From a9435cc6b0fb2656cb6776ddc74c9ab894c7213b Mon Sep 17 00:00:00 2001
From: Rohit Waghchaure <rohitw1991@gmail.com>
Date: Mon, 16 Sep 2019 11:14:33 +0530
Subject: [PATCH] fix: user can able to change rate and discount even if they
 don't have permission

---
 erpnext/accounts/page/pos/pos.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/erpnext/accounts/page/pos/pos.js b/erpnext/accounts/page/pos/pos.js
index 2173e7dfb7..2caa8ce651 100755
--- a/erpnext/accounts/page/pos/pos.js
+++ b/erpnext/accounts/page/pos/pos.js
@@ -1624,7 +1624,7 @@ erpnext.pos.PointOfSale = erpnext.taxes_and_totals.extend({
 		setTimeout(function () {
 			w.print();
 			w.close();
-		}, 1000)
+		}, 1000);
 	},
 
 	submit_invoice: function () {
@@ -1681,6 +1681,12 @@ erpnext.pos.PointOfSale = erpnext.taxes_and_totals.extend({
 		$(this.wrapper).find('.pos-bill').css('pointer-events', pointer_events);
 		$(this.wrapper).find('.pos-items-section').css('pointer-events', pointer_events);
 		this.set_primary_action();
+
+		$(this.wrapper).find('#pos-item-disc').prop('disabled',
+			this.pos_profile_data.allow_user_to_edit_discount ? false : true);
+
+		$(this.wrapper).find('#pos-item-price').prop('disabled',
+			this.pos_profile_data.allow_user_to_edit_rate ? false : true);
 	},
 
 	create_invoice: function () {
@@ -1898,7 +1904,7 @@ erpnext.pos.PointOfSale = erpnext.taxes_and_totals.extend({
 			serial_no = me.item_serial_no[key][0];
 		}
 
-		if (this.items[0].has_serial_no && serial_no == "") {
+		if (this.items && this.items[0].has_serial_no && serial_no == "") {
 			this.refresh();
 			frappe.throw(__(repl("Error: Serial no is mandatory for item %(item)s", {
 				'item': this.items[0].item_code