We came up with this extension. It is used with custom frappe framework apps. It is not currently used with ERPNext. It should work.
Home page: https://frappe-manual-castlecraft-b249c70d8b6d99bd095c0ef03e4a3115a94f5.gitlab.io/
3 Likes
revant_one Seems great.
Is it publicly available?
Repositories are mentioned in there.
- https://gitlab.com/castlecraft/frappe_utils (specific to permissions)
- castlecraft / Dev Utils ¡ GitLab (utilities installed on âpre-devâ server where functional consultants and developers collaborate)
- GitHub - castlecraft/cfe: Castlecraft Extensions for Frappe Framework based Resource Servers (accept third party OAuth2 token)
- castlecraft / Master Manager ¡ GitLab (synced masters in mongodb)
- GitHub - castlecraft/custom_containers (ci/cd and develops related)
6 Likes
@revant_one Thanks
I found interesting stuff, but it is not readable as the CSS is not working correctly, so the content is not readable , please look into to fix
Youâre visiting pages that are moved.
Access it from here https://frappe-manual-castlecraft-b249c70d8b6d99bd095c0ef03e4a3115a94f5.gitlab.io
5 Likes
@revant_one, Probably Iâll never be able to learn 3%, but ⌠thanks for sharing your treasure vault.
2 Likes
I had the similar case, but here looking for workaround.
I unchecked the field Hide Descendants
And then by using the code in from hrms.hr.utils import share_doc_with_approver have shared the entries with other users.
The only benefits I had was majority cases we needed to hide the entries from the manager or approvers, so using the solution was possible.
None can defend possible leaks in the roles and permissions of ERPNext unfortunately. If youâre willing to spend ages, you can control sensitive data acces⌠That is generally only salary data.
Shame when you have such a powerful tool for Salary Calculations.
this was indeed an interesting read actually
Oh, so I am not alone⌠I hope this will still get priority in the next versions of ERPNext. I am currently re-creating the employee so that it wonât view other employee data. I donât know why, but this âcreate user permissionâ works on some of the employee but not all.
Just a thought , Iâm though new for Frappe.
User permission become subtractive, only because there is role permission manager.
If by default, Employee is not given read access to salary slips by role permission manager, but only given user permission.
How will system behave?
Meaning the precedence,
If there is no role permission, will Employee not able to access salary slip even if it is handled in User permissions?
Edit: I checked, it does have role permission precedence over user permission.
A possible fix: Have fields such as read, write, print, etc in User permission as well. That are fine grained and which are applied through User permission and not Role Permission Manager.
So Doctype permission are tied to user permission and once user permissions are removed, doctype permissions are also removed.
Or another possible fix:
If user has permission (type of permission defined) to a document, skip doctype validations.
1 Like