Gitiles
Code Review Sign In
git.clicks.codes / Clicks / Forks / ERPNext / 64202ad41652762b6d0640e4a442580babc18903^! / .
commit64202ad41652762b6d0640e4a442580babc18903[log] [tgz]
authorFaris Ansari <netchamp.faris@gmail.com>Wed Aug 29 15:02:39 2018 +0530
committerFaris Ansari <netchamp.faris@gmail.com>Wed Aug 29 15:02:39 2018 +0530
tree70fa534c5e79a0888258fdfc9fd127e679f495be
parent8bc954ecc6bd63c426d77ac8e4bf8dbe17039bb8 [diff]
fix: Only a System Manager can register as a seller

- every other user has read only access

diff --git a/erpnext/hub_node/api.py b/erpnext/hub_node/api.py
index 9f4499f..8b186af 100644
--- a/erpnext/hub_node/api.py
+++ b/erpnext/hub_node/api.py

@@ -162,14 +162,23 @@
 
 
 def get_hub_connection():
+	read_only = True
+
 	if frappe.db.exists('Data Migration Connector', 'Hub Connector'):
 		hub_connector = frappe.get_doc('Data Migration Connector', 'Hub Connector')
-		hub_connection = hub_connector.get_connection()
-		return hub_connection.connection
+
+		# full rights to user who registered as hub_seller
+		if hub_connector.username == frappe.session.user:
+			read_only = False
+
+		if not read_only:
+			hub_connection = hub_connector.get_connection()
+			return hub_connection.connection
 
 	# read-only connection
-	hub_connection = FrappeClient(frappe.conf.hub_url)
-	return hub_connection
+	if read_only:
+		hub_connection = FrappeClient(frappe.conf.hub_url)
+		return hub_connection
 
 
 def get_field_mappings():

diff --git a/erpnext/hub_node/doctype/hub_settings/hub_settings.py b/erpnext/hub_node/doctype/hub_settings/hub_settings.py
index e445531..fb7887e 100644
--- a/erpnext/hub_node/doctype/hub_settings/hub_settings.py
+++ b/erpnext/hub_node/doctype/hub_settings/hub_settings.py

@@ -28,6 +28,9 @@
 	def register(self):
 		""" Create a User on hub.erpnext.org and return username/password """
 
+		if 'System Manager' not in frappe.get_roles():
+			frappe.throw(_('Only users with System Manager role can register on Marketplace'), frappe.PermissionError)
+
 		# TODO: site_name for cloud sites
 		protocol = 'http://'
 		self.site_name = protocol + frappe.local.site + ':' + str(frappe.conf.webserver_port)

diff --git a/erpnext/public/js/hub/marketplace.js b/erpnext/public/js/hub/marketplace.js
index 373f552..67ac502 100644
--- a/erpnext/public/js/hub/marketplace.js
+++ b/erpnext/public/js/hub/marketplace.js

@@ -29,8 +29,8 @@
 				this.make_body();
 				this.setup_events();
 				this.refresh();
-				if (!is_registered) {
-					this.page.set_primary_action('Become A Seller', this.show_register_dialog.bind(this))
+				if (!is_registered && frappe.user_roles.includes('System Manager')) {
+					this.page.set_primary_action('Become a Seller', this.show_register_dialog.bind(this))
 				}
 			});
 	}