From 876f40350040a34aabfff4682934775453604f43 Mon Sep 17 00:00:00 2001
From: Diptanil Saha <diptanil@frappe.io>
Date: Sun, 31 May 2026 22:07:28 +0530
Subject: [PATCH] fix(issue): check permission before issue status modification
 (#55458)

---
 erpnext/support/doctype/issue/issue.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/erpnext/support/doctype/issue/issue.py b/erpnext/support/doctype/issue/issue.py
index a325c32dbd2..75822ff2247 100644
--- a/erpnext/support/doctype/issue/issue.py
+++ b/erpnext/support/doctype/issue/issue.py
@@ -218,11 +218,13 @@ def get_issue_list(doctype, txt, filters, limit_start, limit_page_length=20, ord
 @frappe.whitelist()
 def set_multiple_status(names: str, status: str):
 	for name in json.loads(names):
-		frappe.db.set_value("Issue", name, "status", status)
+		set_status(name, status)
 
 
 @frappe.whitelist()
 def set_status(name: str, status: str):
+	frappe.has_permission("Issue", "write", name, throw=True)
+
 	frappe.db.set_value("Issue", name, "status", status)