From aef4d4bfc3c6a1cd461d753b46876784a2cda1f3 Mon Sep 17 00:00:00 2001
From: Priyal <priyalrwl.20@gmail.com>
Date: Mon, 16 Mar 2026 17:52:17 +0530
Subject: [PATCH 1/2] fix: check only select perm instead of read or select

---
 frappe/client.py         | 2 +-
 frappe/database/query.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/frappe/client.py b/frappe/client.py
index b43e2afac3..63bcd0a687 100644
--- a/frappe/client.py
+++ b/frappe/client.py
@@ -472,7 +472,7 @@ def validate_link_and_fetch(
 	if is_virtual_dt:
 		try:
 			doc = frappe.get_doc(doctype, docname)
-			doc.check_permission("select" if frappe.only_has_select_perm(doctype) else "read")
+			doc.check_permission("select")
 			values = {"name": doc.name}
 
 		except frappe.DoesNotExistError:
diff --git a/frappe/database/query.py b/frappe/database/query.py
index 9464572df5..adc784d369 100644
--- a/frappe/database/query.py
+++ b/frappe/database/query.py
@@ -1405,7 +1405,7 @@ class Engine:
 		return parsed_order_fields
 
 	def check_read_permission(self):
-		"""Check if user has read permission on the doctype"""
+		"""Check if user has select permission on the doctype"""
 
 		def has_permission(ptype):
 			return frappe.has_permission(
@@ -1415,7 +1415,7 @@ class Engine:
 				parent_doctype=self.parent_doctype,
 			)
 
-		if not has_permission("select") and not has_permission("read"):
+		if not has_permission("select"):
 			self._raise_permission_error()
 
 	def _raise_permission_error(self, doctype=None):

From d6fdcdb8322e49fce077788c50746cb4dd0327b5 Mon Sep 17 00:00:00 2001
From: Priyal <priyalrwl.20@gmail.com>
Date: Tue, 17 Mar 2026 10:29:18 +0530
Subject: [PATCH 2/2] refactor: update permission check method

---
 frappe/database/query.py | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/frappe/database/query.py b/frappe/database/query.py
index adc784d369..6cb1117176 100644
--- a/frappe/database/query.py
+++ b/frappe/database/query.py
@@ -274,7 +274,7 @@ class Engine:
 			self.table = qb.DocType(table)
 
 		if self.apply_permissions:
-			self.check_read_permission()
+			self.check_select_permission()
 			self.permission_doctype = parent_doctype or self.doctype
 			self.permission_table = (
 				qb.DocType(self.permission_doctype) if self.permission_doctype != self.doctype else self.table
@@ -1404,18 +1404,11 @@ class Engine:
 
 		return parsed_order_fields
 
-	def check_read_permission(self):
-		"""Check if user has select permission on the doctype"""
-
-		def has_permission(ptype):
-			return frappe.has_permission(
-				self.doctype,
-				ptype,
-				user=self.user,
-				parent_doctype=self.parent_doctype,
-			)
-
-		if not has_permission("select"):
+	def check_select_permission(self):
+		"""Check if user has select (or read) permission on the doctype"""
+		if not frappe.has_permission(
+			self.doctype, "select", user=self.user, parent_doctype=self.parent_doctype
+		):
 			self._raise_permission_error()
 
 	def _raise_permission_error(self, doctype=None):