From 338feb31e1410bde26c887fe56d7fa6aeaaea273 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Sun, 31 May 2026 19:06:01 +0000
Subject: [PATCH] fix(issue): check permission before issue status modification
 (backport #55458) (#55459)

* fix(issue): check permission before issue status modification (#55458)

(cherry picked from commit 876f40350040a34aabfff4682934775453604f43)

# Conflicts:
#	erpnext/support/doctype/issue/issue.py

* chore: resolve conflicts

---------

Co-authored-by: Diptanil Saha <diptanil@frappe.io>
---
 erpnext/support/doctype/issue/issue.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/erpnext/support/doctype/issue/issue.py b/erpnext/support/doctype/issue/issue.py
index 70ced430257..faa12bd5419 100644
--- a/erpnext/support/doctype/issue/issue.py
+++ b/erpnext/support/doctype/issue/issue.py
@@ -218,11 +218,13 @@ def get_issue_list(doctype, txt, filters, limit_start, limit_page_length=20, ord
 @frappe.whitelist()
 def set_multiple_status(names, status):
 	for name in json.loads(names):
-		frappe.db.set_value("Issue", name, "status", status)
+		set_status(name, status)
 
 
 @frappe.whitelist()
 def set_status(name, status):
+	frappe.has_permission("Issue", "write", name, throw=True)
+
 	frappe.db.set_value("Issue", name, "status", status)