Restrict lead status changes by role and ownership by mprinceb · Pull Request #3 · Technoculture/crm

mprinceb · 2026-02-07T17:18:58Z

Prevent unauthorized users from changing a lead's top-right status in the UI while allowing owners and higher roles to edit it.
Ensure programmatic attempts to change status are blocked if the user lacks permission.

Added a canChangeLeadStatus computed property to frontend/src/pages/Lead.vue that returns true for Admin/System Manager, Sales Manager and Sales Master Manager, or for a Sales User when doc.owner === session.user.
Updated the status control to render the editable Dropdown only when canChangeLeadStatus is true and render a read-only Button showing the status otherwise.
Added a guard in triggerStatusChange to display an error toast and abort when canChangeLeadStatus is false.
All changes are contained in frontend/src/pages/Lead.vue.

Ran yarn build which failed in this environment due to missing local Frappe files (sites/common_site_config.json and frappe/frappe/public/js/lib/posthog.js).
Started the dev server with cd frontend && yarn dev to validate UI changes; the server started but runtime import resolution errors for the same missing local files were observed in this environment.
Captured a browser screenshot of the running app shell via an automated Playwright script to visually validate the lead page rendering, which produced an artifact successfully.

Restrict lead status changes by role and ownership

cd0e34d

mprinceb added the codex label Feb 7, 2026 — with ChatGPT Codex Connector

mprinceb added 2 commits February 8, 2026 11:20

Use lead owner for sales user status edit permission

5761d0b

Require write permission for lead status changes

c2624d6

Provide feedback