imatul1996 · iamtalib13 · May 25, 2026 · May 25, 2026 · May 25, 2026 · May 25, 2026
diff --git a/custom_report/www/cif_tracker.html b/custom_report/www/cif_tracker.html
@@ -168,7 +168,7 @@
     <div class="card">
         <div class="header">
             <h2>CIF Tracker</h2>
-            <p>Enter CIF ID to fetch linked account details</p>
+            <p>Enter the CIF ID to view assigned verification user details.</p>
         </div>
 
         <div class="search-box">
@@ -220,7 +220,7 @@ <h2>CIF Tracker</h2>
         <div style="font-size: 60px; margin-bottom: 20px;">🚫</div>
         <h2 style="color: #e74c3c;">Access Denied</h2>
         <p>You do not have permission to access the <b>CIF Tracker</b>.</p>
-        <p style="color: var(--text-muted); font-size: 14px;">Please contact your IT Administrator to request the 'CIF Tracker' role.</p>
+        <p style="color: var(--text-muted); font-size: 14px;">Access Requirement: CIF Tracker role and a valid designation (BM, BOM, or COM).</p>
         <button onclick="window.location.href='/'" style="margin-top: 20px;">Back to Home</button>
     </div>
     {% endif %}

diff --git a/custom_report/www/cif_tracker.py b/custom_report/www/cif_tracker.py
@@ -10,22 +10,28 @@ def get_context(context):
     context.has_access = check_user_access()
 
 def check_user_access():
-    """Helper to check if user has 'CIF Tracker' or 'Administrator' access"""
+    """Helper to check if user has 'CIF Tracker' role AND appropriate designation"""
     user = frappe.session.user
     if user == "Administrator":
         return True
 
     user_roles = set(frappe.get_roles(user))
-    if "CIF Tracker" in user_roles or "System Manager" in user_roles:
+    if "System Manager" in user_roles:
         return True
 
+    if "CIF Tracker" in user_roles:
+        # Check designation for CIF Tracker role holders
+        designation = frappe.db.get_value("Employee", {"user_id": user}, "designation")
+        if designation in ['BRANCH MANAGER', 'Branch Operation Manager', 'CLUSTER OPERATION MANAGER']:
+            return True
+
     return False
 
 @frappe.whitelist()
 def get_cif_details(cif_id):
     # Security check for API call
     if not check_user_access():
-        frappe.throw("Access Denied: You do not have the 'CIF Tracker' role.", frappe.PermissionError)
+        frappe.throw("Access Denied: You must have the 'CIF Tracker' role AND a valid designation (Branch Manager, Branch Operation Manager, or Cluster Operation Manager).", frappe.PermissionError)
 
     if not cif_id:
         return {"success": False, "error": "CIF ID is required"}
@@ -64,7 +70,7 @@ def get_cif_details(cif_id):
                 })
             return {"success": True, "data": data}
         else:
-            return {"success": False, "error": "No records found for this CIF ID."}
+            return {"success": False, "error": "Invalid CIF ID or already verified by the checker. Please confirm and try again."}
 
     except Exception as e:
         frappe.log_error(message=frappe.get_traceback(), title="CIF Tracker Error")