diff --git a/frappe/__init__.py b/frappe/__init__.py
index cc6e7cb32a..a0eb02d432 100644
--- a/frappe/__init__.py
+++ b/frappe/__init__.py
@@ -14,7 +14,7 @@ import os, sys, importlib, inspect, json
 from .exceptions import *
 from .utils.jinja import get_jenv, get_template, render_template, get_email_from_template
 
-__version__ = '8.6.7'
+__version__ = '8.6.8'
 __title__ = "Frappe Framework"
 
 local = Local()
diff --git a/frappe/public/js/legacy/form.js b/frappe/public/js/legacy/form.js
index 70a9268ea3..69f03327ef 100644
--- a/frappe/public/js/legacy/form.js
+++ b/frappe/public/js/legacy/form.js
@@ -942,7 +942,7 @@ _f.Frm.prototype.validate_form_action = function(action, resolve) {
 	// Allow submit, write, cancel and create permissions for read only documents that are assigned by
 	// workflows if the user already have those permissions. This is to allow for users to
 	// continue through the workflow states and to allow execution of functions like Duplicate.
-	if (frappe.workflow.is_read_only(this.doctype, this.docname) && (perms["write"] ||
+	if (!frappe.workflow.is_read_only(this.doctype, this.docname) && (perms["write"] ||
 		perms["create"] || perms["submit"] || perms["cancel"])) {
 		var allowed_for_workflow = true;
 	}