search

frappe / erpnext

Free and Open Source Enterprise Resource Planning (ERP)
https://erpnext.com
GNU General Public License v3.0
21.32k stars 7.27k forks source link

make_payment_request does not set ignore_permissions=True by default anymore #42934

Closed cogk closed 1 month ago

cogk commented 2 months ago

Information about bug

If create_pr_in_draft_status is no which is the default, the ignore_permissions flag is not set on the PR, making it impossible for Guest to submit it.

https://github.com/frappe/erpnext/blob/ca2fde891ec32b162f6b6c33d9ff10b60e4ca57c/erpnext/accounts/doctype/payment_request/payment_request.py#L528-L531

Module

selling, ecommerce

Version

erpnext 15.33.5 frappe 15.39.0 hrms 15.27.0 insights 2.2.4 payments

Installation method

manual install

Relevant log output / Stack trace / Full Error Message.

File "apps/frappe/frappe/utils/typing_validations.py", line 31, in wrapper
    return func(*args, **kwargs)
      args = ()
      kwargs = {'dt': 'Sales Order', 'dn': 'XXX', 'mute_email': 1, 'payment_gateway_account': 'XXX', 'submit_doc': 1, 'return_doc': 1, 'recipient_id': 'XXX', 'party_type': 'Lead', 'party': 'XXX'}
      func = <function make_payment_request>
  File "apps/erpnext/erpnext/accounts/doctype/payment_request/payment_request.py", line 517, in make_payment_request
    pr.submit()
      pr = <PaymentRequest: unsaved docstatus=1>
  File "apps/frappe/frappe/utils/typing_validations.py", line 31, in wrapper
    return func(*args, **kwargs)
      args = (<PaymentRequest: unsaved docstatus=1>,)
      kwargs = {}
      func = <function Document.submit>
  File "apps/frappe/frappe/model/document.py", line 1048, in submit
    return self._submit()
      self = <PaymentRequest: unsaved docstatus=1>
  File "apps/frappe/frappe/model/document.py", line 1031, in _submit
    return self.save()
  File "apps/frappe/frappe/model/document.py", line 337, in save
    return self._save(*args, **kwargs)
  File "apps/frappe/frappe/model/document.py", line 359, in _save
    return self.insert()
      self = <PaymentRequest: unsaved docstatus=1>
      ignore_permissions = None
      ignore_version = None
  File "apps/frappe/frappe/model/document.py", line 282, in insert
    self.check_if_latest()
      self = <PaymentRequest: unsaved docstatus=1>
      ignore_permissions = None
      ignore_links = None
      ignore_if_duplicate = False
      ignore_mandatory = None
      set_name = None
      set_child_names = True
  File "apps/frappe/frappe/model/document.py", line 811, in check_if_latest
    self.check_docstatus_transition(0)
      self = <PaymentRequest: unsaved docstatus=1>
      previous = None
  File "apps/frappe/frappe/model/document.py", line 843, in check_docstatus_transition
    self.check_permission("submit")
      self = <PaymentRequest: unsaved docstatus=1>
      to_docstatus = 0
  File "apps/frappe/frappe/model/document.py", line 220, in check_permission
    self.raise_no_permission_to(permtype)
      self = <PaymentRequest: unsaved docstatus=1>
      permtype = 'submit'
      permlevel = None
  File "apps/frappe/frappe/model/document.py", line 241, in raise_no_permission_to
    raise frappe.PermissionError
      self = <PaymentRequest: unsaved docstatus=1>
      perm_type = 'submit'
frappe.exceptions.PermissionError:
phalouvas commented 2 months ago

I confirm. The same issue occurs when adding payment request from Webshop

ruthra-kumar commented 2 months ago

@cogk Could you provide replication steps?

phalouvas commented 2 months ago

@cogk Could you provide replication steps?

Login as a customer. Using webshop add something in cart. Set up to use PayPal as payment engine. Press button "Pay Now" on the created Sales Order. You get below:

image

Above image is from test but same occurs on live site.

cogk commented 2 months ago

Full test case: 

import frappe
from erpnext.accounts.doctype.payment_request.payment_request import make_payment_request

frappe.set_user("Guest")

so_name = frappe.db.get_value("Sales Order", {})
make_payment_request(dt="Sales Order", dn=so_name, submit_doc=True)

raises PermissionError

@ruthra-kumar

phalouvas commented 2 months ago

@ruthra-kumar The problem can be temporary solved by changing in Account Settings the Payment Request save in draft status.

image

The root of the problem is on doctype payment_request.py that it tries to submit without first insert. if frappe.db.get_single_value("Accounts Settings", "create_pr_in_draft_status", cache=True): pr.insert(ignore_permissions=True) if args.submit_doc: pr.submit()

cogk commented 2 months ago

it tries to submit without first insert

The root problem is that the doc.flags.ignore_permissions is not set to True anymore in all paths, but it must be because the method is whitelisted and accesible for Guest

ruthra-kumar commented 1 month ago

@cogk @phalouvas https://github.com/frappe/erpnext/pull/43146 should fix this.