From dee46c695435fe4224734806df01c555effe1663 Mon Sep 17 00:00:00 2001 From: Patrick Eissler <77415730+PatrickDEissler@users.noreply.github.com> Date: Fri, 14 Feb 2025 15:14:03 +0100 Subject: [PATCH 1/4] fix(Employee): remove User Permissions if create_user_permission is unchecked --- erpnext/setup/doctype/employee/employee.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/erpnext/setup/doctype/employee/employee.py b/erpnext/setup/doctype/employee/employee.py index 6b774025c01..418cc53f4ba 100755 --- a/erpnext/setup/doctype/employee/employee.py +++ b/erpnext/setup/doctype/employee/employee.py @@ -5,6 +5,7 @@ from frappe import _, scrub, throw from frappe.model.naming import set_name_by_naming_series from frappe.permissions import ( add_user_permission, + delete_user_permission, get_doc_permissions, has_permission, remove_user_permission, @@ -84,8 +85,6 @@ class Employee(NestedSet): self.reset_employee_emails_cache() def update_user_permissions(self): - if not self.create_user_permission: - return if not has_permission("User Permission", ptype="write", print_logs=False): return @@ -93,11 +92,12 @@ class Employee(NestedSet): "User Permission", {"allow": "Employee", "for_value": self.name, "user": self.user_id} ) - if employee_user_permission_exists: - return - - add_user_permission("Employee", self.name, self.user_id) - add_user_permission("Company", self.company, self.user_id) + if employee_user_permission_exists and not self.create_user_permission: + delete_user_permission("Employee", self.name, self.user_id) + delete_user_permission("Company", self.company, self.user_id) + elif not employee_user_permission_exists and self.create_user_permission: + add_user_permission("Employee", self.name, self.user_id) + add_user_permission("Company", self.company, self.user_id) def update_user(self): # add employee role if missing From 92f63a026b51e701791bcc613b93fe00881a71ac Mon Sep 17 00:00:00 2001 From: Patrick Eissler <77415730+PatrickDEissler@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:28:40 +0100 Subject: [PATCH 2/4] chore: use existing utility function --- erpnext/setup/doctype/employee/employee.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/erpnext/setup/doctype/employee/employee.py b/erpnext/setup/doctype/employee/employee.py index 418cc53f4ba..993bb977929 100755 --- a/erpnext/setup/doctype/employee/employee.py +++ b/erpnext/setup/doctype/employee/employee.py @@ -5,7 +5,6 @@ from frappe import _, scrub, throw from frappe.model.naming import set_name_by_naming_series from frappe.permissions import ( add_user_permission, - delete_user_permission, get_doc_permissions, has_permission, remove_user_permission, @@ -93,8 +92,8 @@ class Employee(NestedSet): ) if employee_user_permission_exists and not self.create_user_permission: - delete_user_permission("Employee", self.name, self.user_id) - delete_user_permission("Company", self.company, self.user_id) + remove_user_permission("Employee", self.name, self.user_id) + remove_user_permission("Company", self.company, self.user_id) elif not employee_user_permission_exists and self.create_user_permission: add_user_permission("Employee", self.name, self.user_id) add_user_permission("Company", self.company, self.user_id) From 85f46d6e32726a1c208280acb504e4a0d4efe64e Mon Sep 17 00:00:00 2001 From: Patrick Eissler <77415730+PatrickDEissler@users.noreply.github.com> Date: Mon, 24 Feb 2025 08:47:17 +0100 Subject: [PATCH 3/4] fix: only update User Permissions if a relevant field has changed --- erpnext/setup/doctype/employee/employee.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/erpnext/setup/doctype/employee/employee.py b/erpnext/setup/doctype/employee/employee.py index 993bb977929..6322da133ed 100755 --- a/erpnext/setup/doctype/employee/employee.py +++ b/erpnext/setup/doctype/employee/employee.py @@ -84,7 +84,10 @@ class Employee(NestedSet): self.reset_employee_emails_cache() def update_user_permissions(self): - if not has_permission("User Permission", ptype="write", print_logs=False): + if ( + not has_permission("User Permission", ptype="write", print_logs=False) + or (not self.has_value_changed("user_id") and not self.has_value_changed("create_user_permission")) + ): return employee_user_permission_exists = frappe.db.exists( From 3876cf0c2b3f7546fc3ceec0138a7ebcc179fa7f Mon Sep 17 00:00:00 2001 From: Patrick Eissler <77415730+PatrickDEissler@users.noreply.github.com> Date: Mon, 24 Feb 2025 08:51:36 +0100 Subject: [PATCH 4/4] refactor: make linter happy --- erpnext/setup/doctype/employee/employee.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/erpnext/setup/doctype/employee/employee.py b/erpnext/setup/doctype/employee/employee.py index 6322da133ed..75f40d380bc 100755 --- a/erpnext/setup/doctype/employee/employee.py +++ b/erpnext/setup/doctype/employee/employee.py @@ -84,9 +84,8 @@ class Employee(NestedSet): self.reset_employee_emails_cache() def update_user_permissions(self): - if ( - not has_permission("User Permission", ptype="write", print_logs=False) - or (not self.has_value_changed("user_id") and not self.has_value_changed("create_user_permission")) + if not has_permission("User Permission", ptype="write", print_logs=False) or ( + not self.has_value_changed("user_id") and not self.has_value_changed("create_user_permission") ): return