fix: security context as per semgrep rule

erpnext/accounts/doctype/payment_entry/payment_entry.py

@@ -1170,22 +1170,27 @@ def set_remarks(self):
 
 		self.set("remarks", "\n".join(remarks))
 
+	@frappe.requires_permission("Sales Order", "read")
 	def _from_sales_order(self, so):
 		frappe.flags.new_payment_entry = self
 		return get_payment_entry(so.doctype, so.name)
 
+	@frappe.requires_permission("Sales Invoice", "read")
 	def _from_sales_invoice(self, si):
 		frappe.flags.new_payment_entry = self
 		return get_payment_entry(si.doctype, si.name)
 
+	@frappe.requires_permission("Purchase Order", "read")
 	def _from_purchase_order(self, po):
 		frappe.flags.new_payment_entry = self
 		return get_payment_entry(po.doctype, po.name)
 
+	@frappe.requires_permission("Purchase Invoice", "read")
 	def _from_purchase_invoice(self, pi):
 		frappe.flags.new_payment_entry = self
 		return get_payment_entry(pi.doctype, pi.name)
 
+	@frappe.requires_permission("Dunning", "read")
 	def _from_dunning(self, d):
 		frappe.flags.new_payment_entry = self
 		return get_payment_entry(d.doctype, d.name)

erpnext/selling/doctype/sales_order/sales_order.py

@@ -741,6 +741,7 @@ def cancel_stock_reservation_entries(self, sre_list=None, notify=True) -> None:
 			voucher_type=self.doctype, voucher_no=self.name, sre_list=sre_list, notify=notify
 		)
 
+	@frappe.requires_permission("Sales Invoice", "create")
 	def _into_sales_invoice(self):
 		make_sales_invoice(self.name)