From e1bfc1bedc501cbd09a756f56ee013e60412d189 Mon Sep 17 00:00:00 2001
From: Corentin Forler <corentin@dokos.io>
Date: Mon, 25 Nov 2024 12:11:04 +0100
Subject: [PATCH] fix(query_report): Check both read and select perms

---
 frappe/desk/query_report.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/frappe/desk/query_report.py b/frappe/desk/query_report.py
index e9a1f75781..81fc0ca71d 100644
--- a/frappe/desk/query_report.py
+++ b/frappe/desk/query_report.py
@@ -800,6 +800,8 @@ def validate_filters_permissions(report_name, filters=None, user=None):
 		if field.fieldname in filters and field.fieldtype == "Link":
 			linked_doctype = field.options
 			if not has_permission(
+				doctype=linked_doctype, ptype="read", doc=filters[field.fieldname], user=user
+			) and not has_permission(
 				doctype=linked_doctype, ptype="select", doc=filters[field.fieldname], user=user
 			):
 				frappe.throw(