ERPNext Conference 2019* ERPNext.com Blog

Document permissions based on field values


#1

I am trying to create a role-level permission for viewing Purchase Invoices based on the value of certain fields.

Here is the underlying problem:
We have a situation where there will be purchases made from employee-specific suppliers of employee-specific items. These invoices should not be visible to all other employees. They should only be visible to the employee who submitted the invoice, and the General Manager. I have created Supplier Groups and Item Groups for each employee and created permissions based on these groups that link to the specific employee. So far, so good: each employee can only see their own items and suppliers. But when an employee submits a purchase invoice, all other employees can see it regardless of the mentioned supplier or items within the invoice.

So I have two somewhat (perhaps redundant) questions:

1: It appears that each doctype only has certain fields that are filtered for permissions. For example, Purchase Invoices can be filtered by permission based on Account, but not by Supplier. Is there a way to reference the Supplier field when permissions are calculated?

2: Is there a way to limit access to specific documents based on any custom field value? Under User Permissions, I am able to enable access to individual instances of a document. I don’t want to have to do this manually for every Invoice that is created. Is there a way to enable (or restrict) access of a document based on the value of a field?

Thank you for your help.