Error on Leave Application

Hi guys, 

I encountered the following error but don't know how to resolve it:
Given:
- Got 2 User, User A and User B
- B is Leave Approver of A 
Steps to repro:
- Log in as User A
- Add New Leave Application, Select B as Leave Approver 
- The moment I change field to_date or press Save.  Error occurs: Not allowed to access User with Leave Approver = us...@gmail.com
The error seems to come from this line in leave_application.js:

return get_server_fields('get_total_leave_days', '', '', doc, dt, dn, 1);

Is there sth to do with User Permission ? 
How do I check for this cos actually in local version, it works fine but not in production. So I suspect could be something to do with data as well.

Thanks!!!



Note:

 

If you are posting an issue,

 

  1. ERPNext is a free and open source software and support is given on this forum by a team (https://frappe.io/webnotes). So please consider donating if you find this forum useful (https://frappe.io/buy). Even a small amount would be helpful.
  2. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  3. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  4. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.

     

    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.

    To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/948dfda2-48f8-4691-a09e-bd2bd88643db%40googlegroups.com.

    For more options, visit https://groups.google.com/d/optout.
Can you raise a GitHub Issue for this?

If you want to solve it,

Create a new whitelisted method for "get_total_leave_days"

and change "get_server_fields" to 

frappe.call({ ... 

best,
Rushabh

On 19-Sep-2014, at 8:31 am, Nguyen Do Le Bao <na...@gmail.com> wrote:

Hi guys, 

I encountered the following error but don't know how to resolve it:
Given:
- Got 2 User, User A and User B
- B is Leave Approver of A 
Steps to repro:
- Log in as User A
- Add New Leave Application, Select B as Leave Approver 
- The moment I change field to_date or press Save.  Error occurs: Not allowed to access User with Leave Approver = us...@gmail.com
The error seems to come from this line in leave_application.js:

return get_server_fields('get_total_leave_days', '', '', doc, dt, dn, 1);

Is there sth to do with User Permission ? 
How do I check for this cos actually in local version, it works fine but not in production. So I suspect could be something to do with data as well.

Thanks!!!



Note:

 

If you are posting an issue,

 

  1. ERPNext is a free and open source software and support is given on this forum by a team (https://frappe.io/webnotes). So please consider donating if you find this forum useful (https://frappe.io/buy). Even a small amount would be helpful.
  2. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  3. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  4. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.

     

    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.

    To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/948dfda2-48f8-4691-a09e-bd2bd88643db%40googlegroups.com.

    For more options, visit https://groups.google.com/d/optout.



Note:

 

If you are posting an issue,

 

  1. ERPNext is a free and open source software and support is given on this forum by a team (https://frappe.io/webnotes). So please consider donating if you find this forum useful (https://frappe.io/buy). Even a small amount would be helpful.
  2. We should be able to replicate it at our end. So please give us as much information as you can. Please see it from the point of view of the person receiving the communication.
  3. Paste your code at http://pastebin.com or http://gist.github.com and send only the URL via email
  4. For sending images, use http://imgur.com or other similar services. Do not send images as attachments. Links are good. Same goes for any file you are going to send.

     

    End of Note



    You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

    To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-developer-forum+un…@googlegroups.com.

    To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-developer-forum/F3FA9B08-AD0E-46A1-8384-603ECF13A969%40gmail.com.

    For more options, visit https://groups.google.com/d/optout.

Hi rmehta,

Will raise an issue soon ? I got what you mean by create a whitelist method and call it.

  1. But can you give me some example whereas the doc is pass as JSON.stringify and unpack on server (I cannot just pass the Doc’s name cos it’s local) ?
  2. I think it will be good if we make 2 functions get_total_leave_days and get_holidays static and call them within the LeaveApplication Class. Agree ?

Thanks

Agree! Functions that need to be called before the object is created should be outside.

is there a way to pass the whole doc using frappe.call ? The situation is that I have only the local doc, so passing just the name wont work.
Edit: Ok that was noob:
frappe.get_doc(json.loads(doc))

Hi rmehta,

Okay changing from get_server_fields to use whitelisted function fixed the problem when choosing the date. But still as long as I press Save, it will still show up
Not allowed to access User with Leave Approver = User B
while User B is Leave Approver of A …

Here is the full traceback:

Traceback (innermost last):
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/widgets/form/save.py", line 18, in savedocs
    doc.save()
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/model/document.py", line 169, in save
    self.insert()
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/model/document.py", line 129, in insert
    self.check_permission("create")
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/model/document.py", line 110, in check_permission
    self.raise_no_permission_to(permlabel or permtype)
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/model/document.py", line 118, in raise_no_permission_to
    raise frappe.PermissionError("No permission to {} {} {}".format(perm_type, self.doctype, self.name or ""))
 PermissionError: No permission to create Leave Application 
 frappe.min.js:310
Traceback (innermost last):
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/app.py", line 49, in application
    response = frappe.handler.handle()
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/handler.py", line 66, in handle
    execute_cmd(cmd)
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/handler.py", line 89, in execute_cmd
    ret = frappe.call(method, **frappe.form_dict)
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/__init__.py", line 529, in call
    return fn(*args, **newargs)
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/widgets/form/save.py", line 18, in savedocs
    doc.save()
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/model/document.py", line 169, in save
    self.insert()
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/model/document.py", line 129, in insert
    self.check_permission("create")
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/model/document.py", line 110, in check_permission
    self.raise_no_permission_to(permlabel or permtype)
  File "/home/erpnext/frappe-bench/apps/frappe/frappe/model/document.py", line 118, in raise_no_permission_to
    raise frappe.PermissionError("No permission to {} {} {}".format(perm_type, self.doctype, self.name or ""))
 PermissionError: No permission to create Leave Application

get_server_fields is evil and should be deprecated!

In code, you can use

doc.insert(ignore_permissions=True)

Okay still have 2 questions: :smile:

  1. How to pass ignore_permissions=True when saving with form (press ‘Save’ button) ? I passed using js as cur_frm.doc.ignore_permissions=true, is this correct ?
  2. Ok even after I passed that, it still cannot create a Leave Application, saying ‘No permission to create’. After tracing, it is because it failed the user_has_permission check. Care to explain a bit more on how it works (I didn’t add anything for User Permission on this doctype, and the User logged in is a normal Employee User) ?

Temporarily removed Apply User Permission in Leave Application solved my problem.
Should I fix it thoroughly by adding a User Permission for Leave Approver once they set in Employee :smiley: . Something along this:

On another subject, have added the PR to fix that get_server_field https://github.com/frappe/erpnext/pull/2379

1 Like

@nathan_dole thanks!

You can’t do ignore_permissions from client. That would defeat the purpose of permissions! You will have to write a whitelisted method to do it.

Hello Guys,
I’m still facing the same problem as listed here. I have been working on Erpnext V4 development for the company since last 3 months but i’m only well-versed with client side scripting and not much with PYTHON and Server side scripting.
Wanted to know whether this issue had been already solved or do we need to it by ourselves??
If to be done by ourselves, can you please ,detail out the procedure ?

P.S.: We have the self-hosted version4 using the virtual image install

Regards
Rajat
Vizexperts

Please post your latest issue on a new thread with the error trace.