nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-05-27 08:54:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

[fresh install] [fix] replace allow roles with explicit has_permission checks for doctype py files

Browse Source
This commit is contained in:
Anand Doshi
2013-07-05 12:57:03 +05:30
parent 44935e4608
commit 901773a139
4 changed files with 23 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
utilities/doctype/rename_tool/rename_tool.py
View File

@@ -13,7 +13,7 @@ def get_doctypes():
return webnotes.conn.sql_list("""select name from tabDocType
where ifnull(allow_rename,0)=1 and module!='Core' order by name""")
@webnotes.whitelist(allow_roles=["System Manager"])
@webnotes.whitelist()
def upload(select_doctype=None, rows=None):
from webnotes.utils.datautils import read_csv_content_from_uploaded_file
from webnotes.modules import scrub
@@ -21,6 +21,9 @@ def upload(select_doctype=None, rows=None):
if not select_doctype:
select_doctype = webnotes.form_dict.select_doctype
if not webnotes.has_permission(select_doctype, "write"):
raise webnotes.PermissionError
if not rows:
rows = read_csv_content_from_uploaded_file()