Skip to content

feat:added permissions to include sol id based access for employees #140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Suraiyya-786 merged 1 commit into from
May 21, 2026
Merged

feat:added permissions to include sol id based access for employees #140

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion audit_management/audit_management/doctype/my_audits/my_audits.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -567,6 +567,7 @@
"fieldtype": "Link",
"ignore_user_permissions": 1,
"in_list_view": 1,
"in_standard_filter": 1,
"label": "Branch",
"options": "Audit Level",
"reqd": 1,
Expand Down Expand Up @@ -1225,7 +1226,7 @@
],
"index_web_pages_for_search": 1,
"links": [],
"modified": "2026-05-21 11:55:14.043974",
"modified": "2026-05-21 16:14:47.484852",
"modified_by": "Administrator",
"module": "Audit Management",
"name": "My Audits",
Expand Down
32 changes: 32 additions & 0 deletions audit_management/audit_management/doctype/my_audits/my_audits.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -718,6 +718,16 @@ def send_daily_reminders():
# return doc_division in allowed_divisions


def get_user_allowed_sol_ids(user):
"""Fetches allowed SOL IDs from 'Report Preference' for a given user."""
# Get the SOL IDs from the child table 'Sol Items' of 'Report Preference'
# 'Report Preference' autoname is field:user, so we can fetch by name=user
sol_ids = frappe.db.get_all("Sol Items",
filters={"parent": user, "parenttype": "Report Preference"},
pluck="sol_id"
)
return sol_ids

def has_permission(doc, ptype, user=None):
if not user:
user = frappe.session.user
Expand All @@ -734,6 +744,14 @@ def has_permission(doc, ptype, user=None):
if getattr(doc, "status", None) == "Draft":
return doc.owner == user or is_audit_manager

# NEW: Sol ID Check (Report Preference)
allowed_sol_ids = get_user_allowed_sol_ids(user)
if allowed_sol_ids and doc.get("emp_branch"):
# Check if the doc's branch (Audit Level) links to an allowed Sahayog Branch (SOL ID)
branch_sol_id = frappe.db.get_value("Audit Level", doc.emp_branch, "sahayog_branch")
if branch_sol_id and str(branch_sol_id) in [str(s) for s in allowed_sol_ids]:
return True

# 2. Division Check (Essential for data sovereignty)
allowed_divisions = get_user_allowed_divisions(user)
doc_division = doc.get("emp_division")
Expand Down Expand Up @@ -785,6 +803,18 @@ def get_permission_query_conditions(user=None):
allowed_divisions = get_user_allowed_divisions(user)
divisions_sql = ", ".join(f"{frappe.db.escape(d)}" for d in allowed_divisions) if allowed_divisions else "'None'"

# NEW: Sol ID Condition
allowed_sol_ids = get_user_allowed_sol_ids(user)
sol_id_condition = "1=0"
if allowed_sol_ids:
sol_ids_str = ", ".join([frappe.db.escape(str(s)) for s in allowed_sol_ids])
sol_id_condition = f"""
`tabMy Audits`.emp_branch IN (
SELECT name FROM `tabAudit Level`
WHERE sahayog_branch IN ({sol_ids_str})
)
"""

is_audit_manager = "Audit Manager" in roles
is_audit_team = is_audit_manager or "Audit Member" in roles

Expand Down Expand Up @@ -818,6 +848,8 @@ def get_permission_query_conditions(user=None):
OR
(`tabMy Audits`.owner = '{user}' AND `tabMy Audits`.emp_division IN ({divisions_sql}))
OR
({sol_id_condition})
OR
(
`tabMy Audits`.status != 'Draft' AND (
({pending_condition})
Expand Down
Loading