153 lines
3.8 KiB
Python
153 lines
3.8 KiB
Python
import frappe
|
|
|
|
@frappe.whitelist()
|
|
def get_user_roles():
|
|
"""Get roles for the current logged-in user - no permission check needed"""
|
|
user = frappe.session.user
|
|
|
|
if not user or user == "Guest":
|
|
return []
|
|
|
|
# Get roles using ignore_permissions
|
|
roles = frappe.get_roles(user)
|
|
|
|
return roles
|
|
|
|
|
|
@frappe.whitelist()
|
|
def get_user_info_with_roles():
|
|
"""Get current user info along with their roles"""
|
|
user = frappe.session.user
|
|
|
|
if not user or user == "Guest":
|
|
return {"user": None, "roles": []}
|
|
|
|
roles = frappe.get_roles(user)
|
|
|
|
return {
|
|
"user": user,
|
|
"roles": roles,
|
|
"full_name": frappe.db.get_value("User", user, "full_name")
|
|
}
|
|
|
|
|
|
@frappe.whitelist(allow_guest=False)
|
|
def check_has_role(roles):
|
|
"""Check if current user has any of the specified roles
|
|
|
|
Args:
|
|
roles: comma-separated string or list of role names
|
|
|
|
Returns:
|
|
dict with has_role (bool) and matching_roles (list)
|
|
"""
|
|
user = frappe.session.user
|
|
|
|
if not user or user == "Guest":
|
|
return {"has_role": False, "matching_roles": [], "user_roles": []}
|
|
|
|
# Handle both string and list input
|
|
if isinstance(roles, str):
|
|
check_roles = [r.strip() for r in roles.split(",")]
|
|
else:
|
|
check_roles = roles
|
|
|
|
user_roles = frappe.get_roles(user)
|
|
matching_roles = [r for r in check_roles if r in user_roles]
|
|
|
|
return {
|
|
"has_role": len(matching_roles) > 0,
|
|
"matching_roles": matching_roles,
|
|
"user_roles": user_roles
|
|
}
|
|
|
|
@frappe.whitelist()
|
|
def get_users_with_role(role):
|
|
"""
|
|
Get all enabled users who have a specific role
|
|
|
|
Args:
|
|
role: Role name (e.g., 'Technician')
|
|
|
|
Returns:
|
|
List of users with name and full_name
|
|
"""
|
|
if not role:
|
|
return []
|
|
|
|
# Get all users who have this role from Has Role child table
|
|
users_with_role = frappe.get_all(
|
|
"Has Role",
|
|
filters={
|
|
"role": role,
|
|
"parenttype": "User"
|
|
},
|
|
fields=["parent"],
|
|
distinct=True
|
|
)
|
|
|
|
if not users_with_role:
|
|
return []
|
|
|
|
user_names = [u.parent for u in users_with_role]
|
|
|
|
# Get user details for enabled users only
|
|
user_details = frappe.get_all(
|
|
"User",
|
|
filters={
|
|
"name": ["in", user_names],
|
|
"enabled": 1
|
|
},
|
|
fields=["name", "full_name"],
|
|
order_by="full_name asc"
|
|
)
|
|
|
|
return user_details
|
|
|
|
@frappe.whitelist()
|
|
def has_create_permission(doctype):
|
|
"""
|
|
Check if current user has create permission for a doctype
|
|
Uses ignore_permissions to query Custom DocPerm
|
|
"""
|
|
user = frappe.session.user
|
|
|
|
if not user or user == "Guest":
|
|
return {"has_permission": False, "reason": "Not logged in"}
|
|
|
|
# Get user's roles
|
|
user_roles = frappe.get_roles(user)
|
|
|
|
# System Manager and Administrator always have permission
|
|
if "System Manager" in user_roles or "Administrator" in user_roles:
|
|
return {
|
|
"has_permission": True,
|
|
"reason": "System Manager/Administrator",
|
|
"role": "System Manager"
|
|
}
|
|
|
|
# Check Custom DocPerm with ignore_permissions=True
|
|
custom_perms = frappe.get_all(
|
|
"Custom DocPerm",
|
|
filters={
|
|
"parent": doctype,
|
|
"role": ["in", user_roles],
|
|
"create": 1
|
|
},
|
|
fields=["name", "role"],
|
|
ignore_permissions=True, # ← This is the key!
|
|
limit=1
|
|
)
|
|
|
|
if custom_perms and len(custom_perms) > 0:
|
|
return {
|
|
"has_permission": True,
|
|
"reason": "Custom DocPerm",
|
|
"role": custom_perms[0].get("role")
|
|
}
|
|
|
|
return {
|
|
"has_permission": False,
|
|
"reason": "No create permission found in Custom DocPerm"
|
|
}
|