From 0f93ccc6e975602a5ee330661f5e12ff0f57e0cf Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Sat, 23 Mar 2024 14:33:23 +0530
Subject: [PATCH] fix: removed guest access from convert to deal api

---
 crm/fcrm/doctype/crm_lead/crm_lead.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/crm/fcrm/doctype/crm_lead/crm_lead.py b/crm/fcrm/doctype/crm_lead/crm_lead.py
index bebeb370..6d26d1d1 100644
--- a/crm/fcrm/doctype/crm_lead/crm_lead.py
+++ b/crm/fcrm/doctype/crm_lead/crm_lead.py
@@ -247,6 +247,9 @@ class CRMLead(Document):
 		if sla:
 			sla.apply(self)
 
+	def convert_to_deal(self):
+		return convert_to_deal(lead=self.name, doc=self)
+
 	@staticmethod
 	def get_non_filterable_fields():
 		return ["converted"]
@@ -317,12 +320,9 @@ class CRMLead(Document):
 		]
 		return {'columns': columns, 'rows': rows}
 
-@frappe.whitelist(allow_guest=True)
-def convert_to_deal(lead, allow_guest=False):
-	if not allow_guest and frappe.session.user == "Guest":
-		frappe.throw(_("Not allowed to convert Lead to Deal"), frappe.AuthenticationError)
-
-	if not frappe.has_permission("CRM Lead", "write", lead) and not allow_guest:
+@frappe.whitelist()
+def convert_to_deal(lead, doc=None):
+	if not (doc and doc.flags.get("ignore_permissions")) and not frappe.has_permission("CRM Lead", "write", lead):
 		frappe.throw(_("Not allowed to convert Lead to Deal"), frappe.PermissionError)
 
 	lead = frappe.get_cached_doc("CRM Lead", lead)