How to hide documents from listview based on user

nilpatel42 · September 1, 2024, 8:45am

I have custom doctype which has one field which owner, i want hide that documents from other than administrator and owner of that document,

So how to hide document in listview based on custom condition, anyone have example script ?

Jeel · September 1, 2024, 8:58am

@nilpatel42 try this server script

nilpatel42 · September 1, 2024, 9:06am

Thank You @Jeel,

Successfully Working

avc · September 1, 2024, 9:18am

Hi @nilpatel42:

Adding to @Jeel answer … Server script permission query just works for listview. Note that users can access to the document directly using url

https://yoursite.localhost/app/task/TASK-2024-91408

As a trick … use client script for “reject” directly access.
Something like this:

frappe.ui.form.on('Task', {
	refresh(frm) {
        user = frappe.session.user
        if ( user != "Administrator" || user = doc.owner) {
            console.log("Get out!")
            frappe.set_route() // send to Venus
        }
	}
})

Best solution, anyway, is using hooks to intercept permission mechanism. Read this:

[Hooks ]

Hope this helps.

nilpatel42 · September 1, 2024, 9:48am

Child table field (authorized_users_list) which child table have one field “user”, Which have permission to view documents
It’s Working

user = frappe.session.user
if user != 'Administrator':
    conditions_list = []

    sault_docs = frappe.get_all('Sault', fields=['name'])

    for doc in sault_docs:
        sault_doc = frappe.get_doc('Sault', doc.name)
        
        owner = sault_doc.owner

        authorized_users = [entry.user for entry in sault_doc.get('authorized_users_list', [])]

        if user == owner or user in authorized_users:
            conditions_list.append(f"name = '{doc.name}'")

    if not conditions_list:
        conditions = "1=2" 
    else:
        conditions = ' OR '.join(conditions_list)
else:
    conditions = ""

and for Client Script

frappe.ui.form.on('Sault', {
    refresh(frm) {
        const user = frappe.session.user;
        const isAuthorizedUser = frm.doc.authorized_users_list && frm.doc.authorized_users_list.some(userEntry => userEntry.user === user);
        
        if (user !== "Administrator" && user !== frm.doc.owner && !isAuthorizedUser) {
            frappe.set_route('List', 'Sault');
        }
    }
});

Thanks to @Jeel & @avc