Fixes for apply user permissions and momentjs
diff --git a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json
index dfe5704..505a3ba 100755
--- a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json
+++ b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json
@@ -744,17 +744,17 @@
"icon": "icon-file-text",
"idx": 1,
"is_submittable": 1,
- "modified": "2014-05-27 03:49:15.589404",
+ "modified": "2014-06-04 08:45:25.582170",
"modified_by": "Administrator",
"module": "Accounts",
"name": "Purchase Invoice",
"owner": "Administrator",
"permissions": [
{
- "amend": 0,
+ "amend": 1,
"apply_user_permissions": 1,
- "cancel": 0,
- "create": 0,
+ "cancel": 1,
+ "create": 1,
"delete": 0,
"email": 1,
"permlevel": 0,
@@ -762,8 +762,8 @@
"read": 1,
"report": 1,
"role": "Accounts User",
- "submit": 0,
- "write": 0
+ "submit": 1,
+ "write": 1
},
{
"amend": 0,
diff --git a/erpnext/home/doctype/feed/feed.py b/erpnext/home/doctype/feed/feed.py
index 789ae15..80ef6df 100644
--- a/erpnext/home/doctype/feed/feed.py
+++ b/erpnext/home/doctype/feed/feed.py
@@ -16,9 +16,11 @@
frappe.db.sql("""alter table `tabFeed`
add index feed_doctype_docname_index(doc_type, doc_name)""")
-def get_permission_query_conditions():
- user_permissions = frappe.defaults.get_user_permissions()
- can_read = frappe.user.get_can_read()
+def get_permission_query_conditions(user):
+ if not user: user = frappe.session.user
+
+ user_permissions = frappe.defaults.get_user_permissions(user)
+ can_read = frappe.get_user(user).get_can_read()
can_read_doctypes = ['"{}"'.format(doctype) for doctype in
list(set(can_read) - set(user_permissions.keys()))]
diff --git a/erpnext/hooks.py b/erpnext/hooks.py
index 1a5b81d..8b147b0 100644
--- a/erpnext/hooks.py
+++ b/erpnext/hooks.py
@@ -28,10 +28,12 @@
permission_query_conditions = {
"Feed": "erpnext.home.doctype.feed.feed.get_permission_query_conditions",
+ "Note": "erpnext.utilities.doctype.note.note.get_permission_query_conditions"
}
has_permission = {
"Feed": "erpnext.home.doctype.feed.feed.has_permission",
+ "Note": "erpnext.utilities.doctype.note.note.has_permission"
}
diff --git a/erpnext/hr/doctype/leave_application/leave_application.py b/erpnext/hr/doctype/leave_application/leave_application.py
index 18c1e11..9ff02b2 100755
--- a/erpnext/hr/doctype/leave_application/leave_application.py
+++ b/erpnext/hr/doctype/leave_application/leave_application.py
@@ -209,7 +209,7 @@
def notify(self, args):
args = frappe._dict(args)
from frappe.core.page.messages.messages import post
- post({"txt": args.message, "contact": args.message_to, "subject": args.subject,
+ post(**{"txt": args.message, "contact": args.message_to, "subject": args.subject,
"notify": cint(self.follow_via_email)})
@frappe.whitelist()
diff --git a/erpnext/selling/doctype/quotation/quotation.js b/erpnext/selling/doctype/quotation/quotation.js
index fa63975..022e2e4 100644
--- a/erpnext/selling/doctype/quotation/quotation.js
+++ b/erpnext/selling/doctype/quotation/quotation.js
@@ -13,10 +13,6 @@
{% include 'utilities/doctype/sms_control/sms_control.js' %}
{% include 'accounts/doctype/sales_invoice/pos.js' %}
-frappe.ui.form.on("Quotation", "onload_post_render", function(frm) {
- frm.get_field("quotation_details").grid.set_multiple_add("item_code");
-});
-
erpnext.selling.QuotationController = erpnext.selling.SellingController.extend({
onload: function(doc, dt, dn) {
var me = this;
diff --git a/erpnext/utilities/doctype/note/note.py b/erpnext/utilities/doctype/note/note.py
index 280adf4..b546815 100644
--- a/erpnext/utilities/doctype/note/note.py
+++ b/erpnext/utilities/doctype/note/note.py
@@ -9,20 +9,34 @@
from frappe.model.document import Document
class Note(Document):
-
def autoname(self):
# replace forbidden characters
import re
self.name = re.sub("[%'\"#*?`]", "", self.title.strip())
- def onload(self):
- if not self.public and frappe.session.user != self.owner:
- if frappe.session.user not in [d.user for d in self.get("share_with")]:
- frappe.throw(_("Not permitted"), frappe.PermissionError)
+def get_permission_query_conditions(user):
+ if not user: user = frappe.session.user
- def validate(self):
- if not self.get("__islocal"):
- if frappe.session.user != self.owner:
- if frappe.session.user not in frappe.db.sql_list("""select user from `tabNote User`
- where parent=%s and permission='Edit'""", self.name):
- frappe.throw(_("Not permitted"), frappe.PermissionError)
+ if user == "Administrator":
+ return ""
+
+ return """(`tabNote`.public=1 or `tabNote`.owner="{user}" or exists (
+ select name from `tabNote User`
+ where `tabNote User`.parent=`tabNote`.name
+ and `tabNote User`.user="{user}"))""".format(user=user)
+
+def has_permission(doc, ptype, user):
+ if doc.public == 1 or user == "Administrator":
+ return True
+
+ if user == doc.owner:
+ return True
+
+ note_user_map = dict((d.user, d) for d in doc.get("share_with"))
+ if user in note_user_map:
+ if ptype == "read":
+ return True
+ elif note_user_map.get(user).permission == "Edit":
+ return True
+
+ return False
diff --git a/erpnext/utilities/doctype/note_user/note_user.json b/erpnext/utilities/doctype/note_user/note_user.json
index f72f1bd..e67a75c 100644
--- a/erpnext/utilities/doctype/note_user/note_user.json
+++ b/erpnext/utilities/doctype/note_user/note_user.json
@@ -1,5 +1,5 @@
{
- "creation": "2013-05-24 14:24:48.000000",
+ "creation": "2013-05-24 14:24:48",
"description": "List of users who can edit a particular Note",
"docstatus": 0,
"doctype": "DocType",
@@ -8,6 +8,7 @@
{
"fieldname": "user",
"fieldtype": "Link",
+ "ignore_user_permissions": 1,
"in_list_view": 1,
"label": "User",
"options": "User",
@@ -26,9 +27,10 @@
],
"idx": 1,
"istable": 1,
- "modified": "2013-12-20 19:23:23.000000",
+ "modified": "2014-06-04 02:33:27.466061",
"modified_by": "Administrator",
"module": "Utilities",
"name": "Note User",
- "owner": "Administrator"
+ "owner": "Administrator",
+ "permissions": []
}
\ No newline at end of file