User can see restricted information (based on user permission) in reports

Hi Guys,

I have set user permissions to a user restricting the following,

  • Warehouse
  • Project
  • Company
  • Letter Head

But the user still can see the entire list of sales invoices raised from different projects and warehouses in the Accounts Receivable report?

How to stop this?

look at the user Role and see what they have access to and dont…

I have given report access. but need to restrict sales invoices that are raised from different projects that are not applicable to the user

user permission is only applied when custom script report fetch its raw data via standard api call to get_list or get_all, in other words, the user permission is controlled/enforced in get_list/get_all which is mainly for list view and report builder based standard report.

for your case, you got to copy standard accounts receivable report to a new one and add needed user permission check( exclude the not permit rows) after raw data fetched.

1 Like

@szufisher How to do this, please…

add needed user permission check( exclude the not permit rows) after raw data fetched

does this require coding ?

yes, need some coding.

1 Like

I have copied the report and renamed it a new one. Can you guide me please.

  1. create a new class inherit from class ReceivablePayableReport(object)
    2.overwrite method get_gl_entries
    call frappe.has_permission again voucher_type and voucher_no(doc)
    if not permit remove from the gl_entries

  2. rewrite execute method to use the derived class at step 1.
    def execute(filters=None):

    args = {

     "party_type": "Customer",
     "naming_by": ["Selling Settings", "cust_master_name"],


    return ReceivablePayableReport(filters).run(args)

this is the draft idea, I do think professional developer resource needed for this task. hope you all the best.

1 Like

Thank you!

for your reference.

  1. create a new script report new_report
  2. copy accounts_receivable.js code to new_report.js, change the report name in js file
  3. in , copy the below code
import frappe
from import ReceivablePayableReport

def execute(filters=None):
	args = {
		"party_type": "Customer",
		"naming_by": ["Selling Settings", "cust_master_name"],
	return MyReceivablePayableReport(filters).run(args)

class MyReceivablePayableReport(ReceivablePayableReport):
	def get_gl_entries(self):
		super(MyReceivablePayableReport, self).get_gl_entries()
		doctype_docs_map = {}
		for gle in self.gl_entries:
			docs = doctype_docs_map.setdefault(gle.voucher_type, [])
		gl_entries = []

		for (doctype, docs) in doctype_docs_map.items():
			allowed_docs = frappe.get_list(doctype, pluck='name')
			gl_entries.extend([gle for gle in docs if gle.voucher_no in allowed_docs])
		self.gl_entries = gl_entries
1 Like

if the above solution works for your case, we can consider raise a github issue and pull request to fix the standard report accordingly.

1 Like

Thank you so much! I will try this and get back.

@szufisher Pardon me for taking so long to reply. It was my first time creating a script report so I had to get help.

I’m thrilled to say that your code worked!! :clap: I’m really grateful for you attending this.

Similar to this Account Receivable report there are other reports that have the same issue, such as Accounts Payable report, Accounts Receivable Summary, etc.

I hope it will be great if you guys fix those standard reports including this one in a coming update.


@szufisher I tried this on v12. It gives me this strange error.

replace the above quoted line with the below 2 lines

allowed_docs = frappe.get_list(doctype)
allowed_docs = [ for d in allowed_docs]
1 Like

Working! Kudos to you sir!