import frappe @frappe.whitelist() def get_user_roles(): """Get roles for the current logged-in user - no permission check needed""" user = frappe.session.user if not user or user == "Guest": return [] # Get roles using ignore_permissions roles = frappe.get_roles(user) return roles @frappe.whitelist() def get_user_info_with_roles(): """Get current user info along with their roles""" user = frappe.session.user if not user or user == "Guest": return {"user": None, "roles": []} roles = frappe.get_roles(user) return { "user": user, "roles": roles, "full_name": frappe.db.get_value("User", user, "full_name") } @frappe.whitelist(allow_guest=False) def check_has_role(roles): """Check if current user has any of the specified roles Args: roles: comma-separated string or list of role names Returns: dict with has_role (bool) and matching_roles (list) """ user = frappe.session.user if not user or user == "Guest": return {"has_role": False, "matching_roles": [], "user_roles": []} # Handle both string and list input if isinstance(roles, str): check_roles = [r.strip() for r in roles.split(",")] else: check_roles = roles user_roles = frappe.get_roles(user) matching_roles = [r for r in check_roles if r in user_roles] return { "has_role": len(matching_roles) > 0, "matching_roles": matching_roles, "user_roles": user_roles } @frappe.whitelist() def get_users_with_role(role): """ Get all enabled users who have a specific role Args: role: Role name (e.g., 'Technician') Returns: List of users with name and full_name """ if not role: return [] # Get all users who have this role from Has Role child table users_with_role = frappe.get_all( "Has Role", filters={ "role": role, "parenttype": "User" }, fields=["parent"], distinct=True ) if not users_with_role: return [] user_names = [u.parent for u in users_with_role] # Get user details for enabled users only user_details = frappe.get_all( "User", filters={ "name": ["in", user_names], "enabled": 1 }, fields=["name", "full_name"], order_by="full_name asc" ) return user_details @frappe.whitelist() def has_create_permission(doctype): """ Check if current user has create permission for a doctype Uses ignore_permissions to query Custom DocPerm """ user = frappe.session.user if not user or user == "Guest": return {"has_permission": False, "reason": "Not logged in"} # Get user's roles user_roles = frappe.get_roles(user) # System Manager and Administrator always have permission if "System Manager" in user_roles or "Administrator" in user_roles: return { "has_permission": True, "reason": "System Manager/Administrator", "role": "System Manager" } # Check Custom DocPerm with ignore_permissions=True custom_perms = frappe.get_all( "Custom DocPerm", filters={ "parent": doctype, "role": ["in", user_roles], "create": 1 }, fields=["name", "role"], ignore_permissions=True, # ← This is the key! limit=1 ) if custom_perms and len(custom_perms) > 0: return { "has_permission": True, "reason": "Custom DocPerm", "role": custom_perms[0].get("role") } return { "has_permission": False, "reason": "No create permission found in Custom DocPerm" }