From fd5e3b32f075e1e5ad6796c290ae678004b4e919 Mon Sep 17 00:00:00 2001 From: ljain112 Date: Fri, 13 Dec 2024 13:46:15 +0530 Subject: [PATCH 1/2] fix: User permissions in financial statements --- erpnext/accounts/report/financial_statements.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/erpnext/accounts/report/financial_statements.py b/erpnext/accounts/report/financial_statements.py index d0a7a945de2..a22f612e74d 100644 --- a/erpnext/accounts/report/financial_statements.py +++ b/erpnext/accounts/report/financial_statements.py @@ -547,7 +547,16 @@ def get_accounting_entries( query = apply_additional_conditions(doctype, query, from_date, ignore_closing_entries, filters) query = query.where(gl_entry.account.isin(accounts)) - entries = query.run(as_dict=True) + query = query.get_sql() + + from frappe.desk.reportview import build_match_conditions + + match_conditions = build_match_conditions(doctype) + + if match_conditions: + query += "and" + match_conditions + + entries = frappe.db.sql(query, as_dict=True) return entries -- GitLab From 56cd77198fa8d57926554bc73cdb972c36f07a44 Mon Sep 17 00:00:00 2001 From: ljain112 Date: Tue, 17 Dec 2024 18:49:38 +0530 Subject: [PATCH 2/2] fix: using query.walk() for escaping --- erpnext/accounts/report/financial_statements.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/erpnext/accounts/report/financial_statements.py b/erpnext/accounts/report/financial_statements.py index a22f612e74d..7d05b1e2dd0 100644 --- a/erpnext/accounts/report/financial_statements.py +++ b/erpnext/accounts/report/financial_statements.py @@ -547,8 +547,6 @@ def get_accounting_entries( query = apply_additional_conditions(doctype, query, from_date, ignore_closing_entries, filters) query = query.where(gl_entry.account.isin(accounts)) - query = query.get_sql() - from frappe.desk.reportview import build_match_conditions match_conditions = build_match_conditions(doctype) @@ -556,9 +554,9 @@ def get_accounting_entries( if match_conditions: query += "and" + match_conditions - entries = frappe.db.sql(query, as_dict=True) + query, params = query.walk() - return entries + return frappe.db.sql(query, params, as_dict=True) def apply_additional_conditions(doctype, query, from_date, ignore_closing_entries, filters): -- GitLab