From f72bd90fefc107edf0daeb4a835a86ff50e6c630 Mon Sep 17 00:00:00 2001 From: Ejaaz Khan Date: Thu, 15 May 2025 18:03:36 +0530 Subject: [PATCH] fix: query report read permission issue --- frappe/desk/query_report.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/frappe/desk/query_report.py b/frappe/desk/query_report.py index 104211759a..7810bba752 100644 --- a/frappe/desk/query_report.py +++ b/frappe/desk/query_report.py @@ -708,6 +708,13 @@ def has_match( # each doctype could have multiple conflicting user permission doctypes, hence using OR # so that even if one of the sets allows a match, it is true + + if match: + if not frappe.has_permission( + doctype=ref_doctype, ptype="read", throw=False, ignore_share_permissions=True + ): + match = False + matched_for_doctype = matched_for_doctype or match if matched_for_doctype: