From 3234f0d299a420c010b0bf76446847e42bc6fe72 Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Mon, 12 Aug 2019 16:18:36 +0530 Subject: [PATCH 1/4] fix: Check if account passed is accessible under Payment Entry --- .../accounts/doctype/payment_entry/payment_entry.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/erpnext/accounts/doctype/payment_entry/payment_entry.py b/erpnext/accounts/doctype/payment_entry/payment_entry.py index 8c2ea73b56..3e1bd62ee9 100644 --- a/erpnext/accounts/doctype/payment_entry/payment_entry.py +++ b/erpnext/accounts/doctype/payment_entry/payment_entry.py @@ -755,6 +755,17 @@ def get_party_details(company, party_type, party, date, cost_center=None): @frappe.whitelist() def get_account_details(account, date, cost_center=None): frappe.has_permission('Payment Entry', throw=True) + + # to check if passed account is accessible under Payment Entry + # There might be user permissions which can only allow account under certain doctypes + # except Payment Entry + account_list = frappe.get_list('Account', { + 'name': account + }, reference_doctype='Payment Entry', limit=1) + + if not account_list: + frappe.throw(_('Account: {0} is not permitted under Payment Entry').format(account)) + return frappe._dict({ "account_currency": get_account_currency(account), "account_balance": get_balance_on(account, date, cost_center=cost_center), From bd2e7c0e53bf8326fd48c8d1ba0794f6c13a9a82 Mon Sep 17 00:00:00 2001 From: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com> Date: Mon, 12 Aug 2019 16:32:14 +0530 Subject: [PATCH 2/4] fix: Comment description --- erpnext/accounts/doctype/payment_entry/payment_entry.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/erpnext/accounts/doctype/payment_entry/payment_entry.py b/erpnext/accounts/doctype/payment_entry/payment_entry.py index 3e1bd62ee9..da7b42df77 100644 --- a/erpnext/accounts/doctype/payment_entry/payment_entry.py +++ b/erpnext/accounts/doctype/payment_entry/payment_entry.py @@ -756,13 +756,13 @@ def get_party_details(company, party_type, party, date, cost_center=None): def get_account_details(account, date, cost_center=None): frappe.has_permission('Payment Entry', throw=True) - # to check if passed account is accessible under Payment Entry - # There might be user permissions which can only allow account under certain doctypes - # except Payment Entry + # to check if the passed account is accessible if the reference doctype is Payment Entry account_list = frappe.get_list('Account', { 'name': account }, reference_doctype='Payment Entry', limit=1) - + + # There might be some user permissions which will allow account under certain doctypes + # except for Payment Entry, only in such case we should throw permission error if not account_list: frappe.throw(_('Account: {0} is not permitted under Payment Entry').format(account)) From 1a2600c9ea731f11d0e878c29a7ee1c574a2006e Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Tue, 13 Aug 2019 12:05:22 +0530 Subject: [PATCH 3/4] fix: Ignore account permission check --- erpnext/accounts/doctype/payment_entry/payment_entry.py | 6 +++++- erpnext/accounts/utils.py | 6 ++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/erpnext/accounts/doctype/payment_entry/payment_entry.py b/erpnext/accounts/doctype/payment_entry/payment_entry.py index 3e1bd62ee9..2f1efa5d5c 100644 --- a/erpnext/accounts/doctype/payment_entry/payment_entry.py +++ b/erpnext/accounts/doctype/payment_entry/payment_entry.py @@ -763,12 +763,16 @@ def get_account_details(account, date, cost_center=None): 'name': account }, reference_doctype='Payment Entry', limit=1) + account_balance = get_balance_on(account, date, cost_center=cost_center, ignore_account_permission=True) + + # There might be some user permissions which will allow account under certain doctypes + # except for Payment Entry, only in such case we should throw permission error if not account_list: frappe.throw(_('Account: {0} is not permitted under Payment Entry').format(account)) return frappe._dict({ "account_currency": get_account_currency(account), - "account_balance": get_balance_on(account, date, cost_center=cost_center), + "account_balance": account_balance, "account_type": frappe.db.get_value("Account", account, "account_type") }) diff --git a/erpnext/accounts/utils.py b/erpnext/accounts/utils.py index e1ed642e73..ac69fd3c96 100644 --- a/erpnext/accounts/utils.py +++ b/erpnext/accounts/utils.py @@ -84,7 +84,8 @@ def validate_fiscal_year(date, fiscal_year, company, label="Date", doc=None): throw(_("{0} '{1}' not in Fiscal Year {2}").format(label, formatdate(date), fiscal_year)) @frappe.whitelist() -def get_balance_on(account=None, date=None, party_type=None, party=None, company=None, in_account_currency=True, cost_center=None): +def get_balance_on(account=None, date=None, party_type=None, party=None, company=None, + in_account_currency=True, cost_center=None, ignore_account_permission=False): if not account and frappe.form_dict.get("account"): account = frappe.form_dict.get("account") if not date and frappe.form_dict.get("date"): @@ -140,7 +141,8 @@ def get_balance_on(account=None, date=None, party_type=None, party=None, company if account: - if not frappe.flags.ignore_account_permission: + if not (frappe.flags.ignore_account_permission + or ignore_account_permission): acc.check_permission("read") if report_type == 'Profit and Loss': From 64a962ce97f436dddc30d88dbcbae9c907e1589a Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Tue, 13 Aug 2019 12:08:49 +0530 Subject: [PATCH 4/4] fix: Re-organise code --- erpnext/accounts/doctype/payment_entry/payment_entry.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/erpnext/accounts/doctype/payment_entry/payment_entry.py b/erpnext/accounts/doctype/payment_entry/payment_entry.py index 2f1efa5d5c..57c10d2f31 100644 --- a/erpnext/accounts/doctype/payment_entry/payment_entry.py +++ b/erpnext/accounts/doctype/payment_entry/payment_entry.py @@ -763,13 +763,14 @@ def get_account_details(account, date, cost_center=None): 'name': account }, reference_doctype='Payment Entry', limit=1) - account_balance = get_balance_on(account, date, cost_center=cost_center, ignore_account_permission=True) - # There might be some user permissions which will allow account under certain doctypes # except for Payment Entry, only in such case we should throw permission error if not account_list: frappe.throw(_('Account: {0} is not permitted under Payment Entry').format(account)) + account_balance = get_balance_on(account, date, cost_center=cost_center, + ignore_account_permission=True) + return frappe._dict({ "account_currency": get_account_currency(account), "account_balance": account_balance,