Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: allow wildcard for doctype in permission hooks #25729

Merged
merged 6 commits into from
Apr 10, 2024
+21 −3
Merged

feat: allow wildcard for doctype in permission hooks #25729

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e009e8b
feat: allow wildcard for doctype in permission hooks
revant Mar 29, 2024
fd9cfd7
fix: pass doctype to permission query
revant Mar 29, 2024
8fff560
fix: combine methods instead of alternate
revant Mar 30, 2024
e65b031
test: wildcard has_permssion hook
revant Apr 1, 2024
dc86427
test: wildcard has_permssion make note public
revant Apr 1, 2024
e312fe5
fix: fetch list of hooks once
revant Apr 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 2 additions & 1 deletion frappe/model/db_query.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1037,9 +1037,10 @@ def add_user_permissions(self, user_permissions):
def get_permission_query_conditions(self):
conditions = []
condition_methods = frappe.get_hooks("permission_query_conditions", {}).get(self.doctype, [])
condition_methods += frappe.get_hooks("permission_query_conditions", {}).get("*", [])
revant marked this conversation as resolved.
Show resolved Hide resolved
if condition_methods:
for method in condition_methods:
c = frappe.call(frappe.get_attr(method), self.user)
c = frappe.call(frappe.get_attr(method), self.user, doctype=self.doctype)
if c:
conditions.append(c)

Expand Down
1 change: 1 addition & 0 deletions frappe/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -444,6 +444,7 @@ def has_controller_permissions(doc, ptype, user=None, debug=False) -> bool:
user = frappe.session.user

methods = frappe.get_hooks("has_permission").get(doc.doctype, [])
methods += frappe.get_hooks("has_permission").get("*", [])
revant marked this conversation as resolved.
Show resolved Hide resolved

if not methods:
return True
Expand Down
16 changes: 16 additions & 0 deletions frappe/tests/test_hooks.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,14 @@ def test_has_permission(self):

hooks.has_permission["Address"] = address_has_permission_hook

wildcard_has_permission_hook = hooks.has_permission.get("*", [])
if isinstance(wildcard_has_permission_hook, str):
wildcard_has_permission_hook = [wildcard_has_permission_hook]

wildcard_has_permission_hook.append("frappe.tests.test_hooks.custom_has_permission")

hooks.has_permission["*"] = wildcard_has_permission_hook

# Clear cache
frappe.cache.delete_value("app_hooks")

Expand All @@ -53,12 +61,20 @@ def test_has_permission(self):
user.add_roles("System Manager")
address = frappe.new_doc("Address")

# Create Note
note = frappe.new_doc("Note")
note.public = 1

# Test!
self.assertTrue(frappe.has_permission("Address", doc=address, user=username))
self.assertTrue(frappe.has_permission("Note", doc=note, user=username))

address.flags.dont_touch_me = True
self.assertFalse(frappe.has_permission("Address", doc=address, user=username))

note.flags.dont_touch_me = True
self.assertFalse(frappe.has_permission("Note", doc=note, user=username))

def test_ignore_links_on_delete(self):
email_unsubscribe = frappe.get_doc(
{"doctype": "Email Unsubscribe", "email": "test@example.com", "global_unsubscribe": 1}
Expand Down