How user permission rules being applied to the applicable doctype?

mohamed_saif · March 30, 2020, 4:10pm

Hi, I’ve been looking for the logic behind “User permission” doctype . how these rules being applied to the applicable doctype?

let me explain …

for simple App : library management app , I have
four doctypes : book , library member , library membership .
and i have library member role.
by user permission doctype > users with library member role will be allowed to see their library membership only

my question is "how these restricted rules being applied ? where its source code exist , in any files ? "

surajshetty · March 31, 2020, 6:11am

@mohamed_saif
If you apply user permissions, only limited documents will be visible based on that. For example, if you apply a specific Employee (EMP1200) user permission, then the user will only be able to view documents related to that Employee. In this case, the system checks for the value of Employee link field in a document and only allows the document if the value of employee field is EMP1200.

For more info check: Documentation

Most of the permission related code are in the following files:

github.com

frappe/frappe/blob/develop/frappe/permissions.py

# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
# License: MIT. See LICENSE
import copy

import frappe
import frappe.share
from frappe import _, msgprint
from frappe.query_builder import DocType
from frappe.utils import cint, cstr

rights = (
	"select",
	"read",
	"write",
	"create",
	"delete",
	"submit",
	"cancel",
	"amend",
	"print",

This file has been truncated. show original

github.com

frappe/frappe/blob/develop/frappe/core/doctype/user_permission/user_permission.py#L59


      
          			overlap_exists = frappe.get_all(
          				self.doctype,
          				filters={"allow": self.allow, "user": self.user, "is_default": 1, "name": ["!=", self.name]},
          				or_filters={
          					"applicable_for": cstr(self.applicable_for),
          					"apply_to_all_doctypes": 1,
          				},
          				limit=1,
          			)
          		if overlap_exists:
          			ref_link = frappe.get_desk_link(self.doctype, overlap_exists[0].name)
          			frappe.throw(_("{0} has already assigned default value for {1}.").format(ref_link, self.allow))
          
          

          
@frappe.whitelist()
          def get_user_permissions(user=None):
          	"""Get all users permissions for the user as a dict of doctype"""
          	# if this is called from client-side,
          	# user can access only his/her user permissions
          	if frappe.request and frappe.local.form_dict.cmd == "get_user_permissions":
          		user = frappe.session.user