How can I limit who a User can Assign a document to?
Bump?
I don’t think there’s any way to do this out of the box. You’d have to implement a custom script.
Thanks.
Seems odd, to me, that allowing end users to Assign things to anyone they like is generally accepted.
the question is how to define which users can be assigned, technically filter out the allowed users to be assigned is not a big thing.
Thanks for the reply, but I don’t understand your point.
Assume I have 8 Users.
I want User 1 to only be able to Assign a
record to User 2, User 3 and/or User 4.
I want User 5 to only be able to Assign a record to User 6, User 7 and/or User 8.
How do I accomplish this?
You could do it either client-side or server-side (or even both). If done on client side, you could filter out inappropriate options from the “Assign To” link field. On the server side, you’d throw an exception after the user tried to make an inappropriate assignment.
Server-side
Create a server script on the before_insert event for the ToDo doctype.
if doc.assigned_by == "peterg@erpnext.com" and doc.allocated_to == "szufisher@erpnext.com":
frappe.throw("This assignment is not allowed")
Client-side
Create a new client script for whatever form you’re trying to limit assignment from:
frappe.ui.form.on('Web Page', {
refresh(frm) {
frappe.ui.form.AssignToDialog = class CustomAssignToDialog extends frappe.ui.form.AssignToDialog {
get_fields() {
const allowed_users = ["peterg@erpnext.com"]
var fields = super.get_fields();
fields[1].get_data = function(txt) {
return frappe.db.get_link_options("User", txt, {name: ["in", allowed_users], user_type: "System User", enabled: 1});
}
return fields;
}
};
}
})
Both approaches should work fine. Server-side is more secure if you’re concerned about people getting around the restriction maliciously.
Thanks! I’ll try both.
tested this client side script OK, two improvement ideas
-
instead of hard code , maintain the allowed assign to in a custom DocType with two fields: user, allowed assign to.
-
hook the script to a custom app and make it generic to any DocType.
Definitely; this is just a proof of concept. Anything that sets the allowed_users variable will work.
I wasn’t able to figure out how to do a set_query
call on the link field here like one does with doc forms, so I had to override the class. Do you know if set_query is possible in any way with the dialog api?
as far as I know not possible.