From fa7faf4fe62fba38393381b7a44c0e5e3b4a2a37 Mon Sep 17 00:00:00 2001
From: Rucha Mahabal <ruchamahabal2@gmail.com>
Date: Sat, 13 Jun 2020 18:23:23 +0530
Subject: [PATCH 1/2] fix: permission query for dashboard chart

---
 .../desk/doctype/dashboard_chart/dashboard_chart.py  | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/frappe/desk/doctype/dashboard_chart/dashboard_chart.py b/frappe/desk/doctype/dashboard_chart/dashboard_chart.py
index ab1863ca0b..c6343dd187 100644
--- a/frappe/desk/doctype/dashboard_chart/dashboard_chart.py
+++ b/frappe/desk/doctype/dashboard_chart/dashboard_chart.py
@@ -26,15 +26,15 @@ def get_permission_query_conditions(user):
 	if "System Manager" in roles:
 		return None
 
-	allowed_doctypes = tuple(frappe.permissions.get_doctypes_with_read())
-	allowed_reports = tuple([key if type(key) == str else key.encode('UTF8') for key in get_allowed_reports()])
+	allowed_doctypes = ['"%s"' % doctype for doctype in frappe.permissions.get_doctypes_with_read()]
+	allowed_reports = ['"%s"' % key if type(key) == str else key.encode('UTF8') for key in get_allowed_reports()]
 
 	return '''
-			`tabDashboard Chart`.`document_type` in {allowed_doctypes}
-			or `tabDashboard Chart`.`report_name` in {allowed_reports}
+			`tabDashboard Chart`.`document_type` in ({allowed_doctypes})
+			or `tabDashboard Chart`.`report_name` in ({allowed_reports})
 		'''.format(
-			allowed_doctypes=allowed_doctypes,
-			allowed_reports=allowed_reports
+			allowed_doctypes=','.join(allowed_doctypes),
+			allowed_reports=','.join(allowed_reports)
 		)
 
 

From db4166279ee55e9aeef32c03a478cf43d106cd38 Mon Sep 17 00:00:00 2001
From: Rucha Mahabal <ruchamahabal2@gmail.com>
Date: Sun, 14 Jun 2020 15:20:53 +0530
Subject: [PATCH 2/2] fix: permission query for number card

---
 frappe/desk/doctype/number_card/number_card.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/frappe/desk/doctype/number_card/number_card.py b/frappe/desk/doctype/number_card/number_card.py
index 6bb9c7d45c..c4a427c4e0 100644
--- a/frappe/desk/doctype/number_card/number_card.py
+++ b/frappe/desk/doctype/number_card/number_card.py
@@ -27,12 +27,12 @@ def get_permission_query_conditions(user=None):
 	if "System Manager" in roles:
 		return None
 
-	allowed_doctypes = tuple(frappe.permissions.get_doctypes_with_read())
+	allowed_doctypes = ['"%s"' % doctype for doctype in frappe.permissions.get_doctypes_with_read()]
 
 	return '''
-			`tabNumber Card`.`document_type` in {allowed_doctypes}
+			`tabNumber Card`.`document_type` in ({allowed_doctypes})
 		'''.format(
-			allowed_doctypes=allowed_doctypes,
+			allowed_doctypes=','.join(allowed_doctypes)
 		)
 
 def has_permission(doc, ptype, user):