Ignore User Permission via Custom Script

Is there any sytnax that I can use in frappe call or some way so that I can ignore user permission on custom script level.

Any help / suggestions ?

Opening ignore_permissions to client side (js) would be serious risk. So I don’t think it will ever be supported. You can create a whitelisted function in py that uses the flag and call that instead.

2 Likes

Hi @vijaywm,

I’m not a developer so please bear with my question below.
Isn’t create whitelisted function (on server side) and call it from the client side is having the same vulnerability?

Thank you

Yes. but it is explicit, i.e. there is control on the server side as to which method uses ignore_permissions… and then method could have some custom logic for checking… javascript being more insecure, should not be allowed to switch permissions on/off (without the server side code explicitly allowing it)