If_owner and apply user permission working together again

I am sorry I know this discussion is old, but I think it’s still persisting. but what I am trying to do is that I have sales team that are within a specific sales group as I have different sales groups, and within this sales group each sales person can only see their own documents, but the sales manager can see all sales orders, projects … etc. within one sales group.

One Solution similar to the structure of suitecrm:

  1. I built a new doctype called Access Group, which I have my different groups as only names e.g. Sales Team 1, Sales Team 2, And I link this doctype to the docs required e.g. project, sales order, opportunities … etc. via a custom variable connected to this access group doctype.

  2. Then I allow each user using the user permission based on the access group

  3. Then I check the apply user permission and set “Select Document Types” to access group for the group access controller document required e.g. Sales Order

What works:

  1. If I check only the if owner, user can only see their documents.
  2. If I check only the apply user permission, user can see the documents is in it’s access group.

What is not working
3. If I check both, user can see what is in their access group, but can also see what they do not own

This makes me think that there is an “OR” between if owner and apply user permission rather than an “AND” relationship

I am trying to alter this in the frappe/frappe/permission.py, to “AND” between if owner and apply user permission.

  1. Is this the right approach ?

  2. Is my guess correct that if owner and apply user permission will be true if one of these two rules is true instead of return false if any of them is false?

Sorry for the repeated title, but I scanned alot of forums and still this is not answered.

Also I think the idea of the access group over the documents is a nice solution for grouping, I am intending also to automatically populate this custom variable when checking user access group

Ok I have had this issue for myself couple of times. Permissions and if_owner will not work. You need permissions filter query…

What I can understand is that you want to have restriction on documents which are viewed by your sales group on list view. They should be able to see documents only relevant to them (Relevant is the word and this is where you will have to apply some logic)…

I used Query Permissions hook to solve this for me…


I had worked out similar thing for students doc type. Please refer the solution here for the same:

Here the logic was that only students can see documents relevant to them (only their enrollments, their fees only, etc). You can write some logic for your sales group.

Hope this helps and was relevant to what you were looking for…



1 Like