From 7343c83838dc1937a192966e57660e599b77e6ed Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Tue, 17 Oct 2023 19:39:53 +0530
Subject: [PATCH] fix: do not allow editing other's private workspaces

---
 frappe/desk/doctype/workspace/workspace.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/frappe/desk/doctype/workspace/workspace.py b/frappe/desk/doctype/workspace/workspace.py
index 466ae17a47..d4afc30475 100644
--- a/frappe/desk/doctype/workspace/workspace.py
+++ b/frappe/desk/doctype/workspace/workspace.py
@@ -289,6 +289,16 @@ def update_page(name, title, icon, indicator_color, parent, public):
 	public = frappe.parse_json(public)
 	doc = frappe.get_doc("Workspace", name)
 
+	if (
+		not doc.get("public")
+		and doc.get("for_user") != frappe.session.user
+		and not is_workspace_manager()
+	):
+		frappe.throw(
+			_("Need Workspace Manager role to edit private workspace of other users"),
+			frappe.PermissionError,
+		)
+
 	if doc:
 		doc.title = title
 		doc.icon = icon