Proposal for User Group permissions on documents

joshr · October 22, 2022, 4:57pm

I’d like to shine some light on the following frappe github issue. It contains a proposal for adding the concept of group document permissions to frappe. A standard method for allowing User Groups to ‘own’ certain types of documents (ERPNext Issues is one of several examples) in order to facilitate team collaboration.

The User Group doctype already exists in frappe and it seems like it might have been intended for something like this. I’d like to know if anyone has any insight or feedback to offer on the matter.

github.com/frappe/frappe

Proposal - Group Ownership of Documents

opened 04:57PM - 22 Oct 22 UTC

joshuarestivo

feature-request

We have several pending use cases requiring the ability to set group-level permi…ssions on documents. For instance, we'd like to provide ERPNext Customers with the ability to access ERPNext Issues in the Customer Portal. All users associated with a given Customer should have access to their company's (Customer) Issues. Given the existing permissions architecture, this is not possible without hacking up individual doctypes, forms, etc. The solution that we're proposing is the creation of an 'user_groups' field to be inserted into all doctypes by frappe. This will be a Table-MultiSelect field holding zero or more User Group names. Role permissions would be extended to include a 'Members of Document Group' checkbox, similar to the existing 'Only if Creator' checkbox. Logic within Role Permission Manager would be updated to allow one global, one creator, and one group rule per doctype. Permissions would continue to be calculated using the most-permissive approach currently employed. With this, we can quietly lay the foundation for group ownership in frappe. The new field should be ignored by anything that isn't aware of it. The sidebar for document views will be updated to include: 1. A list of Groups to which a document belongs. 2. A Remove button next to each group. 3. An AddToGroup button that presents a selection of candidate groups Before beginning on implementation, we wanted to check in with the ERPNext team to see if anything like this has been considered or is currently in development? If not, aside from the published development guidelines, our team would appreciate any feedback or direction that might help us in eventually getting this introduced upstream upon completion. It's our belief that his functionality will be required in frappe and we'd like to avoid competing implementations.

Thanks in advance!