feat: Disable Sharing globally #20318
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Checkbox in System Settings - If disabled, avoid share UI render - Share APIs return None (non-obstructing) if share APIs are invoked
github-actions
bot
added
the
add-test-cases
barredterra
reviewed
Mar 13, 2023
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## develop #20318 +/- ##
===========================================
+ Coverage 63.80% 63.86% +0.06%
===========================================
Files 758 758
Lines 68672 68654 -18
Branches 6194 6194
===========================================
+ Hits 43814 43849 +35
+ Misses 21320 21263 -57
- Partials 3538 3542 +4
Flags with carried forward coverage won't be shown. Click here to find out more. |
barredterra
added
backport version-13-hotfix
backport version-14-hotfix
- Treat feature like a perm toggler. Essentially noone is allowed to explicity share anything - Implicit sharing via `ignore_share_permissions` is allowed. Devs can decide where sharing should happen under the hood - UI is made read only and not hidden. Users must see who doc is already shared with - Make sure perm APIs used by share feature return false if sharing is disabled - Rename checkbox to `Disable Document Sharing`
marination
force-pushed
the
disable-sharing-globally
branch
from
1368f8a
to
e547f6e
Compare
- Also, fix missed system setting rename in `assign_to`
marination
changed the title
marination
removed
the
add-test-cases
marination
requested review from
a team and
shariquerik
and removed request for
a team
ankush
requested changes
Mar 24, 2023
marination
force-pushed
the
disable-sharing-globally
branch
from
4ba0378
to
28bef3e
Compare
- misc: readable conditions
marination
force-pushed
the
disable-sharing-globally
branch
from
28bef3e
to
3852350
Compare
ankush
previously approved these changes
Mar 28, 2023
barredterra
reviewed
Mar 28, 2023
marination
force-pushed
the
disable-sharing-globally
branch
from
1d9319b
to
4246289
Compare
marination
force-pushed
the
disable-sharing-globally
branch
from
4246289
to
1ea9d60
Compare
ankush
approved these changes
Mar 28, 2023
mergify bot
pushed a commit
that referenced
this pull request
Mar 28, 2023
* feat: Disable Sharing globally - Checkbox in System Settings - If disabled, avoid share UI render - Share APIs return None (non-obstructing) if share APIs are invoked * feat: Settings checkbox must toggle share permission globally - Treat feature like a perm toggler. Essentially noone is allowed to explicity share anything - Implicit sharing via `ignore_share_permissions` is allowed. Devs can decide where sharing should happen under the hood - UI is made read only and not hidden. Users must see who doc is already shared with - Make sure perm APIs used by share feature return false if sharing is disabled - Rename checkbox to `Disable Document Sharing` * test: (server side) Impact of disabling sharing on APIs - Also, fix missed system setting rename in `assign_to` * fix: Inform assigner if assignee lacks perms and sharing is disabled - misc: readable conditions * fix: throw instead of msgprint * fix: Typo and appropriate message for `throw` --------- Co-authored-by: Ankush Menat <ankush@frappe.io> (cherry picked from commit 90f8f94) # Conflicts: # frappe/core/doctype/docshare/test_docshare.py # frappe/core/doctype/system_settings/system_settings.json # frappe/permissions.py # frappe/public/js/frappe/model/model.js
mergify bot
pushed a commit
that referenced
this pull request
Mar 28, 2023
* feat: Disable Sharing globally - Checkbox in System Settings - If disabled, avoid share UI render - Share APIs return None (non-obstructing) if share APIs are invoked * feat: Settings checkbox must toggle share permission globally - Treat feature like a perm toggler. Essentially noone is allowed to explicity share anything - Implicit sharing via `ignore_share_permissions` is allowed. Devs can decide where sharing should happen under the hood - UI is made read only and not hidden. Users must see who doc is already shared with - Make sure perm APIs used by share feature return false if sharing is disabled - Rename checkbox to `Disable Document Sharing` * test: (server side) Impact of disabling sharing on APIs - Also, fix missed system setting rename in `assign_to` * fix: Inform assigner if assignee lacks perms and sharing is disabled - misc: readable conditions * fix: throw instead of msgprint * fix: Typo and appropriate message for `throw` --------- Co-authored-by: Ankush Menat <ankush@frappe.io> (cherry picked from commit 90f8f94)
|
@ankush don't you want this in v13 at all or can we do a manual backport? |
|
Way too many conflicts, better to port manually and confirm if it works. |
ankush
added a commit
that referenced
this pull request
Mar 29, 2023
* feat: Disable Sharing globally (#20318) * feat: Disable Sharing globally - Checkbox in System Settings - If disabled, avoid share UI render - Share APIs return None (non-obstructing) if share APIs are invoked * feat: Settings checkbox must toggle share permission globally - Treat feature like a perm toggler. Essentially noone is allowed to explicity share anything - Implicit sharing via `ignore_share_permissions` is allowed. Devs can decide where sharing should happen under the hood - UI is made read only and not hidden. Users must see who doc is already shared with - Make sure perm APIs used by share feature return false if sharing is disabled - Rename checkbox to `Disable Document Sharing` * test: (server side) Impact of disabling sharing on APIs - Also, fix missed system setting rename in `assign_to` * fix: Inform assigner if assignee lacks perms and sharing is disabled - misc: readable conditions * fix: throw instead of msgprint * fix: Typo and appropriate message for `throw` --------- Co-authored-by: Ankush Menat <ankush@frappe.io> (cherry picked from commit 90f8f94) * test: fix test case to modified behaviour We throw instead of showing warning now --------- Co-authored-by: Marica <maricadsouza221197@gmail.com> Co-authored-by: Ankush Menat <ankush@frappe.io>
ankush
added a commit
that referenced
this pull request
Mar 29, 2023
* feat: Disable Sharing globally (#20318) * feat: Disable Sharing globally - Checkbox in System Settings - If disabled, avoid share UI render - Share APIs return None (non-obstructing) if share APIs are invoked * feat: Settings checkbox must toggle share permission globally - Treat feature like a perm toggler. Essentially noone is allowed to explicity share anything - Implicit sharing via `ignore_share_permissions` is allowed. Devs can decide where sharing should happen under the hood - UI is made read only and not hidden. Users must see who doc is already shared with - Make sure perm APIs used by share feature return false if sharing is disabled - Rename checkbox to `Disable Document Sharing` * test: (server side) Impact of disabling sharing on APIs - Also, fix missed system setting rename in `assign_to` * fix: Inform assigner if assignee lacks perms and sharing is disabled - misc: readable conditions * fix: throw instead of msgprint * fix: Typo and appropriate message for `throw` --------- Co-authored-by: Ankush Menat <ankush@frappe.io> * test: fix test case to modified behaviour We throw instead of showing warning now * style: format [skip ci] --------- Co-authored-by: Ankush Menat <ankush@frappe.io>
frappe-pr-bot
pushed a commit
that referenced
this pull request
Apr 4, 2023
# [14.31.0](v14.30.0...v14.31.0) (2023-04-04) ### Bug Fixes * allow `reset_otp_secret` only if Two Factor Auth is enabled ([#20506](#20506)) ([#20561](#20561)) ([ca486c4](ca486c4)) * allowed only POST and PUT methods in `rename_doc` ([#20504](#20504)) ([#20565](#20565)) ([fd1f6fe](fd1f6fe)) * bulk update using doc method, check perms ([#20522](#20522)) ([2237968](2237968)) * cannot restore cancelled document if workflow is active ([547efe3](547efe3)) * Check if reference_name is set ([2e9068b](2e9068b)) * content_type can be `None` during file upload ([#20572](#20572)) ([#20574](#20574)) ([ebc6059](ebc6059)) * date field shouldn't be formatted for TZ ([#20486](#20486)) ([#20490](#20490)) ([07b7b46](07b7b46)) * don't hide tab with dashboard if there is a visible section/control ([084e8af](084e8af)) * Drop message_id index before migrating email queue ([#20376](#20376)) ([#20578](#20578)) ([394c232](394c232)) * email linking and message_id indexing ([#20356](#20356)) ([#20579](#20579)) ([5ae94ef](5ae94ef)) * escape HTML instead of sanitizing ([2269d6e](2269d6e)) * fix address query for postgres ([f01566a](f01566a)), closes [/github.com//pull/20537#ref-pullrequest-1645575433](https://github.com//github.com/frappe/frappe/pull/20537/issues/ref-pullrequest-1645575433) * get workflow_state_fieldname instead of setting workflow_state to none ([bac4e9b](bac4e9b)) * Handle JsBarcode exceptions ([#20532](#20532)) ([b1c3d8b](b1c3d8b)) * heatmap not reset on dashboard refresh ([3c0659b](3c0659b)) * hide chart and heatmap on dashboard reset ([cec7a73](cec7a73)) * Incorrect use of the Walrus operator ([a70a5ca](a70a5ca)) * nestedset rename ([#20498](#20498)) ([#20499](#20499)) ([b831392](b831392)) * removed unnecessary usage of `[@frappe](https://github.com/frappe).whitelist` ([#20503](#20503)) ([#20563](#20563)) ([0af8315](0af8315)) * rewrite query for postgres ([#20557](#20557)) ([#20559](#20559)) ([d754be5](d754be5)) * sending mails to unintended recipients as cc ([1c47643](1c47643)) * **UI:** align link cards & charts on workspace ([82cfd33](82cfd33)) * unsubscribe from list_update before resubbing ([#20450](#20450)) ([#20581](#20581)) ([7866605](7866605)) * use chart type passed to `render_graph` on form dashboards ([015f7db](015f7db)) ### Features * Disable Sharing globally (backport [#20318](#20318)) ([#20492](#20492)) ([67a537c](67a537c)) * list-view click and drag on check box to select multiple rows (backport [#20457](#20457)) ([#20568](#20568)) ([f757a37](f757a37)) * make workflow state translatable ([#20412](#20412)) ([8675789](8675789)) * **util:** `get_table_name`: wrap in backticks ([#20553](#20553)) ([#20556](#20556)) ([5c56dff](5c56dff)) ### Performance Improvements * Faster address query with explicit joins (backport [#20537](#20537)) ([#20540](#20540)) ([2ef7ef5](2ef7ef5)) * unsubscribe from list_update events ([#20423](#20423)) ([#20580](#20580)) ([8a63144](8a63144))
frappe-pr-bot
pushed a commit
that referenced
this pull request
Apr 4, 2023
# [13.52.0](v13.51.3...v13.52.0) (2023-04-04) ### Bug Fixes * better error logging while sending email ([#20570](#20570)) ([8ae4d55](8ae4d55)) * cannot restore cancelled document if workflow is active ([6206dc0](6206dc0)) * escape HTML instead of sanitizing ([68ad9cf](68ad9cf)) * fix address query for postgres ([616dd8b](616dd8b)), closes [/github.com//pull/20537#ref-pullrequest-1645575433](https://github.com//github.com/frappe/frappe/pull/20537/issues/ref-pullrequest-1645575433) * get workflow_state_fieldname instead of setting workflow_state to none ([3249aa2](3249aa2)) * removed unnecessary usage of `[@frappe](https://github.com/frappe).whitelist` ([#20503](#20503)) ([#20562](#20562)) ([08398cb](08398cb)) * rewrite query for postgres ([#20557](#20557)) ([#20558](#20558)) ([e400c5f](e400c5f)) ### Features * Disable Sharing globally ([#20318](#20318)) [backport] ([#20500](#20500)) ([758873c](758873c)) * make workflow state translatable ([#20412](#20412)) ([#20501](#20501)) ([1545fbd](1545fbd)) ### Performance Improvements * Faster address query with explicit joins (backport [#20537](#20537)) ([#20539](#20539)) ([955a723](955a723))
|
Awesome! Would it not make more sense to actually hide the Share div from the sidebar when this feature is enabled though? :) |
|
@iMoshi in the case where sharing is disabled after a document is already shared with some users, we would probably still want to see who all can view this document. Seemed consistent with the behaviour when a user has no share access. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Docs: https://docs.erpnext.com/docs/v14/user/manual/en/setting-up/settings/system-settings/edit-wiki?wiki_page_patch=57c20f0965
Issue:
Enable or Disable document sharing system wide
Checkbox in System Settings which is unchecked by default to maintain old behaviour
If enabled, system wide, no user will have share access to any document
The share button will be read only, no action (no share access). Although users can see who the doc is shared with (consistent with old behaviour)
On invoking the share API without
ignore_share_permissions(form the browser), a perm error is thrownIf any share API is invoked with
ignore_share_permissionsit will go through (consistent with old behaviour). [Creating a user, doc must be shared with the user themselves]assign_tois handled as a special case, where assigning a doc to a user will block the assignment if the user does not have access already. The assignee is expected to have access to the document otherwise assignments can be misused