feat: Restrict user in mentions (#6520)

Avoid mentioning and accidentally sending email to Supplier or Customer or left employees

frappe/boot.py

@@ -194,7 +194,7 @@ def load_translations(bootinfo):
 def get_fullnames():
 	"""map of user fullnames"""
 	ret = frappe.db.sql("""select `name`, full_name as fullname,
-		user_image as image, gender, email, username, bio, location, interest, banner_image
+		user_image as image, gender, email, username, bio, location, interest, banner_image, allowed_in_mentions
 		from tabUser where enabled=1 and user_type!='Website User'""", as_dict=1)
 
 	d = {}

frappe/core/doctype/communication/comment.py

@@ -94,7 +94,7 @@ def notify_mentions(doc):
 
 		subject = _("{0} mentioned you in a comment in {1}").format(sender_fullname, parent_doc_label)
 
-		recipients = [frappe.db.get_value("User", {"enabled": 1, "name": name, "user_type": "System User"}, "email")
+		recipients = [frappe.db.get_value("User", {"enabled": 1, "name": name, "user_type": "System User", "allowed_in_mentions": 1}, "email")
 			for name in mentions]
 		frappe.sendmail(
 			recipients=recipients,

frappe/public/js/frappe/form/footer/timeline.js

@@ -730,7 +730,8 @@ frappe.ui.form.Timeline = class Timeline {
 	get_names_for_mentions() {
 		var valid_users = Object.keys(frappe.boot.user_info)
 			.filter(user => !["Administrator", "Guest"].includes(user));
-
+		valid_users = valid_users
+			.filter(user => frappe.boot.user_info[user].allowed_in_mentions==1);
 		return valid_users.map(user => frappe.boot.user_info[user].name);
 	}