fix(PWA): make fields readOnly based on permlevel

frappe · Jun 12, 2024 · 7147fbf · 7147fbf
1 parent 944a824
commit 7147fbf
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 6 deletions.
diff --git a/frontend/src/components/FormView.vue b/frontend/src/components/FormView.vue
@@ -100,7 +100,7 @@
 									:options="field.options"
 									:linkFilters="field.linkFilters"
 									:documentList="field.documentList"
-									:readOnly="Boolean(field.read_only) || isFormReadOnly"
+									:readOnly="isFieldReadOnly(field)"
 									:reqd="Boolean(field.reqd)"
 									:hidden="Boolean(field.hidden)"
 									:errorMessage="field.error_message"
@@ -141,7 +141,7 @@
 						:options="field.options"
 						:linkFilters="field.linkFilters"
 						:documentList="field.documentList"
-						:readOnly="Boolean(field.read_only) || isFormReadOnly"
+						:readOnly="isFieldReadOnly(field)"
 						:reqd="Boolean(field.reqd)"
 						:hidden="Boolean(field.hidden)"
 						:errorMessage="field.error_message"
@@ -586,6 +586,12 @@ const documentResource = createDocumentResource({
 
 const docPermissions = createResource({
 	url: "frappe.client.get_doc_permissions",
+	params: { doctype: props.doctype, docname: props.id },
+})
+
+const permittedWriteFields = createResource({
+	url: "hrms.api.get_permitted_fields_for_write",
+	params: { doctype: props.doctype },
 })
 
 const formButton = computed(() => {
@@ -610,6 +616,14 @@ function hasPermission(action) {
 	return docPermissions.data?.permissions[action]
 }
 
+function isFieldReadOnly(field) {
+	return (
+		Boolean(field.read_only)
+		|| isFormReadOnly.value
+		|| (props.id && !permittedWriteFields.data?.includes(field.fieldname))
+	)
+}
+
 function handleDocInsert() {
 	if (!validateMandatoryFields()) return
 	docList.insert.submit(formModel.value)
@@ -736,7 +750,8 @@ onMounted(async () => {
 	if (props.id) {
 		await documentResource.get.promise
 		formModel.value = { ...documentResource.doc }
-		await docPermissions.fetch({ doctype: props.doctype, docname: props.id })
+		await docPermissions.reload()
+		await permittedWriteFields.reload()
 		await attachedFiles.reload()
 		await setFormattedCurrency()
 

diff --git a/frontend/src/composables/workflow.js b/frontend/src/composables/workflow.js
@@ -7,9 +7,6 @@ export default function useWorkflow(doctype) {
 		url: "hrms.api.get_workflow",
 		params: { doctype: doctype },
 		cache: ["hrms:workflow", doctype],
-		onSuccess: (data) => {
-			console.log("Workflow loaded successfully ✅", data)
-		},
 	})
 	workflowDoc.reload()
 

diff --git a/hrms/api/__init__.py b/hrms/api/__init__.py
@@ -1,5 +1,6 @@
 import frappe
 from frappe import _
+from frappe.model import get_permitted_fields
 from frappe.model.workflow import get_workflow_name
 from frappe.query_builder import Order
 from frappe.utils import getdate, strip_html
@@ -641,3 +642,9 @@ def get_workflow_state_field(doctype: str) -> str | None:
 def get_allowed_states_for_workflow(workflow: dict, user_id: str) -> list[str]:
 	user_roles = frappe.get_roles(user_id)
 	return [transition.state for transition in workflow.transitions if transition.allowed in user_roles]
+
+
+# Permissions
+@frappe.whitelist()
+def get_permitted_fields_for_write(doctype: str) -> list[str]:
+	return get_permitted_fields(doctype, permission_type="write")