From 64289308575fe2a96b4045a8d9cd13631d294bb3 Mon Sep 17 00:00:00 2001
From: Jannat Patel <31363128+pateljannat@users.noreply.github.com>
Date: Thu, 17 Nov 2022 11:39:43 +0530
Subject: [PATCH] fix: security issue in discussions component (#18903)

[skip ci]
---
 frappe/website/doctype/discussion_reply/discussion_reply.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/frappe/website/doctype/discussion_reply/discussion_reply.py b/frappe/website/doctype/discussion_reply/discussion_reply.py
index 1ac62d3b7d..f4460160c1 100644
--- a/frappe/website/doctype/discussion_reply/discussion_reply.py
+++ b/frappe/website/doctype/discussion_reply/discussion_reply.py
@@ -59,4 +59,6 @@ class DiscussionReply(Document):
 
 @frappe.whitelist()
 def delete_message(reply_name):
-	frappe.delete_doc("Discussion Reply", reply_name, ignore_permissions=True)
+	owner = frappe.db.get_value("Discussion Reply", reply_name, "owner")
+	if owner == frappe.session.user:
+		frappe.delete_doc("Discussion Reply", reply_name)