Hi everyone,
I’m currently working on a use case where the standard Role-based permission system in ERPNext isn’t flexible enough.
In many scenarios, we need to grant users access to a document only if they are directly involved — for example, through a linked Task, Assignment, or a specific field in the document (like assigned_to
or department).
Some examples:
- A user should be able to edit a Project only if they have a Task assigned that’s linked to that Project.
- A document should be visible or editable only if the user is listed in a specific field (e.g.,
assigned_user
orresponsible_person
). - Permissions need to be automatically granted based on real-time relationships, not just static Role and User Permission settings.
I understand that has_permission
and get_permission_query_conditions
can be customized, but I’d like to know:
- What’s the best way to structure such dynamic, context-aware permissions in a maintainable way?
- Are there any existing patterns, examples, or apps that already implement this kind of logic?
- Any caveats or best practices from those who have done something similar?
Appreciate any guidance, examples, or ideas from the community.