From 83aeb2e4754700467508533a7d4d736dbdfe489a Mon Sep 17 00:00:00 2001 From: ljain112 Date: Fri, 13 Dec 2024 13:46:15 +0530 Subject: [PATCH 1/2] fix: User permissions in financial statements (cherry picked from commit a626372d660a061de4594f92efaeac0a45d4bd57) --- erpnext/accounts/report/financial_statements.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/erpnext/accounts/report/financial_statements.py b/erpnext/accounts/report/financial_statements.py index 73e49983fb2..a12b217d1be 100644 --- a/erpnext/accounts/report/financial_statements.py +++ b/erpnext/accounts/report/financial_statements.py @@ -527,7 +527,16 @@ def get_accounting_entries( account_filter_query = get_account_filter_query(root_lft, root_rgt, root_type, gl_entry) query = query.where(ExistsCriterion(account_filter_query)) - entries = query.run(as_dict=True) + query = query.get_sql() + + from frappe.desk.reportview import build_match_conditions + + match_conditions = build_match_conditions(doctype) + + if match_conditions: + query += "and" + match_conditions + + entries = frappe.db.sql(query, as_dict=True) return entries From 40a8ed85711f86e95f8d5eca23ca6d3a77c74084 Mon Sep 17 00:00:00 2001 From: ljain112 Date: Tue, 17 Dec 2024 18:49:38 +0530 Subject: [PATCH 2/2] fix: using query.walk() for escaping (cherry picked from commit 5ea131c763633e1c93abddcbcd551d6d10df7336) --- erpnext/accounts/report/financial_statements.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/erpnext/accounts/report/financial_statements.py b/erpnext/accounts/report/financial_statements.py index a12b217d1be..918bafa169a 100644 --- a/erpnext/accounts/report/financial_statements.py +++ b/erpnext/accounts/report/financial_statements.py @@ -527,8 +527,6 @@ def get_accounting_entries( account_filter_query = get_account_filter_query(root_lft, root_rgt, root_type, gl_entry) query = query.where(ExistsCriterion(account_filter_query)) - query = query.get_sql() - from frappe.desk.reportview import build_match_conditions match_conditions = build_match_conditions(doctype) @@ -536,9 +534,9 @@ def get_accounting_entries( if match_conditions: query += "and" + match_conditions - entries = frappe.db.sql(query, as_dict=True) + query, params = query.walk() - return entries + return frappe.db.sql(query, params, as_dict=True) def get_account_filter_query(root_lft, root_rgt, root_type, gl_entry):