ERPNext.com Frappe Cloud Support Partners Foundation Frappe School

Problem with Permission for Linked Doc at Script

Following scenario

User A, which has user permissions limited to Company A is triggering a server side script that shall create a Sales Order for Main Company.

@frappe.whitelist()
def make_sales_order_auto(doc, handler=""):  
        so = frappe.new_doc("Sales Order")
        for po_item in doc.items:
            so.append("items", { "item_code":po_item.item_code})
        so.ignore_permissions=True
        so.flags.ignore_permissions = 1        
        so.ignore_linked_doctypes = ['Company']        
        so.update({
                "po_no": doc.name,
                "delivery_date": doc.schedule_date,
				"company": "Main Company",
                "customer": doc.company,
        })
        so.ignore_permissions=True
        so.insert(ignore_permissions=True)
        frappe.db.commit()

(Note: remove some more fields for better reading.)

Good: The Sales Order for “Main Company” is created.

Not Good: User a receives the following message:

Setting the “ignore permission” flag on the company field of the Sales Order would solve this issue, but as a sideeffect User A would be able to create Sales Orders for all other companies. Not good.

Any idea what else I could try?