Access list data when owner or docfield is the same as the user custom field

Frappe Framework App Development
, ,
1

Hello,

I am trying to set permissions on a custom doctype so that the one accessing those data is either

  • System Manager
  • Owner
  • or the receiver

the delivery doctype has a place field(link) and i have added a custom field to User doctype called place,
so that if the delivery place is the same as the user’s the user can access it even if they are not the owner or manager.

My code so far:

def get_permission_query_conditions(user):
	if not user: user = frappe.session.user

	if "System Manager" in frappe.get_roles(user):
		return None
	else:
		userget = frappe.get_doc("User", user)
		return """(tabDelivery.owner = '{user}' or tabDelivery.address_to = {userget.place})""" \
			.format(user=frappe.db.escape(user))

def has_permission(doc, user):
	if "System Manager" in frappe.get_roles(user):
		return True
	else:

		return doc.owner == user or doc.address_to == user.place

i tried this but i am getting this error:

File “/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/MySQLdb/connections.py”, line 50, in defaulterrorhandler
raise errorvalue
OperationalError: (1054, “Unknown column ‘userget.place’ in ‘where clause’”)

any help is welcome

2

Looks like you forgot to tell python what to put in the {userget.place} placeholder

3

I dont understand,
can you elaborate please?

thanks

4

This seems to be the problematic part

You should have something like this instead:

userget = frappe.get_doc("User", user)
return """(tabDelivery.owner = '{user}' or tabDelivery.address_to = '{place}')"""\
       .format(user=frappe.db.escape(user), place=userget.place)
5

Thanks,

this removes the error but unfortunately the other user(who is not the owner) cannot access it,

does it has to do with the second return of has_permission,

6 
def get_permission_query_conditions(user):
	if not user: user = frappe.session.user

	if "System Manager" in frappe.get_roles(user):
		return None
	else:
		userget = frappe.get_doc("User", user)
		return """(tabDelivery.owner = '{user}' or tabDelivery.address_to = '{place}')""" \
			.format(user=frappe.db.escape(user), place=userget.place)

The code so far

def has_permission(doc, user):
	if "System Manager" in frappe.get_roles(user):
		return True

	#elif doc.owner == user or doc.address_to == user.place:
	#	return True
	else:
	#	return False
		return doc.owner == user or doc.address_to == user.place
7

The solution:

def get_permission_query_conditions(user):
	if not user: user = frappe.session.user

	if "System Manager" in frappe.get_roles(user):
		return None
	else:
		userget = frappe.get_doc("User", user)

		return """(tabDelivery.owner = '{user}' or tabDelivery.address_to = '{place}')""" \
			.format(user=frappe.db.escape(user), place=userget.place)

def has_permission(doc, user):
	if "System Manager" in frappe.get_roles(user):
		return True

	#elif doc.owner == user or doc.address_to == user.place:
	#	return True
	else:
	#	return False
		userplace = frappe.get_doc("User", user)
		return doc.address_to == userplace.place or doc.owner == frappe.session.user