From 33b7d7d74f0c97dc43e297ae260d7fd30cfc7959 Mon Sep 17 00:00:00 2001
From: Gavin D'souza <gavin18d@gmail.com>
Date: Fri, 24 Dec 2021 13:28:40 +0530
Subject: [PATCH] fix: Handle custom child tables via check_parent_permission

Check `tabCustom Field` and `tabDocfield` for matching parent existence.
---
 frappe/model/db_query.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/frappe/model/db_query.py b/frappe/model/db_query.py
index 16c0d18d9f..6d261dd4fd 100644
--- a/frappe/model/db_query.py
+++ b/frappe/model/db_query.py
@@ -787,12 +787,15 @@ class DatabaseQuery(object):
 def check_parent_permission(parent, child_doctype):
 	if parent:
 		# User may pass fake parent and get the information from the child table
-		if child_doctype and not frappe.db.exists('DocField',
-			{'parent': parent, 'options': child_doctype}):
+		if child_doctype and not (
+			frappe.db.exists('DocField', {'parent': parent, 'options': child_doctype})
+			or frappe.db.exists('Custom Field', {'dt': parent, 'options': child_doctype})
+		):
 			raise frappe.PermissionError
 
 		if frappe.permissions.has_permission(parent):
 			return
+
 	# Either parent not passed or the user doesn't have permission on parent doctype of child table!
 	raise frappe.PermissionError