Solution: set permission query conditions on both Journal Entry and GL Entry as following
Logic: if the user is not Administrator and not assigned the Accounts Manager role, then in both Journal Entry list and General Ledger report the journal entries generated via payroll( booked to the default payroll payable account defined in company master) will be excluded via the query conditions(SQL where clause with subquery), if user is Administrator or has Accounts Manager role assigned, no extra where condition to be applied.
Warning: sub Query in use, if large number of records in Journal Entry and GL Entry, performance impact need to be considered and monitored.
-
hooks.py, please adapt to your custom app name accordingly
permission_query_conditions = {
"Journal Entry": "ibp.integrated_budget_and_planning.doctype.meeting.meeting.exclude_payroll_journal_entry",
"GL Entry": "ibp.integrated_budget_and_planning.doctype.meeting.meeting.exclude_payroll_gl_entry",
}
-
the permission query method defined in the py file
def exclude_payroll_journal_entry(user):
if not user: user = frappe.session.user
if user != 'Administrator' and 'Accounts Manager' not in frappe.get_roles():
return """(name not in (select parent from `tabJournal Entry Account`
where account = (select default_payroll_payable_account from `tabCompany`
where name = company)))"""
def exclude_payroll_gl_entry(user):
if not user: user = frappe.session.user
if user != 'Administrator' and 'Accounts Manager' not in frappe.get_roles():
return """(account <> (select c.default_payroll_payable_account from `tabCompany` as c
where c.name = company) and
against <> (select cc.default_payroll_payable_account from `tabCompany` as cc
where cc.name = company)
)"""