From 7c5d617049bbeb63e21c4d046bf81064769598a0 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Mon, 1 Jun 2026 00:57:21 +0530
Subject: [PATCH] fix(issue): check permission before issue status modification
 (backport #55458) (#55460)

Co-authored-by: Diptanil Saha <diptanil@frappe.io>
fix(issue): check permission before issue status modification (#55458)
---
 erpnext/support/doctype/issue/issue.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/erpnext/support/doctype/issue/issue.py b/erpnext/support/doctype/issue/issue.py
index 70ced430257..faa12bd5419 100644
--- a/erpnext/support/doctype/issue/issue.py
+++ b/erpnext/support/doctype/issue/issue.py
@@ -218,11 +218,13 @@ def get_issue_list(doctype, txt, filters, limit_start, limit_page_length=20, ord
 @frappe.whitelist()
 def set_multiple_status(names, status):
 	for name in json.loads(names):
-		frappe.db.set_value("Issue", name, "status", status)
+		set_status(name, status)
 
 
 @frappe.whitelist()
 def set_status(name, status):
+	frappe.has_permission("Issue", "write", name, throw=True)
+
 	frappe.db.set_value("Issue", name, "status", status)