Permissions based on "Assigned To"

Hello Everyone,

Does anyone know if there is a way to build user permission based on “Assigned To” instead of just owner?

In my scenario, I would like the Sales Manager to assign Leads, and only the sales users who have been assigned the Lead to be able to see that particular Lead (Or any other DocType).

I’ve read that ERPNext wasn’t built like that, but being an open source ERP, I was wondering if anyone could help me out with this?

Thanks a lot!

1 Like

Hi Tanuj,

you can add the query conditions for doctype according to user roles.
Please check

Thanks,
Makarand

1 Like

Hi @makarand_b,

Thanks so much for your reply!

This is what I’ve done, but it doesn’t seem to work:

Added under erpnext/erpnext/hooks.py :

permission_query_conditions = {
	"Contact": "erpnext.utilities.address_and_contact.get_permission_query_conditions_for_contact",
	"Address": "erpnext.utilities.address_and_contact.get_permission_query_conditions_for_address",
	"Lead": "erpnext.crm.doctype.lead.lead.get_permission_query_conditions_for_lead"
}

and the following under erpnext/crm/doctype/lead/lead.py

def get_permission_query_conditions_for_lead(user):
	if not user: user = frappe.session.user

	if "System Manager" in frappe.get_roles(user):
		return None
	else:
		return """(tabLead._assign = '{user}' or tabLead.owner = '{user}')"""\
			.format(user=frappe.db.escape(user))

Any help would be greatly appreciated!

Hi @Tanuj,

Please check the logged in user Role. If the System Manager role is assigned to the user then all the lead document will be displayed in the Lead List view.

Thanks,
Makarand

HI @makarand_b,

What I’m trying to accomplish is for users (any role except managers) to be unable to see the Document unless they are the owners, or the document is assigned to them.

Based on the examples provided by you, I tried the above script, but it didn’t work.

If you don’t mind could you point me in the right direction, so I can figure out what needs to be done?

Thank you so much for all your help!

HI @Tanuj ,

did you add _assign field in Lead Document ?. When you assign the document to user then system will create one ToDo Please check the below code it will only show the lead to Document Owner or Assigned to User. I have tested the same :smile:

def get_permission_query_conditions(user):
	if "System Manager" in frappe.get_roles(user):
		return None
	else:
		return """\
		 (tabLead.owner = '{user}' or tabLead.lead_owner = '{user}') 
		 or (tabLead.name in (select tabToDo.reference_name from tabToDo where
		 	(tabToDo.owner = '{user}' or tabToDo.assigned_by = '{user}') 
		 	and tabToDo.reference_type = 'Lead' and tabToDo.reference_name=tabLead.name))\
		 """.format(user=frappe.db.escape(user))

Thanks,
Makarand

Hi @makarand_b,

Thank you so much! The following is my final code:

def get_permission_query_conditions_for_lead(user):
    	if "System Manager" in frappe.get_roles(user):
    		return None
    	elif "Sales User" in frappe.get_roles(user):
    		return """(tabLead.owner = '{user}' or tabLead.lead_owner = '{user}') or (tabLead.name in (select tabLead.name from tabLead where (tabLead._assign = '["{user}"]' )))""".format(user=frappe.db.escape(user))

When I was using your code, the filter was perfect, but I was facing a problem when the assignment was removed. The ToDo doesn’t get deleted, therefore the user still had access to the document.

Thank you so much for all your help!