From 264433b23d61ffa41a75adcc9c554941e1de4e29 Mon Sep 17 00:00:00 2001
From: khushi8112 <khushirawat23@navgurukul.org>
Date: Thu, 21 May 2026 15:05:44 +0530
Subject: [PATCH 1/2] fix: use get_query instead of get_all for data fetching

(cherry picked from commit 1fd99337b343ef394926d6baedffa9da3b86019a)
---
 .../report/sales_analytics/sales_analytics.py | 74 ++++++++++++-------
 1 file changed, 49 insertions(+), 25 deletions(-)

diff --git a/erpnext/selling/report/sales_analytics/sales_analytics.py b/erpnext/selling/report/sales_analytics/sales_analytics.py
index d4f7ad42b43..52372659981 100644
--- a/erpnext/selling/report/sales_analytics/sales_analytics.py
+++ b/erpnext/selling/report/sales_analytics/sales_analytics.py
@@ -138,12 +138,30 @@ class Analytics:
 			self.get_sales_transactions_based_on_project()
 			self.get_rows()
 
+	def _get_permitted_parent_names(self):
+		return frappe.qb.get_query(
+			table=self.filters.doc_type,
+			fields=["name"],
+			filters={
+				"docstatus": 1,
+				"company": ["in", self.filters.company],
+				self.date_field: ("between", [self.filters.from_date, self.filters.to_date]),
+			},
+			ignore_permissions=False,
+		).run(pluck="name")
+
 	def get_sales_transactions_based_on_order_type(self):
 		if self.filters["value_quantity"] == "Value":
 			value_field = "base_net_total"
 		else:
 			value_field = "total_qty"
 
+		permitted_names = self._get_permitted_parent_names()
+		if not permitted_names:
+			self.entries = []
+			self.get_teams()
+			return
+
 		doctype = DocType(self.filters.doc_type)
 
 		self.entries = (
@@ -153,12 +171,7 @@ class Analytics:
 				doctype[self.date_field],
 				doctype[value_field].as_("value_field"),
 			)
-			.where(
-				(doctype.docstatus == 1)
-				& (doctype.company.isin(self.filters.company))
-				& (doctype[self.date_field].between(self.filters.from_date, self.filters.to_date))
-				& (IfNull(doctype.order_type, "") != "")
-			)
+			.where((doctype.name.isin(permitted_names)) & (IfNull(doctype.order_type, "") != ""))
 			.orderby(doctype.order_type)
 		).run(as_dict=True)
 
@@ -186,9 +199,12 @@ class Analytics:
 		if self.filters.doc_type in ["Sales Invoice", "Purchase Invoice", "Payment Entry"]:
 			filters.update({"is_opening": "No"})
 
-		self.entries = frappe.get_all(
-			self.filters.doc_type, fields=[entity, entity_name, value_field, self.date_field], filters=filters
-		)
+		self.entries = frappe.qb.get_query(
+			table=self.filters.doc_type,
+			fields=[entity, entity_name, value_field, self.date_field],
+			filters=filters,
+			ignore_permissions=False,
+		).run(as_dict=True)
 
 		self.entity_names = {}
 		for d in self.entries:
@@ -200,6 +216,12 @@ class Analytics:
 		else:
 			value_field = "stock_qty"
 
+		permitted_names = self._get_permitted_parent_names()
+		if not permitted_names:
+			self.entries = []
+			self.entity_names = {}
+			return
+
 		doctype = DocType(self.filters.doc_type)
 		doctype_item = DocType(f"{self.filters.doc_type} Item")
 
@@ -214,11 +236,7 @@ class Analytics:
 				doctype_item[value_field].as_("value_field"),
 				doctype[self.date_field],
 			)
-			.where(
-				(doctype_item.docstatus == 1)
-				& (doctype.company.isin(self.filters.company))
-				& (doctype[self.date_field].between(self.filters.from_date, self.filters.to_date))
-			)
+			.where((doctype_item.docstatus == 1) & (doctype.name.isin(permitted_names)))
 		).run(as_dict=True)
 
 		self.entity_names = {}
@@ -248,11 +266,12 @@ class Analytics:
 		if self.filters.doc_type in ["Sales Invoice", "Purchase Invoice", "Payment Entry"]:
 			filters.update({"is_opening": "No"})
 
-		self.entries = frappe.get_all(
-			self.filters.doc_type,
+		self.entries = frappe.qb.get_query(
+			table=self.filters.doc_type,
 			fields=[entity_field, value_field, self.date_field],
 			filters=filters,
-		)
+			ignore_permissions=False,
+		).run(as_dict=True)
 		self.get_groups()
 
 	def get_sales_transactions_based_on_item_group(self):
@@ -261,6 +280,12 @@ class Analytics:
 		else:
 			value_field = "qty"
 
+		permitted_names = self._get_permitted_parent_names()
+		if not permitted_names:
+			self.entries = []
+			self.get_groups()
+			return
+
 		doctype = DocType(self.filters.doc_type)
 		doctype_item = DocType(f"{self.filters.doc_type} Item")
 
@@ -273,11 +298,7 @@ class Analytics:
 				doctype_item[value_field].as_("value_field"),
 				doctype[self.date_field],
 			)
-			.where(
-				(doctype_item.docstatus == 1)
-				& (doctype.company.isin(self.filters.company))
-				& (doctype[self.date_field].between(self.filters.from_date, self.filters.to_date))
-			)
+			.where((doctype_item.docstatus == 1) & (doctype.name.isin(permitted_names)))
 		).run(as_dict=True)
 
 		self.get_groups()
@@ -300,9 +321,12 @@ class Analytics:
 		if self.filters.doc_type in ["Sales Invoice", "Purchase Invoice", "Payment Entry"]:
 			filters.update({"is_opening": "No"})
 
-		self.entries = frappe.get_all(
-			self.filters.doc_type, fields=[entity, value_field, self.date_field], filters=filters
-		)
+		self.entries = frappe.qb.get_query(
+			table=self.filters.doc_type,
+			fields=[entity, value_field, self.date_field],
+			filters=filters,
+			ignore_permissions=False,
+		).run(as_dict=True)
 
 	def get_rows(self):
 		self.data = []

From ad511b80c05b8f2efddc1b03494b9a473808f7b9 Mon Sep 17 00:00:00 2001
From: khushi8112 <khushirawat23@navgurukul.org>
Date: Tue, 2 Jun 2026 12:17:37 +0530
Subject: [PATCH 2/2] fix: replace get_query with get_list for permission-aware
 queries in v15

---
 .../report/sales_analytics/sales_analytics.py | 29 +++++++++----------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/erpnext/selling/report/sales_analytics/sales_analytics.py b/erpnext/selling/report/sales_analytics/sales_analytics.py
index 52372659981..5786adc6881 100644
--- a/erpnext/selling/report/sales_analytics/sales_analytics.py
+++ b/erpnext/selling/report/sales_analytics/sales_analytics.py
@@ -139,16 +139,16 @@ class Analytics:
 			self.get_rows()
 
 	def _get_permitted_parent_names(self):
-		return frappe.qb.get_query(
-			table=self.filters.doc_type,
+		return frappe.get_list(
+			self.filters.doc_type,
 			fields=["name"],
 			filters={
 				"docstatus": 1,
 				"company": ["in", self.filters.company],
 				self.date_field: ("between", [self.filters.from_date, self.filters.to_date]),
 			},
-			ignore_permissions=False,
-		).run(pluck="name")
+			pluck="name",
+		)
 
 	def get_sales_transactions_based_on_order_type(self):
 		if self.filters["value_quantity"] == "Value":
@@ -199,12 +199,11 @@ class Analytics:
 		if self.filters.doc_type in ["Sales Invoice", "Purchase Invoice", "Payment Entry"]:
 			filters.update({"is_opening": "No"})
 
-		self.entries = frappe.qb.get_query(
-			table=self.filters.doc_type,
+		self.entries = frappe.get_list(
+			self.filters.doc_type,
 			fields=[entity, entity_name, value_field, self.date_field],
 			filters=filters,
-			ignore_permissions=False,
-		).run(as_dict=True)
+		)
 
 		self.entity_names = {}
 		for d in self.entries:
@@ -266,12 +265,11 @@ class Analytics:
 		if self.filters.doc_type in ["Sales Invoice", "Purchase Invoice", "Payment Entry"]:
 			filters.update({"is_opening": "No"})
 
-		self.entries = frappe.qb.get_query(
-			table=self.filters.doc_type,
+		self.entries = frappe.get_list(
+			self.filters.doc_type,
 			fields=[entity_field, value_field, self.date_field],
 			filters=filters,
-			ignore_permissions=False,
-		).run(as_dict=True)
+		)
 		self.get_groups()
 
 	def get_sales_transactions_based_on_item_group(self):
@@ -321,12 +319,11 @@ class Analytics:
 		if self.filters.doc_type in ["Sales Invoice", "Purchase Invoice", "Payment Entry"]:
 			filters.update({"is_opening": "No"})
 
-		self.entries = frappe.qb.get_query(
-			table=self.filters.doc_type,
+		self.entries = frappe.get_list(
+			self.filters.doc_type,
 			fields=[entity, value_field, self.date_field],
 			filters=filters,
-			ignore_permissions=False,
-		).run(as_dict=True)
+		)
 
 	def get_rows(self):
 		self.data = []