I want to restrict access to the desk in Frappe with the preserving of the user permissions, I have tried the user type in the user doctype that works for me but if the user has no role, I want to give the user the roles to access the doctype via APIs but not via the desk, so how to implement this in Frappe.
Hi @dhiashalabi:
Create a new role, “API User”. Set it without “Desk access”. Then assign the role to the desired users.
Use permission manager to grant access, with proper rights (create, delete, etc …) to the desired doctypes.
Hope this helps.
Hi @avc:
I think this will not help because I have a lot of doctypes and each doctype has its roles, so I want it to be like the user can have the roles assigned and a way to manage the access to the desk.
Hi @dhiashalabi:
It works well for me … but obviously need to assign proper doctype permissions to the new “API user” role …
Anyway, other (dirty) way to get this is restricting user acces by time (User → Settings → Security settings). Configure “Login after” as 02 and “Login before” as 01 (don’t make sense, I know …). This “prevents” desk access but not API access …
Hope this helps.
In you API, check if the user has “API User” role.
If yes, then ignore all perm checks in the code followed?
This also did not work, the user still can access the desk, is there a way to edit or override the get_context function in the app.py file this is the only way that can help.
@avc
I think I found a way by using the auth_hooks in the hooks.py file so I can implement my logic.
Also, I can use the update_website_context hook, but what I face with these hooks is that for the first hook auth_hooks some APIs will not work because of the authentication checks, and for the second hook update_website_context reports like PDF will not work because I’m raising error if user has no access to desk and the reports will call the get_context and then will call the update_website_context hooks, so how to resolve these issues.
1 Like