator instead
github-actions
bot
added
the
add-test-cases
marination
removed
the
add-test-cases
frappe-pr-bot
pushed a commit
that referenced
this pull request
Nov 29, 2022
# [14.17.0](v14.16.0...v14.17.0) (2022-11-29) ### Bug Fixes * Avoid `update_order` twice on Kanban load ([#19011](#19011)) ([#19013](#19013)) ([c6e2d16](c6e2d16)) * broken link for email tracking pixels ([#19030](#19030)) ([#19032](#19032)) ([ca520e0](ca520e0)) * Correctness in get_role_permissions and has_perm JS APIs (backport [#18877](#18877)) ([#18976](#18976)) ([cc2cd5f](cc2cd5f)) * default value options: sort ([#19019](#19019)) ([#19022](#19022)) ([3ec6d9c](3ec6d9c)) * discovery and styling issues in grid buttons ([a6bda7f](a6bda7f)) * handle "No Letterhead" in new print format builder ([#18990](#18990)) ([#18992](#18992)) ([1ad1cab](1ad1cab)) * horizontal scroll in rtl language ([906336e](906336e)) * only accept string values for `key` ([237a152](237a152)) * webform read only field not working ([#19026](#19026)) ([ce505ca](ce505ca)) * z-index for barcode and awesomeplete (backport [#18893](#18893)) ([#19003](#19003)) ([0191858](0191858)) ### Features * add param letterhead to frappe.get_print ([#18989](#18989)) ([#19034](#19034)) ([c887be5](c887be5))
|
🎉 This PR is included in version 14.17.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
stephenBDT
pushed a commit
to alias/frappe
that referenced
this pull request
Nov 30, 2022
frappe#18877) (frappe#18976) * fix: Consistency in `get_role_permissions` return value - Return value contains `if_owner` propert in object same as py - Elaborate code documentation * fix: Don't assign document level perms to doctype level permission store - If `doc` is passed to `has_perm`, checking for pre-stored doctype level perms is wrong - It gives back stale values that don't consider document level permissions and only change on reload (window property) - Get freshly evaluate perms at the doc level - If no `doc` is involved, doctype level custom window property can be used * fix: correct logic for `if_owner` and refactor * test: Cypress test to check basic `has_perm` and `get_perm` JS APIs - Test removes System Manager role for user and expects certain perms - On Kanban Board DocType, only System Manager is allowed to print/export/email/report/share - DocType level test only * chore: Cache Document level perms as well in `has_perm` - Cache documet level output of `get_perm` in `has_perm` as well * chore: `web_form.py` format via pre-commit * fix: Avoid caching unsaved documents and secure whitelist decorator - Avoid caching documents like 'new-item-1', default to doctype perms instead - Use secure `whitelist_for_tests` decorator instead * chore: cache `role_perms` instead * fix: decorator usage * chore: move cheaper condition first * chore: revert to `doctype_perm` cache for now Co-authored-by: Sagar Vora <sagar@resilient.tech>
stephenBDT
pushed a commit
to alias/frappe
that referenced
this pull request
Nov 30, 2022
# [14.17.0](frappe/frappe@v14.16.0...v14.17.0) (2022-11-29) ### Bug Fixes * Avoid `update_order` twice on Kanban load ([frappe#19011](frappe#19011)) ([frappe#19013](frappe#19013)) ([c6e2d16](frappe@c6e2d16)) * broken link for email tracking pixels ([frappe#19030](frappe#19030)) ([frappe#19032](frappe#19032)) ([ca520e0](frappe@ca520e0)) * Correctness in get_role_permissions and has_perm JS APIs (backport [frappe#18877](frappe#18877)) ([frappe#18976](frappe#18976)) ([cc2cd5f](frappe@cc2cd5f)) * default value options: sort ([frappe#19019](frappe#19019)) ([frappe#19022](frappe#19022)) ([3ec6d9c](frappe@3ec6d9c)) * discovery and styling issues in grid buttons ([a6bda7f](frappe@a6bda7f)) * handle "No Letterhead" in new print format builder ([frappe#18990](frappe#18990)) ([frappe#18992](frappe#18992)) ([1ad1cab](frappe@1ad1cab)) * horizontal scroll in rtl language ([906336e](frappe@906336e)) * only accept string values for `key` ([237a152](frappe@237a152)) * webform read only field not working ([frappe#19026](frappe#19026)) ([ce505ca](frappe@ce505ca)) * z-index for barcode and awesomeplete (backport [frappe#18893](frappe#18893)) ([frappe#19003](frappe#19003)) ([0191858](frappe@0191858)) ### Features * add param letterhead to frappe.get_print ([frappe#18989](frappe#18989)) ([frappe#19034](frappe#19034)) ([c887be5](frappe@c887be5))
stephenBDT
pushed a commit
to alias/frappe
that referenced
this pull request
Dec 1, 2022
frappe#18877) (frappe#18976) * fix: Consistency in `get_role_permissions` return value - Return value contains `if_owner` propert in object same as py - Elaborate code documentation * fix: Don't assign document level perms to doctype level permission store - If `doc` is passed to `has_perm`, checking for pre-stored doctype level perms is wrong - It gives back stale values that don't consider document level permissions and only change on reload (window property) - Get freshly evaluate perms at the doc level - If no `doc` is involved, doctype level custom window property can be used * fix: correct logic for `if_owner` and refactor * test: Cypress test to check basic `has_perm` and `get_perm` JS APIs - Test removes System Manager role for user and expects certain perms - On Kanban Board DocType, only System Manager is allowed to print/export/email/report/share - DocType level test only * chore: Cache Document level perms as well in `has_perm` - Cache documet level output of `get_perm` in `has_perm` as well * chore: `web_form.py` format via pre-commit * fix: Avoid caching unsaved documents and secure whitelist decorator - Avoid caching documents like 'new-item-1', default to doctype perms instead - Use secure `whitelist_for_tests` decorator instead * chore: cache `role_perms` instead * fix: decorator usage * chore: move cheaper condition first * chore: revert to `doctype_perm` cache for now Co-authored-by: Sagar Vora <sagar@resilient.tech>
stephenBDT
pushed a commit
to alias/frappe
that referenced
this pull request
Dec 1, 2022
# [14.17.0](frappe/frappe@v14.16.0...v14.17.0) (2022-11-29) ### Bug Fixes * Avoid `update_order` twice on Kanban load ([frappe#19011](frappe#19011)) ([frappe#19013](frappe#19013)) ([c6e2d16](frappe@c6e2d16)) * broken link for email tracking pixels ([frappe#19030](frappe#19030)) ([frappe#19032](frappe#19032)) ([ca520e0](frappe@ca520e0)) * Correctness in get_role_permissions and has_perm JS APIs (backport [frappe#18877](frappe#18877)) ([frappe#18976](frappe#18976)) ([cc2cd5f](frappe@cc2cd5f)) * default value options: sort ([frappe#19019](frappe#19019)) ([frappe#19022](frappe#19022)) ([3ec6d9c](frappe@3ec6d9c)) * discovery and styling issues in grid buttons ([a6bda7f](frappe@a6bda7f)) * handle "No Letterhead" in new print format builder ([frappe#18990](frappe#18990)) ([frappe#18992](frappe#18992)) ([1ad1cab](frappe@1ad1cab)) * horizontal scroll in rtl language ([906336e](frappe@906336e)) * only accept string values for `key` ([237a152](frappe@237a152)) * webform read only field not working ([frappe#19026](frappe#19026)) ([ce505ca](frappe@ce505ca)) * z-index for barcode and awesomeplete (backport [frappe#18893](frappe#18893)) ([frappe#19003](frappe#19003)) ([0191858](frappe@0191858)) ### Features * add param letterhead to frappe.get_print ([frappe#18989](frappe#18989)) ([frappe#19034](frappe#19034)) ([c887be5](frappe@c887be5))
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Manual Backport of #18877