From ece97bb89c39f07d824a1bec03f39f02cacee57c Mon Sep 17 00:00:00 2001 From: AarDG10 Date: Wed, 28 Jan 2026 10:08:03 +0530 Subject: [PATCH] fix(permissions): check module perms for user before displaying icon --- frappe/desk/doctype/desktop_icon/desktop_icon.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/frappe/desk/doctype/desktop_icon/desktop_icon.py b/frappe/desk/doctype/desktop_icon/desktop_icon.py index ed2c984c78..9b7a31a143 100644 --- a/frappe/desk/doctype/desktop_icon/desktop_icon.py +++ b/frappe/desk/doctype/desktop_icon/desktop_icon.py @@ -79,6 +79,14 @@ class DesktopIcon(Document): os.remove(file_path) def is_permitted(self, bootinfo): + icon_module = None + if self.icon_type == "Link" and self.link_to: + icon_module = frappe.db.get_value("Workspace", self.link_to, "module") + # module permission check + if icon_module: + blocked_modules = frappe.get_cached_doc("User", frappe.session.user).get_blocked_modules() + if icon_module in blocked_modules: + return False # perform a permission check based on roles table (desktop icons) allowed_roles = [d.role for d in self.get("roles") or []] if allowed_roles and not set(allowed_roles).intersection(frappe.get_roles()):