Guys, I’m really puzzled.
It seems that all the contacts in CRM | Contact are shared among all system users… This is not quite right, isn’t it?
Am I setting it wrong? I would like to have private contacts for each user. From the documentation Contact there is nothing useful for this situation.
And when I throw in Google Contacts sync to each user’s Google account, it seems pretty messy; is this even possible at all?
You could, for example, implement your own has_permission and evaluate the owner of the document.
@charleslcso I believe that you can achieve that by creating a custom plugin with the following hooks:
- Has permission hook
- Permission query hook
- Standard query hook
There are several things to consider such as when a user’s private contact is linked to a customer/supplier, displaying the information of that customer/supplier be anyone with permission, will reveal the name of that private contact…
It’s a good idea for a custom plugin which I might end up creating
Why would the original design be like this? No body wants private contacts?
Now it is v14, no one has already filled this gap and developed something that’s production ready?
Very very strange design decisions!
I’m glad we can discuss this. After reading the documentation, I think we do not need to write any code/plug-in.
The reason is that, Contacts can be thought of as Leave Application link here. May be we can just modify the Contact DocType, set it up according to the spec of Leave Application and that’s it?
@charleslcso The plugin can provide more features and more control over the contacts…
- Setting the user roles that can view, modify and remove users private contacts…
- Contact lists feature to help organize the contacts for each user, whether global lists or user specific lists…
- Hide private contacts from other users without permission, when private contacts are linked to other doctypes…
And many more…
Actually, I found the solution to making Contacts private. It’s all in ERPNext.
I thought I need to write code, but when I traced how the Contacts are grabbed and displayed, part of the code gave me hints on what to look at.
This is actually fairly straight forward.
- all Roles in ERPNext will be able to read all Contacts
- in Role Permissions Manager, select Contact in DocType; you will see what Roles are already there, having read access
- the key is to tick all “Only If Creator” in all existing Roles!
Actually, all pre-defined Roles might not suit us in real life, so we should:
- add a new Role, and set it properly (also tick “Only If Creator”)
Basically, this will enable you to have 2 kind of Users:
- see-all Contacts users
- see-own Contacts users
I’m trying to figure out how to reflect real organisations where there are multiple teams of users, and team lead should be able to see Contacts of his team members (while not other team’s), manager can see a number of teams, and etc.
@charleslcso I already thought about “Only If Creator” option but I was thinking about the possibility of having public and private contacts…
- Public contacts are visible to everyone
- Private contacts are visible to creator only
Also, I thought about giving specific roles permission to view all or some private contacts…
Moreover, if there is a contacts link field, the autocomplete values that appears should be restricted according to the permissions of the user…
Finally, displaying a doctype entry that has a contacts link field, if the field value is a private contact of another user then the field should be “Private Contact” instead of the actual value, if the user displaying doesn’t have permission to view that other user’s private contacts…
Frappe created the contact doctype based on the common need of others so such a complex contact doctype needs a lot of customization…
Totally agree. If we dig deep, that will be tons of cases to handle.
If I want to write some code to get Team Leads to also view Contacts from his team members, but not cross team…and no need to handle links, autocomplete, and the lot so that v0.1 can be released…
I can’t quite figure out which approach would be the simplest (not to mention whether it is possible or not)
- list filter
- reports_to field
- role permission
Role is mainly used to be able to control whether a DocType can be accessed or not. Team lead can of course access DocType Contact, but we need to handle whether some Contacts can be accessed… not fine grain enough? I guess I can use levels, but still, I don’t want to show anything at all.
I’m not sure how list filter can be used in this case.
I guess the most direct approach is to use reports_to. When user logs in and goes to app/contact, using the get_list() from org chart code, I can loop this everyone reporting to him, and hence be able to retrieve all relevant contacts.
When team member or any manger change reports_to, this code should still work.
What do you think?
@charleslcso The best way I can think of is as follows…
- Create a teams doctype that stores the team name, leader and the list of team members (child table doctype)
- Filter the contacts list view using the teams doctype
- For further control, in contact form do a check using the teams doctype to prevent unauthorized modification
For the list view filter, you can use the list view settings onload to determine whether the user is a leader or member…
You can also use this plugin of mine since it can help in filtering the list view…
Frappe Better List View
Thank you for sharing your idea and code.
I’ll take a deep look at it.