nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-05-26 08:24:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add portal user ownership check to supplier quotation (#54298)

Browse Source
This commit is contained in:
Mihir Kandoi
2026-04-15 11:21:08 +05:30
committed by GitHub
parent 0969ec4186
commit af6974893b
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
erpnext/buying/doctype/request_for_quotation/request_for_quotation.py
View File

@@ -481,6 +481,11 @@ def create_supplier_quotation(doc: str | Document | dict):
if isinstance(doc, str): if isinstance(doc, str):
doc = json.loads(doc) doc = json.loads(doc)
if frappe.session.user not in frappe.get_all(
"Portal User", {"parent": doc.get("supplier")}, pluck="user"
):
frappe.throw(_("Not Permitted"), frappe.PermissionError)
try: try:
sq_doc = frappe.get_doc( sq_doc = frappe.get_doc(
{ {

7
erpnext/buying/doctype/request_for_quotation/test_request_for_quotation.py
View File

@@ -263,6 +263,13 @@ def make_request_for_quotation(**args):
for data in supplier_data: for data in supplier_data:
rfq.append("suppliers", data) rfq.append("suppliers", data)
frappe.new_doc(
"Portal User",
user="Administrator",
parent=data.get("supplier"),
parentfield="portal_users",
parenttype="Supplier",
).insert()
rfq.append( rfq.append(
"items", "items",