From a5001196b398f57ec7d162315bcf818108495494 Mon Sep 17 00:00:00 2001 From: Suraiyya Sutriya Date: Thu, 21 May 2026 16:18:30 +0530 Subject: [PATCH] feat:added permissions to include sol id based access for employees --- .../doctype/my_audits/my_audits.json | 3 +- .../doctype/my_audits/my_audits.py | 32 +++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/audit_management/audit_management/doctype/my_audits/my_audits.json b/audit_management/audit_management/doctype/my_audits/my_audits.json index 678511d..783183e 100644 --- a/audit_management/audit_management/doctype/my_audits/my_audits.json +++ b/audit_management/audit_management/doctype/my_audits/my_audits.json @@ -567,6 +567,7 @@ "fieldtype": "Link", "ignore_user_permissions": 1, "in_list_view": 1, + "in_standard_filter": 1, "label": "Branch", "options": "Audit Level", "reqd": 1, @@ -1225,7 +1226,7 @@ ], "index_web_pages_for_search": 1, "links": [], - "modified": "2026-05-21 11:55:14.043974", + "modified": "2026-05-21 16:14:47.484852", "modified_by": "Administrator", "module": "Audit Management", "name": "My Audits", diff --git a/audit_management/audit_management/doctype/my_audits/my_audits.py b/audit_management/audit_management/doctype/my_audits/my_audits.py index e26fdbb..77e13b3 100755 --- a/audit_management/audit_management/doctype/my_audits/my_audits.py +++ b/audit_management/audit_management/doctype/my_audits/my_audits.py @@ -718,6 +718,16 @@ def send_daily_reminders(): # return doc_division in allowed_divisions +def get_user_allowed_sol_ids(user): + """Fetches allowed SOL IDs from 'Report Preference' for a given user.""" + # Get the SOL IDs from the child table 'Sol Items' of 'Report Preference' + # 'Report Preference' autoname is field:user, so we can fetch by name=user + sol_ids = frappe.db.get_all("Sol Items", + filters={"parent": user, "parenttype": "Report Preference"}, + pluck="sol_id" + ) + return sol_ids + def has_permission(doc, ptype, user=None): if not user: user = frappe.session.user @@ -734,6 +744,14 @@ def has_permission(doc, ptype, user=None): if getattr(doc, "status", None) == "Draft": return doc.owner == user or is_audit_manager + # NEW: Sol ID Check (Report Preference) + allowed_sol_ids = get_user_allowed_sol_ids(user) + if allowed_sol_ids and doc.get("emp_branch"): + # Check if the doc's branch (Audit Level) links to an allowed Sahayog Branch (SOL ID) + branch_sol_id = frappe.db.get_value("Audit Level", doc.emp_branch, "sahayog_branch") + if branch_sol_id and str(branch_sol_id) in [str(s) for s in allowed_sol_ids]: + return True + # 2. Division Check (Essential for data sovereignty) allowed_divisions = get_user_allowed_divisions(user) doc_division = doc.get("emp_division") @@ -785,6 +803,18 @@ def get_permission_query_conditions(user=None): allowed_divisions = get_user_allowed_divisions(user) divisions_sql = ", ".join(f"{frappe.db.escape(d)}" for d in allowed_divisions) if allowed_divisions else "'None'" + # NEW: Sol ID Condition + allowed_sol_ids = get_user_allowed_sol_ids(user) + sol_id_condition = "1=0" + if allowed_sol_ids: + sol_ids_str = ", ".join([frappe.db.escape(str(s)) for s in allowed_sol_ids]) + sol_id_condition = f""" + `tabMy Audits`.emp_branch IN ( + SELECT name FROM `tabAudit Level` + WHERE sahayog_branch IN ({sol_ids_str}) + ) + """ + is_audit_manager = "Audit Manager" in roles is_audit_team = is_audit_manager or "Audit Member" in roles @@ -818,6 +848,8 @@ def get_permission_query_conditions(user=None): OR (`tabMy Audits`.owner = '{user}' AND `tabMy Audits`.emp_division IN ({divisions_sql})) OR + ({sol_id_condition}) + OR ( `tabMy Audits`.status != 'Draft' AND ( ({pending_condition})