fix: gracefully handle ephemeral document permissions during GST validation

[Aakash1o1]

Description

When a user creates a new, unsaved Supplier/Customer/Company and interacts with GST-related fields (e.g., adding a GSTIN), a `DoesNotExistError` is thrown, surfaced to the user as a "Supplier/Customer Not Found" (HTTP 404) error.

Root Cause

`frappe.has_permission(doctype, doc=docname, throw=True)` internally calls `frappe.get_doc(doctype, docname)` when `doc` is a string. For unsaved records, the client passes a temporary ephemeral name (e.g., `new-supplier-1`) which does not exist in the database, causing `frappe.DoesNotExistError` to be raised.

Fix Description

Implements the Permission-First pattern across both affected functions:

1. Doctype-level permission check first — `has_permission(doctype, doc=None)` with no doc lookup, preventing information disclosure to unauthorized users
2. Existence guard — `frappe.db.exists()` confirms the record is in the database before any document-level operation. This handles ephemeral UI documents (`new-*`), deleted records, and stale/invalid names (race condition guard)
3. Document-level permission check — only executed for confirmed real records

Affected Functions

• `get_gstin_list` in `gst_india/utils/init.py`
• `make_default_tax_templates` in `gst_india/overrides/company.py`

Steps to Reproduce (Before Fix)

1. Navigate to Supplier > New
2. Interact with any GSTIN-related field before saving
3. Observe `DoesNotExistError` / "Supplier Not Found" error in the UI

Testing

• Added `test_get_gstin_list_with_ephemeral_document` in `test_utils.py` — asserts `[]` returned for unsaved docname, uses `finally` to restore user context
• Added `test_make_default_tax_templates_with_ephemeral_company` in `test_company.py` — verifies exact user-friendly error message, uses `finally` to restore user context

[coderabbitai]

Warning

Rate limit exceeded

@Aakash1o1 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 3 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 11 minutes and 3 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d40820d5-9dfa-43bf-a2ce-bc1ac9fcddf5

📥 Commits

Reviewing files that changed from the base of the PR and between 5324341 and 5009ea2.

📒 Files selected for processing (2)

• india_compliance/gst_india/overrides/company.py
• india_compliance/gst_india/utils/test_utils.py

📝 Walkthrough

Walkthrough

The PR adds early doctype-level permission checks and explicit existence guards to GST India functions. make_default_tax_templates() now performs a doctype-level Company permission check (doc=None), verifies the Company exists and raises a translated error for unsaved/missing Companies, then does the document-level permission check inside a try/except to catch frappe.DoesNotExistError. get_gstin_list() now does a doctype-level read permission check before existence lookup, returns an empty list for missing/unsaved records, and wraps the document-level permission check in a try/except to avoid race-condition errors. Integration tests covering these behaviors were added.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: gracefully handle ephemeral document permissions during GST validation' accurately and specifically describes the main change: handling permission checks for unsaved (ephemeral) documents in GST-related functions.
Description check	✅ Passed	The description is detailed and directly related to the changeset, explaining the problem, root cause, fix approach, affected functions, reproduction steps, and testing strategy.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 18 complexity

Metric	Results
Complexity	18

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}

[greptile-apps]

Confidence Score: 3/5

Safe to merge for the primary ephemeral-name use case, but the residual TOCTOU window at the document-level has_permission call means the original DoesNotExistError can still appear in rare race-condition scenarios.

The fix correctly handles the common case (ephemeral document names) and is a clear improvement over the status quo. However, the document-level has_permission call in both functions still receives a plain string name and Frappe will attempt to fetch the document internally, meaning a deletion race can reproduce the exact error the PR is meant to prevent. This is a low-probability but real gap that warrants a follow-up fix before merging.

india_compliance/gst_india/utils/init.py (line 116) and india_compliance/gst_india/overrides/company.py (line 78) — the document-level has_permission calls that retain the TOCTOU window.

Important Files Changed

Filename	Overview
india_compliance/gst_india/utils/init.py	Adds a three-step permission/existence guard to get_gstin_list: doctype-level check, db.exists early-return [], then document-level check. Correct approach for the ephemeral-name bug; minor TOCTOU window remains at the document-level has_permission call.
india_compliance/gst_india/overrides/company.py	Same three-step pattern added to make_default_tax_templates; throws a user-friendly ValidationError for ephemeral/missing companies. Same residual TOCTOU concern at the document-level has_permission call.
india_compliance/gst_india/utils/test_utils.py	New test asserts [] is returned for an ephemeral supplier name using Administrator context; correctly restores session user in a finally block. Only covers the Administrator path.
india_compliance/gst_india/overrides/test_company.py	New test asserts ValidationError with a specific message for an ephemeral company name; uses assertRaisesRegex correctly and restores user in a finally block.

_{Reviews (1): Last reviewed commit: "fix: address AI review feedback for PR #..." | Re-trigger Greptile}

[greptile-apps]

Residual TOCTOU window in document-level permission check

The db.exists() guard in step 2 closes the ephemeral-name case, but the document-level has_permission call on line 116 still passes doc=party as a string. Frappe resolves a string doc by calling frappe.get_doc(doctype, name) internally, so if the record is deleted between the db.exists() check and this call (a race condition), the original DoesNotExistError can still surface — the very error this PR is intended to prevent.

For get_gstin_list the impact is low (the subsequent DB queries would simply return no rows anyway), but the error would still propagate as an unhandled 404. Consider wrapping the step-3 check in a guard, or catching frappe.DoesNotExistError:

    # 3. Record confirmed to exist — run full document-level permission check
    try:
        frappe.has_permission(party_type, ptype="read", doc=party, throw=True)
    except frappe.DoesNotExistError:
        return []

The same pattern applies to make_default_tax_templates in company.py (line 78).

[greptile-apps]

Test only exercises the Administrator path

The test sets the user to "Administrator" before calling get_gstin_list. In Frappe, Administrator bypasses most row-level permission checks, so this test does not verify the behaviour for a regular user who has doctype-level read permission but no access to a specific Supplier document. It is worth adding a case with a guest or restricted user to confirm that the doctype-level check (step 1) still fires and raises PermissionError when the user has no access, ensuring the early-return of [] does not silently bypass authorization for non-admin users.

[greptile-apps]

Verbose inline comments add noise to production code

The numbered step headings and multi-line rationale blocks (e.g. "Returning [] is an intentional architectural choice: the frontend calls this function in real-time…", the Case A / Case B explanations) are thorough design documentation, but they are more appropriate in the PR description or a contributing guide than in production source code. Consider condensing to a brief single-line comment per step:

    # Doctype-level permission check (no doc lookup)
    frappe.has_permission(party_type, ptype="read", doc=None, throw=True)

    # Return early for ephemeral/deleted documents instead of raising
    if not frappe.db.exists(party_type, party):
        return []

    frappe.has_permission(party_type, ptype="read", doc=party, throw=True)

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}