Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(Bank Reconciliation Tool): check role perms (backport #120) #126

Merged
merged 4 commits into from
Nov 18, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -35,16 +35,20 @@ def get_bank_transactions(
to_date: str = None,
order_by: str = "date asc",
):
# returns bank transactions for a bank account
filters = []
filters.append(["bank_account", "=", bank_account])
filters.append(["docstatus", "=", 1])
filters.append(["unallocated_amount", ">", 0.0])
"""Return bank transactions for a bank account"""
filters = [
["bank_account", "=", bank_account],
["docstatus", "=", 1],
["unallocated_amount", ">", 0.001],
]

if to_date:
filters.append(["date", "<=", to_date])

if from_date:
filters.append(["date", ">=", from_date])
transactions = frappe.get_all(

return frappe.get_list(
"Bank Transaction",
fields=[
"date",
Expand All @@ -66,7 +70,6 @@ def get_bank_transactions(
filters=filters,
order_by=order_by,
)
return transactions


@frappe.whitelist()
Expand All @@ -87,6 +90,8 @@ def create_journal_entry_bts(
allow_edit = sbool(allow_edit)

bank_transaction = frappe.get_doc("Bank Transaction", bank_transaction_name)
bank_transaction.check_permission("read")

if bank_transaction.deposit and bank_transaction.withdrawal:
frappe.throw(
_(
Expand Down Expand Up @@ -398,8 +403,10 @@ def get_linked_payments(
from_reference_date: str = None,
to_reference_date: str = None,
) -> list:
# get all matching payments for a bank transaction
"""Get all matching payments for a bank transaction"""
transaction = frappe.get_doc("Bank Transaction", bank_transaction_name)
transaction.check_permission("read")

gl_account, company = frappe.db.get_value(
"Bank Account", transaction.bank_account, ["account", "company"]
)
Expand Down Expand Up @@ -558,6 +565,7 @@ def get_matching_queries(
is_deposit = transaction.deposit > 0.0

if "payment_entry" in document_types:
frappe.has_permission("Payment Entry", throw=True)
query = get_pe_matching_query(
exact_match,
account_from_to,
Expand All @@ -572,6 +580,7 @@ def get_matching_queries(
queries.append(query)

if "journal_entry" in document_types:
frappe.has_permission("Journal Entry", throw=True)
query = get_je_matching_query(
exact_match,
transaction,
Expand All @@ -596,22 +605,27 @@ def get_matching_queries(
if include_unpaid:
kwargs["company"] = company
for doctype, fn in invoice_queries_map.items():
frappe.has_permission(frappe.unscrub(doctype), throw=True)

if doctype != "expense_claim":
kwargs["include_only_returns"] = doctype != invoice_dt
else:
del kwargs["include_only_returns"]
queries.append(fn(**kwargs))
else:
if fn := invoice_queries_map.get(invoice_dt):
queries.append(fn(**kwargs))
elif fn := invoice_queries_map.get(invoice_dt):
frappe.has_permission(frappe.unscrub(invoice_dt), throw=True)
queries.append(fn(**kwargs))

if "loan_disbursement" in document_types and is_withdrawal:
frappe.has_permission("Loan Disbursement", throw=True)
queries.append(get_ld_matching_query(bank_account, exact_match, transaction))

if "loan_repayment" in document_types and is_deposit:
frappe.has_permission("Loan Repayment", throw=True)
queries.append(get_lr_matching_query(bank_account, exact_match, transaction))

if "bank_transaction" in document_types:
frappe.has_permission("Bank Transaction", throw=True)
query = get_bt_matching_query(exact_match, transaction, exact_party_match)
queries.append(query)

Expand Down
Loading