fix(web_form): allow deletion of an item if you have permission

Bulk delete via list doesn't work if you have access to only "some" documents as we don't pass docname when checking Seems inefficient to check there, so implemented it here Signed-off-by: Akhil Narang <me@akhilnarang.dev>
2025-08-28 16:04:32 +05:30 · 2025-08-28 16:04:32 +05:30 · cffcc3cf34
commit cffcc3cf34
parent 95146c29e8
3 changed files with 38 additions and 0 deletions
--- a/frappe/public/js/frappe/web_form/web_form.js
+++ b/frappe/public/js/frappe/web_form/web_form.js
@ -30,6 +30,8 @@ export default class WebForm extends frappe.ui.FieldGroup {
 			this.setup_discard_action();
 		}

+		this.setup_delete_action();
+
 		this.setup_previous_next_button();
 		this.toggle_section();

@ -174,6 +176,10 @@ export default class WebForm extends frappe.ui.FieldGroup {
 		$(".web-form-footer .discard-btn").on("click", () => this.discard_form());
 	}

+	setup_delete_action() {
+		$(".web-form-footer .delete-btn").on("click", () => this.delete_form());
+	}
+
 	discard_form() {
 		let path = window.location.href;
 		// remove new or edit after last / from url
@ -192,6 +198,24 @@ export default class WebForm extends frappe.ui.FieldGroup {
 		return false;
 	}

+	delete_form() {
+		const path = window.location.href;
+		frappe.confirm(__("Are you sure you want to delete this record?"), () => {
+			frappe.call({
+				method: "frappe.website.doctype.web_form.web_form.delete",
+				args: {
+					web_form_name: this.name,
+					docname: this.doc.name,
+				},
+				callback: () => {
+					frappe.msgprint(__("Deleted!"));
+					window.location.href = path.substring(0, path.lastIndexOf("/"));
+				},
+			});
+		});
+		return false;
+	}
+
 	validate_section() {
 		if (this.allow_incomplete) return true;

--- a/frappe/website/doctype/web_form/templates/web_form.html
+++ b/frappe/website/doctype/web_form/templates/web_form.html
@ -46,6 +46,13 @@
 			<!-- submit button -->
 			<button type="submit" class="submit-btn btn btn-primary btn-sm ml-2">{{ _(button_label, context="Button in web form") or _("Submit", context="Button in web form") }}</button>
 		{% endif %}
+		{% if has_delete_permission %}
+			<!-- delete button -->
+			<button type="button" class="delete-btn btn btn-default btn-sm">
+				{{ _("Delete", context="Button in web form") }}
+			</button>
+		{% endif %}
+
 	</div>
 	{% endblock %}
 {% endmacro %}
--- a/frappe/website/doctype/web_form/web_form.py
+++ b/frappe/website/doctype/web_form/web_form.py
@ -152,6 +152,9 @@ def get_context(context):
 		else:
 			context.template = "website/doctype/web_form/templates/web_form.html"

+		# By default, assume no delete permissions
+		context.has_delete_permission = False
+
 		# check permissions
 		if frappe.form_dict.name:
 			assert isinstance(frappe.form_dict.name, str | int)
@ -172,6 +175,10 @@ def get_context(context):
 					_("You don't have the permissions to access this document"), frappe.PermissionError
 				)

+			context.has_delete_permission = frappe.has_permission(
+				self.doc_type, "delete", frappe.form_dict.name
+			)
+
 		if frappe.local.path == self.route:
 			path = f"/{self.route}/list" if self.show_list else f"/{self.route}/new"
 			frappe.redirect(path)