From a626372d660a061de4594f92efaeac0a45d4bd57 Mon Sep 17 00:00:00 2001 From: ljain112 Date: Fri, 13 Dec 2024 13:46:15 +0530 Subject: [PATCH 1/2] fix: User permissions in financial statements --- erpnext/accounts/report/financial_statements.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/erpnext/accounts/report/financial_statements.py b/erpnext/accounts/report/financial_statements.py index 73e49983fb2..a12b217d1be 100644 --- a/erpnext/accounts/report/financial_statements.py +++ b/erpnext/accounts/report/financial_statements.py @@ -527,7 +527,16 @@ def get_accounting_entries( account_filter_query = get_account_filter_query(root_lft, root_rgt, root_type, gl_entry) query = query.where(ExistsCriterion(account_filter_query)) - entries = query.run(as_dict=True) + query = query.get_sql() + + from frappe.desk.reportview import build_match_conditions + + match_conditions = build_match_conditions(doctype) + + if match_conditions: + query += "and" + match_conditions + + entries = frappe.db.sql(query, as_dict=True) return entries From 5ea131c763633e1c93abddcbcd551d6d10df7336 Mon Sep 17 00:00:00 2001 From: ljain112 Date: Tue, 17 Dec 2024 18:49:38 +0530 Subject: [PATCH 2/2] fix: using query.walk() for escaping --- erpnext/accounts/report/financial_statements.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/erpnext/accounts/report/financial_statements.py b/erpnext/accounts/report/financial_statements.py index a12b217d1be..918bafa169a 100644 --- a/erpnext/accounts/report/financial_statements.py +++ b/erpnext/accounts/report/financial_statements.py @@ -527,8 +527,6 @@ def get_accounting_entries( account_filter_query = get_account_filter_query(root_lft, root_rgt, root_type, gl_entry) query = query.where(ExistsCriterion(account_filter_query)) - query = query.get_sql() - from frappe.desk.reportview import build_match_conditions match_conditions = build_match_conditions(doctype) @@ -536,9 +534,9 @@ def get_accounting_entries( if match_conditions: query += "and" + match_conditions - entries = frappe.db.sql(query, as_dict=True) + query, params = query.walk() - return entries + return frappe.db.sql(query, params, as_dict=True) def get_account_filter_query(root_lft, root_rgt, root_type, gl_entry):