From 3a9d078dc33489f2d6cbd29ad6cb3667e7b2cfee Mon Sep 17 00:00:00 2001
From: AarDG10 <aarol.dsouza@gmail.com>
Date: Wed, 31 Dec 2025 10:48:48 +0530
Subject: [PATCH] fix(report_view): enforce print permission for reports

---
 frappe/public/js/frappe/microtemplate.js             | 3 +++
 frappe/public/js/frappe/views/reports/report_view.js | 1 +
 frappe/utils/print_format.py                         | 4 +++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/frappe/public/js/frappe/microtemplate.js b/frappe/public/js/frappe/microtemplate.js
index f3041c677a..7a1558c949 100644
--- a/frappe/public/js/frappe/microtemplate.js
+++ b/frappe/public/js/frappe/microtemplate.js
@@ -187,6 +187,9 @@ frappe.render_pdf = function (html, opts = {}) {
 
 	//Push the HTML content into an element
 	formData.append("html", html);
+	if (opts.doctype) {
+		formData.append("doctype", opts.doctype);
+	}
 	if (opts.orientation) {
 		formData.append("orientation", opts.orientation);
 	}
diff --git a/frappe/public/js/frappe/views/reports/report_view.js b/frappe/public/js/frappe/views/reports/report_view.js
index a34249c1d8..78ab8f59a9 100644
--- a/frappe/public/js/frappe/views/reports/report_view.js
+++ b/frappe/public/js/frappe/views/reports/report_view.js
@@ -1531,6 +1531,7 @@ frappe.views.ReportView = class ReportView extends frappe.views.ListView {
 			},
 			{
 				label: __("Print"),
+				condition: () => frappe.model.can_print(this.doctype),
 				action: () => {
 					// prepare rows in their current state, sorted and filtered
 					const rows_in_order = this.datatable.datamanager.rowViewOrder
diff --git a/frappe/utils/print_format.py b/frappe/utils/print_format.py
index 59a94be98c..10afc78889 100644
--- a/frappe/utils/print_format.py
+++ b/frappe/utils/print_format.py
@@ -253,7 +253,9 @@ def download_pdf(
 
 
 @frappe.whitelist()
-def report_to_pdf(html, orientation="Landscape"):
+def report_to_pdf(html, orientation="Landscape", doctype=None):
+	if doctype:
+		frappe.has_permission(doctype, "print", throw=True)
 	make_access_log(file_type="PDF", method="PDF", page=html)
 	frappe.local.response.filename = "report.pdf"
 	frappe.local.response.filecontent = get_pdf(html, {"orientation": orientation})