rule: has_perm misuse

ankush · ankush · commit 2144ca43cdfb · 2026-02-16T12:48:39.000+05:30
diff --git a/rules/code_quality.yml b/rules/code_quality.yml
@@ -24,3 +24,24 @@ rules:
     get_doc(dict(k=v)) is same as get_doc(k=v)
   languages: [python]
   severity: WARNING
+
+- id: unchecked-frappe-permission-call
+  languages:
+    - python
+  message: >-
+    Found a call to `frappe.has_permission` where the return value is ignored.
+    Unless `throw=True` is passed, this function only returns a boolean and
+    does not enforce security on its own.
+  severity: ERROR
+  patterns:
+    - pattern: frappe.has_permission(...)
+    - pattern-not: frappe.has_permission(..., throw=True, ...)
+    - pattern-not: frappe.has_permission(..., throw=$SOMETHING, ...)
+    - pattern-not-inside: $VAR = frappe.has_permission(...)
+    - pattern-not-inside: "return ..."
+    - pattern-not-inside: "if <... frappe.has_permission(...) ...> : ..."
+    - pattern-not-inside: "$PRED_TRUE if frappe.has_permission(...) else $PRED_FALSE"
+    - pattern-not-inside: assert frappe.has_permission(...)
+  paths:
+    exclude:
+      - "**/test_*.py"
