From e0f206243afa35534590e2d6ea8ffc77f9dfd61c Mon Sep 17 00:00:00 2001 From: ruthra kumar Date: Wed, 4 Feb 2026 16:54:51 +0530 Subject: [PATCH] fix: enfore permission on make_payment_request (cherry picked from commit b755ca12ca2afd3e5587b81fd280820a298fbec5) --- erpnext/accounts/doctype/payment_request/payment_request.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/erpnext/accounts/doctype/payment_request/payment_request.py b/erpnext/accounts/doctype/payment_request/payment_request.py index 1012ff56ebf..c1461eb4ed9 100644 --- a/erpnext/accounts/doctype/payment_request/payment_request.py +++ b/erpnext/accounts/doctype/payment_request/payment_request.py @@ -487,10 +487,12 @@ class PaymentRequest(Document): row_number += TO_SKIP_NEW_ROW -@frappe.whitelist(allow_guest=True) +@frappe.whitelist() def make_payment_request(**args): """Make payment request""" + frappe.has_permission(doctype="Payment Request", ptype="write", throw=True) + args = frappe._dict(args) ref_doc = frappe.get_doc(args.dt, args.dn)