ERPNext 14 - Insufficient Permission on Ajax Call with a fully enabled user

Hi guys,

The following action works on Administrator but fails on a user set with All Roles. The Doctypes being used are Project, Item and a child table item_project.

–The user has all permissions on lv0 for Project and Item.–

I’m getting an Insufficient Permission error when saving an addition to the child table. The Item successfully saves in the child table, the issue is coming from an AJAX call on client script side. Nothing too fancy:

frappe.ui.form.on('Project', {
    after_save(frm) {
        if (frm.doc.items.length > 0) {
            {method: "erpnext.repo.write_project_items", args:{project_id:}}

I get the perms error as follows:

I tested disabling the script and I get no errors upon saving.

I have the function is whitelisted, again, it works perfectly if I try this same action with Administrator.

The only bits the server script touches are the same doctypes: Project, Item and item_project (child table).

Am I missing something?


OK, found the solution.

The server script was trying to retrieve the child table data with frappe.get_list had to replace it with frappe.get_all.