Frappe User and Role Permissions create new record conflict

Frappe Framework
, , , ,
1

In Frappe I have created a custom app and in that app I have a doctype called: ‘Contract’.
I have a role named: ‘Contract Approver’ which has been assigned Read, Write, Create, Select and Delete Role Permissions to the Contract doctype.

I have created a user and assigned that user the role of ‘Contract Approver’, I have assigned this user some User Permissions for the ‘Contract’ doctype and so now the user is only able to have access to 3 records in the Contract doctype.

Now when I try and use this user to create a new record in the Contract doctype then I get the error ‘Insufficient Permission to Create’, even though the role assigned to this user has the ability to create new records into the Contract Doctype.

Can someone please help me solve this issue.

2

@Lavish-modali please remove user permission because it bypass role permissions

3

I can’t remove the User Permissions because without them all the contract records will be visible to every single user that has a role that can view the contract doctype, which is something that i want to avoid at all costs.

4

@Lavish-modali you can write permission query in server script doctype

5

I have actually never done that before and frankly I am not sure how to.
Can you please provide me with some pointers, I will be eternally grateful.

6

Hi,
I hope this may help

image
image1242×734 38.4 KB

1 Like
7

@thinkdigital
While this is a good approach there is a big flaw which is that the user can still access the records by adding the name (Primary Key) in the URL.

While I want them to not have access to some records by any means.

Anything within Frappe than can help me with that.

8

Hi @Lavish-modali:

As a trick … use client script for “reject” directly access.
Something like this:


frappe.ui.form.on('Contract', {
	refresh(frm) {
        if (!frappe.user.has_role("System Manager") {
            console.log("Get out!")
            frappe.set_route() // send to Mars
        }
	}
})

Permission mechanism can be intercepted with hooks too. Read this:
https://frappeframework.com/docs/user/en/python-api/hooks#document-hooks

Hope this helps.

2 Likes