New permission for wiki space #217
Conversation
| @@ -216,6 +216,23 @@ def calculate_toc_html(self, html): | |||
| def get_context(self, context): | |||
| self.verify_permission("read") | |||
| self.set_breadcrumbs(context) | |||
| ccc = frappe.db.sql(""" select user, allow, for_value,name from `tabUser Permission` where user=%s and allow='Wiki Space' """,(frappe.session.user)) | |||
There was a problem hiding this comment.
| ccc = frappe.db.sql(""" select user, allow, for_value,name from `tabUser Permission` where user=%s and allow='Wiki Space' """,(frappe.session.user)) | |
| ccc = frappe.db.get_value("User Permission", {"user": frappe.session.user, "allow": "Wiki Space"}, ["user", "allow", "for_value", "name"]) |
Try to use database api and query builder as much as possible instead of raw sql
Also use better variable names. ccc is very ambigous
There was a problem hiding this comment.
you have to rewrite it everywhere you're using frappe.db.sql
| @@ -216,6 +216,23 @@ def calculate_toc_html(self, html): | |||
| def get_context(self, context): | |||
| self.verify_permission("read") | |||
| self.set_breadcrumbs(context) | |||
| ccc = frappe.db.sql(""" select user, allow, for_value,name from `tabUser Permission` where user=%s and allow='Wiki Space' """,(frappe.session.user)) | |||
| print(self.name) | |||
There was a problem hiding this comment.
same thing for everywhere you've used print statements
|
Dear @BreadGenie Hopefully, my teammate has fixed all the requested issues. Could you please take a look? Is it good to merge like this, or should we open a new PR? Thank you |
|
@BreadGenie please do not forget to check our last commit. Thank you |
|
Dear @BreadGenie , we pushed a new code, hopefully everything is fixed now. Please take a look! 7b7dcfb |
|
Excited for this! |
|
Dear @BreadGenie can we help you somehow? I think we have done our part, unfortunately, we are not as good as you. Hopefully, our work gives you some idea and you have time finally to finish and merge this to the next release/update. thank you |
|
@monolithonadmin have you tried piping your change through an AI review? * There are a couple of (relatively) obvious code smells that the AI would certainly catch, probably increasing your chances of a merge. I've a pending review, but I didn't submit it because I felt like I was pointing out the too obvious things. So I thought, better leave that to an AI, but never said so. Also, it seems that some of the maintainers' comments have been left unattended ever since? Maybe it's a good moment to go back and revise and address them carefully so that @BreadGenie can potentially remove his merge block? In my experience, the onus of getting code merged is regularly on the proponent and the maintainers' requests seem quite reasonable to me. * if you havn't got a preferred solution yet: consider https://aider.chat with an Anthropic Claude Sonnet API key, 2USD of recharge should be largely enough to get this PR into shape. |
|
Dear @blaggacao thank you for your nice words and tips. Unfortunately, we cant do this anymore. We pushed till we can, I'm just hoping it's enough. |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
Hey @monolithonadmin took a look at the PR. It needs some more changes. If you aren't interested anymore I'll give it a shot after a while (no promises)
Note: We do appreciate your contribution. I didn't come back to this again since the last requested changes weren't made.
| if results: | ||
| match_found = False | ||
| for result in results: | ||
| wikiGroup = frappe.db.get_all("Wiki Group Item", {"parent": result['for_value']},["name","wiki_page"]) | ||
| if wikiGroup: | ||
| for wk in wikiGroup: | ||
| if wk['wiki_page'] == self.name: | ||
| match_found = True | ||
| break |
There was a problem hiding this comment.
This is too much nesting. Please fix it. You can refer https://gist.github.com/18alantom/d9f0565c0f42d6a71311d4a3093a1331#refactor-nested-blocks-as-functions to refactor this.
| @@ -283,6 +303,7 @@ def get_context(self, context): | |||
|
|
|||
| def get_items(self, sidebar_items): | |||
| topmost = frappe.get_value("Wiki Group Item", {"wiki_page": self.name}, ["parent"]) | |||
| wikiSpace = frappe.db.sql("""select name from `tabWiki Space`""") | |||
There was a problem hiding this comment.
Like I said please don't use raw sql unless absolutely necessary.
Also wouldn't this fetch all wiki spaces? Do we need it?
Also try to use snake case for variables. ie wiki_space.
| if check: | ||
| for c in check: | ||
| if c and c['for_value'] and c['for_value'] == sidebar_item.parent: | ||
| wiki_page = frappe.get_doc("Wiki Page", sidebar_item.wiki_page) | ||
| if sidebar_item.parent_label not in sidebar: | ||
| sidebar[sidebar_item.parent_label] = [ | ||
| { | ||
| "name": wiki_page.name, | ||
| "type": "Wiki Page", | ||
| "title": wiki_page.title, | ||
| "route": wiki_page.route, | ||
| "group_name": sidebar_item.parent_label, | ||
| } | ||
| ] | ||
| else: | ||
| sidebar[sidebar_item.parent_label] += [ | ||
| { | ||
| "name": wiki_page.name, | ||
| "type": "Wiki Page", | ||
| "title": wiki_page.title, | ||
| "route": wiki_page.route, | ||
| "group_name": sidebar_item.parent_label, | ||
| } | ||
| ] | ||
| else: | ||
| pass |
There was a problem hiding this comment.
Too much nesting and the variables aren't descriptive.
|
Hello! I’m interested in the feat |
|
Hi @BreadGenie & @monolithonadmin, I look forward to your review and the potential merge of this PR. |
|
Hello @BreadGenie and @monolithonadmin, In Commit ID 20d0e93, I added additional functionality to enhance permission handling in the WikiPage module of the Frappe Wiki app. During testing, I discovered some bugs and realized that administrators should have unrestricted access to all wiki pages without needing to go through permission checks. I've implemented this change along with the following updates:
Thank you!! |
Hello @BreadGenie, Can you please explain a bit more your thoughts that will help me to quickly implement this for wiki? Thank you!! |
We don't want the permission to be applied by default for every user (say for a fresh installation of Wiki). Once someone enables this feature via Wiki Settings then only it should apply the permissions IMO. Also I'm not sure about simply throwing an error if user doesn't have the necessary permission. Since the user might not see the error thrown and it might confuse them and they may think that something broke (take a look at what the user see if they don't have perms). This can be thought again later. |
|
Hello @BreadGenie @monolithonadmin, I am here with latest changes cab8d49 PR Title: PR Description:
|
| permitted = frappe.has_permission(self.doctype, permtype, self) | ||
| if permtype == "read" and self.allow_guest: | ||
| return True | ||
| permitted = frappe.has_permission(self.doctype, permtype, self) |
There was a problem hiding this comment.
This change may represent a potential performance regression for no obvious reason. has_permission is not the cheapest of methods to run on anonymous requests.
| if frappe.db.exists('Wiki Page Revision Item', {'wiki_page': self.name}): | ||
| frappe.db.delete('Wiki Page Revision Item', {'wiki_page': self.name}) |
There was a problem hiding this comment.
frappe.db.delete_if_exists(...)
There was a problem hiding this comment.
Hello @blaggacao, I am not getting you why are you trying to make it complex? I checked but i have not found delete_if_exists method in develop branch nor in version-15 branch.
Please correct me if I'm wrong!!
Thank you!!
There was a problem hiding this comment.
https://github.com/frappe/frappe/blob/develop/frappe%2F__init__.py#L1460
Sorry for the imprecise reference, here.
One db call is better than two.
| return frappe.get_doc("Wiki Page Revision", last_revision) | ||
| if frappe.db.exists('Wiki Page Revision', last_revision): | ||
| return frappe.get_doc("Wiki Page Revision", last_revision) |
There was a problem hiding this comment.
frappe.db.delete_if_exists(...)
There was a problem hiding this comment.
Hello @blaggacao, It looks like you have not analysed this code properly. I have added condition to return if exists as before it was throwing None not found error. I just handled this not deleting anything.
Thank you!!
There was a problem hiding this comment.
Yeah, sorry, ignore that 😄 As I said, it came from the phone.
If you want to be extra careful, in order to avoid two essentially unnecessary consecutive db calls, you could wrap it in a try except block.
|
Hello @BreadGenie, We look forward to hear from you. Thank you!! |
|
@Z4nzu Apologies for the imprecisions in my review. I mentioned, I was on the phone, trying to gain your candid reading 😄 I was mainly looking at it from a performance point of view (just in the diffs I saw), as this is public facing code. Granted, the overall impact might be minor or it might not have been obvious, but if we can avoid two consecutive database calls, why wouldn't we then? |
Hello, I understand your concern and I will fix it as soon as I can 😉. |
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
Based on your ideas and our needs, we have implemented the missing permission feature. @BreadGenie Please review it and indicate your acceptance. Thank you.
#60