feat: show restricted desktop icons

2025-11-18 19:05:13 +05:30 · 2025-11-18 19:05:13 +05:30 · 656aaa1f2f
commit 656aaa1f2f
parent ed56722b03
2 changed files with 49 additions and 16 deletions
--- a/frappe/boot.py
+++ b/frappe/boot.py
@ -42,6 +42,7 @@ def get_bootinfo():

 	# user
 	get_user(bootinfo)
+	# desktop icon info

 	# system info
 	bootinfo.sitename = frappe.local.site
@ -56,6 +57,7 @@ def get_bootinfo():
 	bootinfo.modules = {}
 	bootinfo.module_list = []
 	load_desktop_data(bootinfo)
+	bootinfo.desktop_icons = get_desktop_icons(bootinfo=bootinfo)
 	bootinfo.letter_heads = get_letter_heads()
 	bootinfo.active_domains = frappe.get_active_domains()
 	bootinfo.all_domains = [d.get("name") for d in frappe.get_all("Domain")]
@ -149,7 +151,6 @@ def load_conf_settings(bootinfo):
 def load_desktop_data(bootinfo):
 	from frappe.desk.desktop import get_workspace_sidebar_items

-	bootinfo.desktop_icons = get_desktop_icons()
 	bootinfo.workspaces = get_workspace_sidebar_items()
 	bootinfo.show_app_icons_as_folder = frappe.db.get_single_value(
 		"Desktop Settings", "show_app_icons_as_folder"
--- a/frappe/desk/doctype/desktop_icon/desktop_icon.py
+++ b/frappe/desk/doctype/desktop_icon/desktop_icon.py
@ -71,19 +71,42 @@ class DesktopIcon(Document):
 		if os.path.exists(file_path):
 			os.remove(file_path)

-	def is_permitted(self):
-		"""Return True if `Has Role` is not set or the user is allowed."""
-		from frappe.utils import has_common
-
-		allowed = [d.role for d in frappe.get_all("Has Role", fields=["role"], filters={"parent": self.name})]
-
-		if not allowed:
+	def is_permitted(self, bootinfo):
+		if frappe.session.user == "Administrator":
 			return True
+		workspaces = get_workspace_names(bootinfo.workspaces)
+		if self.icon_type == "Link":
+			if self.link_type == "DocType":
+				return self.link_to in bootinfo.user.can_read
+			elif self.link_type == "Workspace":
+				return self.link_to in workspaces
+		elif self.icon_type == "App":
+			return self.get_app_from_title(self.label)

-		roles = frappe.get_roles()
+	def get_app_from_title(self, title):
+		for a in frappe.get_installed_apps():
+			if frappe.get_hooks(app_name=a)["app_title"][0] == title:
+				permission_method = frappe.get_hooks(app_name=a)["add_to_apps_screen"][0].get(
+					"has_permission", None
+				)
+				if permission_method:
+					return frappe.call(permission_method)
+				else:
+					return False

-		if has_common(roles, allowed):
-			return True
+	# def is_permitted(self):
+	# 	"""Return True if `Has Role` is not set or the user is allowed."""
+	# 	from frappe.utils import has_common
+
+	# 	allowed = [d.role for d in frappe.get_all("Has Role", fields=["role"], filters={"parent": self.name})]
+
+	# 	if not allowed:
+	# 		return True
+
+	# 	roles = frappe.get_roles()
+
+	# 	if has_common(roles, allowed):
+	# 		return True

 	def after_insert(self):
 		clear_desktop_icons_cache()
@ -96,7 +119,14 @@ def after_doctype_insert():
 # frappe.db.add_unique("Desktop Icon", ("owner", "standard"))


-def get_desktop_icons(user=None):
+def get_workspace_names(workspaces):
+	workspace_list = []
+	for w in workspaces["pages"]:
+		workspace_list.append(w["name"])
+	return workspace_list
+
+
+def get_desktop_icons(user=None, bootinfo=None):
 	"""Return desktop icons for user"""
 	if not user:
 		user = frappe.session.user
@ -190,10 +220,11 @@ def get_desktop_icons(user=None):
 		permitted_icons = []
 		permitted_parent_labels = set()

-		for s in user_icons:
-			icon = frappe.get_doc("Desktop Icon", s)
-			if icon.is_permitted():
-				permitted_icons.append(s)
+		if bootinfo:
+			for s in user_icons:
+				icon = frappe.get_doc("Desktop Icon", s)
+				if icon.is_permitted(bootinfo):
+					permitted_icons.append(s)

 				if not s.parent_icon:
 					permitted_parent_labels.add(s.label)
@ -201,6 +232,7 @@ def get_desktop_icons(user=None):
 		user_icons = [
 			s for s in permitted_icons if not s.parent_icon or s.parent_icon in permitted_parent_labels
 		]
+
 		frappe.cache.hset("desktop_icons", user, user_icons)
 	return user_icons