frappe · ruchamahabal · Jun 12, 2024 · Jun 12, 2024 · Jun 12, 2024 · Jun 12, 2024
@@ -100,7 +100,7 @@
 									:options="field.options"
 									:linkFilters="field.linkFilters"
 									:documentList="field.documentList"
-									:readOnly="Boolean(field.read_only) || isFormReadOnly"
+									:readOnly="isFieldReadOnly(field)"
 									:reqd="Boolean(field.reqd)"
 									:hidden="Boolean(field.hidden)"
 									:errorMessage="field.error_message"
@@ -141,7 +141,7 @@
 						:options="field.options"
 						:linkFilters="field.linkFilters"
 						:documentList="field.documentList"
-						:readOnly="Boolean(field.read_only) || isFormReadOnly"
+						:readOnly="isFieldReadOnly(field)"
 						:reqd="Boolean(field.reqd)"
 						:hidden="Boolean(field.hidden)"
 						:errorMessage="field.error_message"
@@ -586,6 +586,12 @@ const documentResource = createDocumentResource({
 
 const docPermissions = createResource({
 	url: "frappe.client.get_doc_permissions",
+	params: { doctype: props.doctype, docname: props.id },
+})
+
+const permittedWriteFields = createResource({
+	url: "hrms.api.get_permitted_fields_for_write",
+	params: { doctype: props.doctype },
 })
 
 const formButton = computed(() => {
@@ -610,6 +616,14 @@ function hasPermission(action) {
 	return docPermissions.data?.permissions[action]
 }
 
+function isFieldReadOnly(field) {
+	return (
+		Boolean(field.read_only)
+		|| isFormReadOnly.value
+		|| (props.id && !permittedWriteFields.data?.includes(field.fieldname))
+	)
+}
+
 function handleDocInsert() {
 	if (!validateMandatoryFields()) return
 	docList.insert.submit(formModel.value)
@@ -736,7 +750,8 @@ onMounted(async () => {
 	if (props.id) {
 		await documentResource.get.promise
 		formModel.value = { ...documentResource.doc }
-		await docPermissions.fetch({ doctype: props.doctype, docname: props.id })
+		await docPermissions.reload()
+		await permittedWriteFields.reload()
 		await attachedFiles.reload()
 		await setFormattedCurrency()
 

@@ -80,7 +80,7 @@
 		/>
 
 		<div
-			v-else-if="['Open', 'Draft'].includes(document?.doc?.[approvalField])"
+			v-else-if="['Open', 'Draft'].includes(document?.doc?.[approvalField]) && hasPermission('approval')"
 			class="flex w-full flex-row items-center justify-between gap-3 sticky bottom-0 border-t z-[100] p-4"
 		>
 			<Button
@@ -111,7 +111,8 @@
 		<div
 			v-else-if="
 				document?.doc?.docstatus === 0 &&
-				['Approved', 'Rejected'].includes(document?.doc?.[approvalField])
+				['Approved', 'Rejected'].includes(document?.doc?.[approvalField]) &&
+				hasPermission('submit')
 			"
 			class="flex w-full flex-row items-center justify-between gap-3 sticky bottom-0 border-t z-[100] p-4"
 		>
@@ -125,7 +126,7 @@
 		</div>
 
 		<div
-			v-else-if="document?.doc?.docstatus === 1"
+			v-else-if="document?.doc?.docstatus === 1 && hasPermission('cancel')"
 			class="flex w-full flex-row items-center justify-between gap-3 sticky bottom-0 border-t z-[100] p-4"
 		>
 			<Button
@@ -210,6 +211,24 @@ const attachedFiles = createResource({
 	},
 })
 
+const docPermissions = createResource({
+	url: "frappe.client.get_doc_permissions",
+	params: { doctype: props.modelValue.doctype, docname: props.modelValue.name },
+	auto: true,
+})
+
+const permittedWriteFields = createResource({
+	url: "hrms.api.get_permitted_fields_for_write",
+	params: { doctype: props.modelValue.doctype },
+	auto: true,
+})
+
+function hasPermission(action) {
+	if (action === "approval")
+		return permittedWriteFields.data?.includes(approvalField.value)
+	return docPermissions.data?.permissions[action]
+}
+
 const currency = computed(() => {
 	let docCurrency = document?.doc?.currency
 

@@ -7,9 +7,6 @@ export default function useWorkflow(doctype) {
 		url: "hrms.api.get_workflow",
 		params: { doctype: doctype },
 		cache: ["hrms:workflow", doctype],
-		onSuccess: (data) => {
-			console.log("Workflow loaded successfully ✅", data)
-		},
 	})
 	workflowDoc.reload()
 

@@ -214,6 +214,7 @@ function getFilteredFields(fields) {
 		"is_paid",
 		"mode_of_payment",
 		"clearance_date",
+		"approval_status",
 	]
 
 	if (!props.id) excludeFields.push(...extraFields)

@@ -1,5 +1,6 @@
 import frappe
 from frappe import _
+from frappe.model import get_permitted_fields
 from frappe.model.workflow import get_workflow_name
 from frappe.query_builder import Order
 from frappe.utils import getdate, strip_html
@@ -641,3 +642,9 @@ def get_workflow_state_field(doctype: str) -> str | None:
 def get_allowed_states_for_workflow(workflow: dict, user_id: str) -> list[str]:
 	user_roles = frappe.get_roles(user_id)
 	return [transition.state for transition in workflow.transitions if transition.allowed in user_roles]
+
+
+# Permissions
+@frappe.whitelist()
+def get_permitted_fields_for_write(doctype: str) -> list[str]:
+	return get_permitted_fields(doctype, permission_type="write")
@@ -112,6 +112,7 @@
    "label": "Approval Status",
    "no_copy": 1,
    "options": "Draft\nApproved\nRejected",
+   "permlevel": 1,
    "search_index": 1
   },
   {
@@ -387,7 +388,7 @@
  "idx": 1,
  "is_submittable": 1,
  "links": [],
- "modified": "2024-04-17 19:38:30.373122",
+ "modified": "2024-06-12 15:56:45.609119",
  "modified_by": "Administrator",
  "module": "HR",
  "name": "Expense Claim",
@@ -446,6 +447,39 @@
    "share": 1,
    "submit": 1,
    "write": 1
+  },
+  {
+   "permlevel": 1,
+   "read": 1,
+   "role": "HR Manager",
+   "write": 1
+  },
+  {
+   "permlevel": 1,
+   "read": 1,
+   "role": "HR User",
+   "write": 1
+  },
+  {
+   "delete": 1,
+   "email": 1,
+   "permlevel": 1,
+   "print": 1,
+   "read": 1,
+   "report": 1,
+   "role": "Expense Approver",
+   "share": 1,
+   "write": 1
+  },
+  {
+   "email": 1,
+   "export": 1,
+   "permlevel": 1,
+   "print": 1,
+   "read": 1,
+   "report": 1,
+   "role": "All",
+   "share": 1
   }
  ],
  "search_fields": "employee,employee_name",