nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-04-27 10:38:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add portal user ownership check to supplier quotation (backport #54298) (#54299)

Browse Source 
Co-authored-by: Mihir Kandoi <kandoimihir@gmail.com>
fix: add portal user ownership check to supplier quotation (#54298)
This commit is contained in:
mergify[bot]
2026-04-15 06:07:23 +00:00
committed by GitHub
parent 8b3d65ae78
commit 1e4cafaa0e
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
erpnext/buying/doctype/request_for_quotation/request_for_quotation.py
View File

@@ -474,6 +474,11 @@ def create_supplier_quotation(doc):
if isinstance(doc, str): if isinstance(doc, str):
doc = json.loads(doc) doc = json.loads(doc)
if frappe.session.user not in frappe.get_all(
"Portal User", {"parent": doc.get("supplier")}, pluck="user"
):
frappe.throw(_("Not Permitted"), frappe.PermissionError)
try: try:
sq_doc = frappe.get_doc( sq_doc = frappe.get_doc(
{ {

7
erpnext/buying/doctype/request_for_quotation/test_request_for_quotation.py
View File

@@ -263,6 +263,13 @@ def make_request_for_quotation(**args) -> "RequestforQuotation":
for data in supplier_data: for data in supplier_data:
rfq.append("suppliers", data) rfq.append("suppliers", data)
frappe.new_doc(
"Portal User",
user="Administrator",
parent=data.get("supplier"),
parentfield="portal_users",
parenttype="Supplier",
).insert()
rfq.append( rfq.append(
"items", "items",