In Frappe/ERPNext List View, the Export option appears under the Actions menu even when the user does not have Export permission for that DocType.
From reviewing the source code, the Export action is added in get_actions_menu_items() without checking user permissions:
actions_menu_items.push(bulk_export());
Because of this:
-
The Export option is always visible in the UI.
-
Permission validation occurs only on the server when the export action is executed.
-
The Export dialog still opens, which exposes all field names of the DocType to the user.
This creates a few concerns:
-
The UI suggests that the user can export data even though they are not authorized.
-
The export dialog exposes field metadata (field names) even when the user cannot perform the export.
-
Ideally, the Export option should not appear if the user lacks Export permission, similar to how other actions depend on permissions.
Questions
-
Is this behavior intentional in Frappe?
-
Should the Export option be hidden when the user does not have Export permission?
-
Is there a recommended way to control this behavior without overriding core JS?
Suggestion
It might be better if:
-
The Export option is conditionally added based on Export permission, or
-
A field-level export control is introduced so only allowed fields appear in the export dialog.
If this is not the intended behavior, I would like to request that this be considered for improvement in upcoming versions.
Any clarification or recommended approach would be appreciated.