Frappe.desk.search.search_link is not whitelisted

madhusona · January 17, 2024, 11:50am

My doctype name is vapp. It has one child table(multipleopp). My child doctype(multipleopp) has one field id, it is a link field to another doctype(opp). I created a webform (vapp_form) to collect data anonymously. In Web Form settings i checked Anonymous.

The user cannot pick the values in multipleopp child table if they have not logged in. It throws

frappe.exceptions.PermissionError: You are not permitted to access this resource.Function frappe.desk.search.search_link is not whitelisted

I created webform (vapp_form) in my custom app and my Version:

ERPNext: v14.58.1 (version-14)

Frappe Framework: v14.62.1 (version-14)

The error from the following code

/home/frappe/frappe-bench/apps/frappe/frappe/handler.py

def execute_cmd(cmd, from_async=False):
    """execute a request as python module"""
    for hook in frappe.get_hooks("override_whitelisted_methods", {}).get(cmd, []):
        # override using the first hook
        cmd = hook
        break

    # via server script
    server_script = get_server_script_map().get("_api", {}).get(cmd)
    if server_script:
        return run_server_script(server_script)

    try:
        method = get_attr(cmd)
    except Exception as e:
        frappe.throw(_("Failed to get method for command {0} with {1}").format(cmd, e))

    if from_async:
        method = method.queue

    if method != run_doc_method:        
        is_whitelisted(method)
        is_valid_http_method(method)

    return frappe.call(method, **frappe.form_dict)

madhusona · January 17, 2024, 6:06pm

The problem is allow_guest=True is not set in search_link - @frappe.whitelist(allow_guest=True). How to set @frappe.whitelist(allow_guest=True) for the particular doctype.

/home/frappe/frappe-bench/apps/frappe/frappe/desk/search.py

@frappe.whitelist()

def search_link(
    doctype,
    txt,
    query=None,
    filters=None,
    page_length=20,
    searchfield=None,
    reference_doctype=None,
    ignore_user_permissions=False,
):
    search_widget(
        doctype,
        txt.strip(),
        query,
        searchfield=searchfield,
        page_length=page_length,
        filters=filters,
        reference_doctype=reference_doctype,
        ignore_user_permissions=ignore_user_permissions,
    )
    print(doctype)
    frappe.response["results"] = build_for_autosuggest(frappe.response["values"], doctype=doctype)
    del frappe.response["values"]