Set attachement permission

I am looking for a solution on how to manage access (read, write/delete) to attachement in v13.
I am aware of older postings regarding similar requirements, but none of them contains a solution:

Scenario: Within a doctype (let say Project, but same for all doctypes), a user adds an attachement. As a customer has also read access to the project, sometimes it is required to hide specific attachement, so that the customer won’t see all of them.

General issue: Even if someone cannot access a doctype due to permission, he can access files directly via URL.

Any ideas on how to handle this? It feels like a very basic requirement and I am wondering, if there isn’t a solution, yet.

1 Like

As I understand right now, there is no build-in functionality for this.

My plan is to add a custom module for this functionality

  • Create new doctype “User_File_Permission_Assignment” to maintain the permission per File, User and ptype (Read, Write, …)
  • Enhance the default “has_permission”-method part of “Files” doctype and add lookup for a entry in the new “User_File_Permission_Assignment”.

What is the best/correct way to overwrite/ hook into the default “has_permission” method, part of “File” doctype?

This may help for overriding default functionality How to override method in frappe?

You should write a backend permission query and condition to handle that scenario

Here you have the registry in the and also it will lead you to paths with samples of how implement that

1 Like