fix: respect field "ignore_user_permissions" property in employee query
(cherry picked from commit 91d7bc55be)
This commit is contained in:
ljain112
@@ -8,9 +8,10 @@ from collections import OrderedDict, defaultdict
|
||||
import frappe
|
||||
from frappe import qb, scrub
|
||||
from frappe.desk.reportview import get_filters_cond, get_match_cond
|
||||
from frappe.permissions import has_permission
|
||||
from frappe.query_builder import Criterion, CustomFunction
|
||||
from frappe.query_builder.functions import Concat, Locate, Sum
|
||||
from frappe.utils import nowdate, today, unique
|
||||
from frappe.utils import cint, nowdate, today, unique
|
||||
from pypika import Order
|
||||
|
||||
import erpnext
|
||||
@@ -20,10 +21,28 @@ from erpnext.stock.get_item_details import _get_item_tax_template
|
||||
# searches for active employees
|
||||
@frappe.whitelist()
|
||||
@frappe.validate_and_sanitize_search_inputs
|
||||
def employee_query(doctype, txt, searchfield, start, page_len, filters):
|
||||
def employee_query(
|
||||
doctype,
|
||||
txt,
|
||||
searchfield,
|
||||
start,
|
||||
page_len,
|
||||
filters,
|
||||
reference_doctype: str | None = None,
|
||||
ignore_user_permissions: bool = False,
|
||||
):
|
||||
doctype = "Employee"
|
||||
conditions = []
|
||||
fields = get_fields(doctype, ["name", "employee_name"])
|
||||
ignore_permissions = False
|
||||
|
||||
if reference_doctype and ignore_user_permissions:
|
||||
ignore_permissions = has_ignored_field(reference_doctype, doctype) and has_permission(
|
||||
doctype,
|
||||
ptype="select" if frappe.only_has_select_perm(doctype) else "read",
|
||||
)
|
||||
|
||||
mcond = "" if ignore_permissions else get_match_cond(doctype)
|
||||
|
||||
return frappe.db.sql(
|
||||
"""select {fields} from `tabEmployee`
|
||||
@@ -42,13 +61,32 @@ def employee_query(doctype, txt, searchfield, start, page_len, filters):
|
||||
"fields": ", ".join(fields),
|
||||
"key": searchfield,
|
||||
"fcond": get_filters_cond(doctype, filters, conditions),
|
||||
"mcond": get_match_cond(doctype),
|
||||
"mcond": mcond,
|
||||
}
|
||||
),
|
||||
{"txt": "%%%s%%" % txt, "_txt": txt.replace("%", ""), "start": start, "page_len": page_len},
|
||||
)
|
||||
|
||||
|
||||
def has_ignored_field(reference_doctype, doctype):
|
||||
meta = frappe.get_meta(reference_doctype)
|
||||
for field in meta.fields:
|
||||
if not field.ignore_user_permissions:
|
||||
continue
|
||||
if field.fieldtype == "Link" and field.options == doctype:
|
||||
return True
|
||||
elif field.fieldtype == "Dynamic Link":
|
||||
options = meta.get_link_doctype(field.fieldname)
|
||||
if not options:
|
||||
continue
|
||||
if isinstance(options, str):
|
||||
options = options.split("\n")
|
||||
if doctype in options or "Doctype" in options:
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
|
||||
# searches for leads which are not converted
|
||||
@frappe.whitelist()
|
||||
@frappe.validate_and_sanitize_search_inputs
|
||||
|
||||
Reference in New Issue
Block a user