From befd7f313c3dfbd4e4a509ab03bd61c055ab3be9 Mon Sep 17 00:00:00 2001
From: AarDG10 <aarol.dsouza@gmail.com>
Date: Tue, 28 Apr 2026 11:18:06 +0530
Subject: [PATCH] fix(discussion_topic): add perm. check to submit_discussion
 method

Users should not be able to edit someone else's replies. Forbidding it w/ this check.
---
 frappe/website/doctype/discussion_topic/discussion_topic.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/frappe/website/doctype/discussion_topic/discussion_topic.py b/frappe/website/doctype/discussion_topic/discussion_topic.py
index e877beaa64..27520dd83d 100644
--- a/frappe/website/doctype/discussion_topic/discussion_topic.py
+++ b/frappe/website/doctype/discussion_topic/discussion_topic.py
@@ -33,6 +33,8 @@ def submit_discussion(
 ):
 	if reply_name:
 		doc = frappe.get_doc("Discussion Reply", reply_name)
+		if doc.owner != frappe.session.user:
+			frappe.throw(frappe._("You can only edit your own replies."), frappe.PermissionError)
 		doc.reply = reply
 		doc.save(ignore_permissions=True)
 		return