Role Permission for Custom Button

Good Day All

I created a custom button in custom Doctype, also created Workflow for the Custom Doctype.
The button would appear on a specific Workflow State, which has a specific Role permitted for that Workflow State.
Here is the Code:

frappe.ui.form.on('Custom Doctype', {
    refresh: function(frm){
        if (frm.doc.workflow_state == "Approved") {
            frm.add_custom_button(__('Create Purchase Order'), function() {
                frappe.model.with_doctype('Purchase Order', function() {
                var doc = frappe.model.get_new_doc('Purchase Order');
            //To set data from Custom Doctype to Purchase Order
                doc.company = frm.doc.company;
                doc.transaction_date = frm.doc.purchase_date;
                doc.currency = frm.doc.currency;
                doc.supplier = frm.doc.supplier;
                doc.project = frm.doc.project;
               
            //to add row for child table
                $.each(frm.doc.child_table, function (index, source_row){
                    var row = frappe.model.add_child(doc, 'items');
                    row.item_code = source_row.item_code;
                    row.item_name = source_row.item_name;
                    row.description = source_row.description;
                    row.qty = source_row.qty;
                    row.uom = source_row.uom;
                    row.rate = source_row.item_rate;
                })
                frappe.set_route('Form', doc.doctype, doc.name);
                })
            });
        }
    }
}

The code works well, however, The issue I’m facing is, all Users who have “Read” permission can click on the Custom Button.
How can I restrict access to the Custom Button?

Thank you :slight_smile:

@Mohd_RTC21 If you want to show the button to specific roles then you can surround the code inside refresh with a role check condition like this.

if (frappe.user_roles.indexOf("Accounts User") != -1 && frappe.user_roles.indexOf("Accounts Manager") == -1) {}

Ref: Restrict Cancel Rights

The code worked.

Thank you so much for the help @kid1194