fix: allow enabled server script endpoints

2026-01-19 18:33:14 +05:30
parent 66486a5a1c
commit 5175050ed6
1 changed files with 10 additions and 0 deletions
--- a/lms/auth.py
+++ b/lms/auth.py
@@ -61,6 +61,16 @@ def authenticate():
 	if path.startswith("/lms") or path.startswith("/api/method/lms."):
 		return

+	if is_server_script_path(path):
+		return
+
 	if path in ALLOWED_PATHS:
 		return
 	frappe.throw(f"Access not allowed for this URL: {path}", frappe.PermissionError)
+
+
+def is_server_script_path(path):
+	endpoint = path.split("/api/method/")[-1]
+	if frappe.db.exists("Server Script", {"script_type": "API", "api_method": endpoint, "disabled": 0}):
+		return True
+	return False