From e4dbbfd13f201dcd1bc1314d7a3898d8acff1145 Mon Sep 17 00:00:00 2001 From: Deepesh Garg Date: Tue, 5 May 2020 19:24:34 +0530 Subject: [PATCH 01/11] fix: Ignore energy point log perm on doc cancel --- frappe/social/doctype/energy_point_log/energy_point_log.py | 6 ++++-- .../social/doctype/energy_point_rule/energy_point_rule.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/frappe/social/doctype/energy_point_log/energy_point_log.py b/frappe/social/doctype/energy_point_log/energy_point_log.py index 31de1b8a60..3fc8b8cbfe 100644 --- a/frappe/social/doctype/energy_point_log/energy_point_log.py +++ b/frappe/social/doctype/energy_point_log/energy_point_log.py @@ -52,8 +52,10 @@ class EnergyPointLog(Document): reference_log.reverted = 0 reference_log.save() - def revert(self, reason): - frappe.only_for('System Manager') + def revert(self, reason, ignore_permissions=False): + if not ignore_permissions: + frappe.only_for('System Manager') + if self.type != 'Auto': frappe.throw(_('This document cannot be reverted')) diff --git a/frappe/social/doctype/energy_point_rule/energy_point_rule.py b/frappe/social/doctype/energy_point_rule/energy_point_rule.py index b603cb2b24..d04448dc0f 100644 --- a/frappe/social/doctype/energy_point_rule/energy_point_rule.py +++ b/frappe/social/doctype/energy_point_rule/energy_point_rule.py @@ -110,7 +110,7 @@ def revert_points_for_cancelled_doc(doc): }) for log in energy_point_logs: reference_log = frappe.get_doc('Energy Point Log', log.name) - reference_log.revert(_('Reference document has been cancelled')) + reference_log.revert(_('Reference document has been cancelled'), ignore_permissions=True) def get_energy_point_doctypes(): From fffa3d5114d6200e99f5c76ae81b50054509a6dd Mon Sep 17 00:00:00 2001 From: "Chinmay D. Pai" Date: Wed, 6 May 2020 15:47:54 +0530 Subject: [PATCH 02/11] fix: sanitize comment content before saving comments are handled fine while being created from the frontend, but when comments are made through a POST request, there's a chance of rendering javascript in the comment, since there's no way to sanitize the input on the server side. Signed-off-by: Chinmay D. Pai --- frappe/core/doctype/comment/comment.py | 1 + 1 file changed, 1 insertion(+) diff --git a/frappe/core/doctype/comment/comment.py b/frappe/core/doctype/comment/comment.py index e07266dc4d..a2105c1511 100644 --- a/frappe/core/doctype/comment/comment.py +++ b/frappe/core/doctype/comment/comment.py @@ -26,6 +26,7 @@ class Comment(Document): def validate(self): if not self.comment_email: self.comment_email = frappe.session.user + self.content = frappe.utils.sanitize_html(self.content) def on_update(self): update_comment_in_doc(self) From 0caf571fa8558934b805ba1a5ae58cea41268770 Mon Sep 17 00:00:00 2001 From: "Chinmay D. Pai" Date: Wed, 6 May 2020 15:58:50 +0530 Subject: [PATCH 03/11] fix: do not sanitize if no html is found return default string if no html tags are found Signed-off-by: Chinmay D. Pai --- frappe/utils/html_utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/frappe/utils/html_utils.py b/frappe/utils/html_utils.py index 62161408eb..c740252b5c 100644 --- a/frappe/utils/html_utils.py +++ b/frappe/utils/html_utils.py @@ -59,6 +59,9 @@ def sanitize_html(html, linkify=False): elif is_json(html): return html + if not bool(BeautifulSoup(html, 'html.parser').find()): + return html + tags = (acceptable_elements + svg_elements + mathml_elements + ["html", "head", "meta", "link", "body", "style", "o:p"]) attributes = {"*": acceptable_attributes, 'svg': svg_attributes} From 7dbf38e3ee49eaaa519bce1beff65bc2956574cd Mon Sep 17 00:00:00 2001 From: Shivam Mishra Date: Wed, 6 May 2020 19:02:48 +0530 Subject: [PATCH 04/11] feat: prompt user for name --- frappe/desk/doctype/number_card/number_card.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frappe/desk/doctype/number_card/number_card.json b/frappe/desk/doctype/number_card/number_card.json index 5fb058d8ce..698ad1ed35 100644 --- a/frappe/desk/doctype/number_card/number_card.json +++ b/frappe/desk/doctype/number_card/number_card.json @@ -1,6 +1,6 @@ { "actions": [], - "autoname": "CARD.#####", + "autoname": "Prompt", "creation": "2020-04-15 18:06:39.444683", "doctype": "DocType", "editable_grid": 1, @@ -99,7 +99,7 @@ } ], "links": [], - "modified": "2020-05-01 15:23:29.550243", + "modified": "2020-05-06 19:01:38.401035", "modified_by": "Administrator", "module": "Desk", "name": "Number Card", From b5d88e42ee321ac32b2d57154e98429eebf0b5d6 Mon Sep 17 00:00:00 2001 From: Shivam Mishra Date: Wed, 6 May 2020 19:02:56 +0530 Subject: [PATCH 05/11] feat: autoname based on label --- frappe/desk/doctype/number_card/number_card.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/frappe/desk/doctype/number_card/number_card.py b/frappe/desk/doctype/number_card/number_card.py index 2c5655beda..64f517bffc 100644 --- a/frappe/desk/doctype/number_card/number_card.py +++ b/frappe/desk/doctype/number_card/number_card.py @@ -6,10 +6,15 @@ from __future__ import unicode_literals import frappe from frappe.model.document import Document from frappe.utils import cint +from frappe.model.naming import append_number_if_name_exists class NumberCard(Document): - pass + def autoname(self): + if not self.name: + self.name = self.label + if frappe.db.exists("Number Card", self.name): + self.name = append_number_if_name_exists('Number Card', self.name) def get_permission_query_conditions(user=None): if not user: From 192ab2a8368b49da6d92e37996d2af8d8ba2bd36 Mon Sep 17 00:00:00 2001 From: Shivam Mishra Date: Wed, 6 May 2020 19:51:13 +0530 Subject: [PATCH 06/11] refactor: use autoname --- frappe/desk/doctype/number_card/number_card.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/frappe/desk/doctype/number_card/number_card.json b/frappe/desk/doctype/number_card/number_card.json index 698ad1ed35..ec6a1e9190 100644 --- a/frappe/desk/doctype/number_card/number_card.json +++ b/frappe/desk/doctype/number_card/number_card.json @@ -1,6 +1,5 @@ { "actions": [], - "autoname": "Prompt", "creation": "2020-04-15 18:06:39.444683", "doctype": "DocType", "editable_grid": 1, @@ -99,7 +98,7 @@ } ], "links": [], - "modified": "2020-05-06 19:01:38.401035", + "modified": "2020-05-06 19:47:57.753574", "modified_by": "Administrator", "module": "Desk", "name": "Number Card", From aae45ed98c50cf5f64caf5dc465f31d116e2deb8 Mon Sep 17 00:00:00 2001 From: sahil28297 <37302950+sahil28297@users.noreply.github.com> Date: Fri, 8 May 2020 12:18:09 +0530 Subject: [PATCH 07/11] fix: bump frappe develop to version 13-dev --- frappe/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/__init__.py b/frappe/__init__.py index 7664ac4c61..eae8b0d76f 100644 --- a/frappe/__init__.py +++ b/frappe/__init__.py @@ -23,7 +23,7 @@ if PY2: reload(sys) sys.setdefaultencoding("utf-8") -__version__ = '12.0.0-dev' +__version__ = '13.0.0-dev' __title__ = "Frappe Framework" local = Local() From bae02075d69eae7737471cde4e6c967fe7cd230a Mon Sep 17 00:00:00 2001 From: Mangesh-Khairnar Date: Fri, 8 May 2020 12:30:52 +0530 Subject: [PATCH 08/11] fix: remove reviews label on disabling energy points settings --- frappe/public/js/frappe/form/controls/rating.js | 2 +- frappe/public/js/frappe/form/sidebar/review.js | 6 ++++++ frappe/public/js/frappe/form/templates/form_sidebar.html | 5 +---- .../doctype/energy_point_settings/energy_point_settings.js | 4 +++- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/frappe/public/js/frappe/form/controls/rating.js b/frappe/public/js/frappe/form/controls/rating.js index 9a68cec2be..34e890d45c 100644 --- a/frappe/public/js/frappe/form/controls/rating.js +++ b/frappe/public/js/frappe/form/controls/rating.js @@ -16,7 +16,7 @@ frappe.ui.form.ControlRating = frappe.ui.form.ControlInt.extend({ $(this.input_area).find('i').hover((ev) => { const el = $(ev.currentTarget); let star_value = el.data('rating'); - el.parent().children('i.fa').each( function(e){ + el.parent().children('i.fa').each( function(e) { if (e < star_value) { $(this).addClass('star-hover'); } else { diff --git a/frappe/public/js/frappe/form/sidebar/review.js b/frappe/public/js/frappe/form/sidebar/review.js index e187ca4693..2cf2980bf7 100644 --- a/frappe/public/js/frappe/form/sidebar/review.js +++ b/frappe/public/js/frappe/form/sidebar/review.js @@ -21,6 +21,12 @@ frappe.ui.form.Review = class Review { }); } make_review_container() { + this.parent.append(` +
    +
  • ${__('Reviews')}
    • +
  • +
+ `); this.review_list_wrapper = this.parent.find('.review-list'); } add_review_button() { diff --git a/frappe/public/js/frappe/form/templates/form_sidebar.html b/frappe/public/js/frappe/form/templates/form_sidebar.html index 30b2205bae..c3f2de9c7e 100644 --- a/frappe/public/js/frappe/form/templates/form_sidebar.html +++ b/frappe/public/js/frappe/form/templates/form_sidebar.html @@ -69,10 +69,7 @@
-
    -
  • {%= __("Reviews") %}
    • -
  • -
+
  • {%= __("Shared With") %}
  • diff --git a/frappe/social/doctype/energy_point_settings/energy_point_settings.js b/frappe/social/doctype/energy_point_settings/energy_point_settings.js index f061f4d74e..880e1866ea 100644 --- a/frappe/social/doctype/energy_point_settings/energy_point_settings.js +++ b/frappe/social/doctype/energy_point_settings/energy_point_settings.js @@ -3,7 +3,9 @@ frappe.ui.form.on('Energy Point Settings', { refresh: function(frm) { - frm.add_custom_button(__('Give Review Points'), show_review_points_dialog); + if (frm.doc.enabled) { + frm.add_custom_button(__('Give Review Points'), show_review_points_dialog); + } } }); From 9724cc273a7aef877840fb095ee1d615248d98b8 Mon Sep 17 00:00:00 2001 From: Rushabh Mehta Date: Fri, 8 May 2020 12:33:25 +0530 Subject: [PATCH 09/11] fix(minor): In add_doctype_links, use frappe._dict --- frappe/model/meta.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/model/meta.py b/frappe/model/meta.py index 2321e0c22a..341f2d9ebe 100644 --- a/frappe/model/meta.py +++ b/frappe/model/meta.py @@ -460,7 +460,7 @@ class Meta(Document): if not link.added: # group not found, make a new group - data.transactions.append(dict( + data.transactions.append(frappe._dict( label = link.group, items = [link.link_doctype] )) From 25884d237090af3c003e6d71109906469226c92e Mon Sep 17 00:00:00 2001 From: Prssanna Desai Date: Fri, 8 May 2020 15:29:29 +0530 Subject: [PATCH 10/11] fix: Linking of doctype from links table (#10267) * fix: fix linking of doctype from links table * fix: use frappe._dict Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com> --- frappe/model/meta.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/frappe/model/meta.py b/frappe/model/meta.py index 341f2d9ebe..cb7c77c57d 100644 --- a/frappe/model/meta.py +++ b/frappe/model/meta.py @@ -453,9 +453,9 @@ class Meta(Document): link.added = False for group in data.transactions: # group found - if group.label == link.label: - if not link.link_doctype in group.items: - group.items.append(link.link_doctype) + if link.group and group.label == link.group: + if link.link_doctype not in group.get('items'): + group.get('items').append(link.link_doctype) link.added = True if not link.added: From 9b6f0a2e4c261e9256e8eda1ecc2b2b4d556a0f6 Mon Sep 17 00:00:00 2001 From: "Chinmay D. Pai" Date: Fri, 8 May 2020 20:18:08 +0530 Subject: [PATCH 11/11] fix: use doctype instead of service name to send email Signed-off-by: Chinmay D. Pai --- frappe/integrations/offsite_backup_utils.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/frappe/integrations/offsite_backup_utils.py b/frappe/integrations/offsite_backup_utils.py index c280a1d9dd..7e80cb68c4 100644 --- a/frappe/integrations/offsite_backup_utils.py +++ b/frappe/integrations/offsite_backup_utils.py @@ -10,7 +10,7 @@ from frappe.utils import split_emails, get_backups_path def send_email(success, service_name, doctype, email_field, error_status=None): - recipients = get_recipients(service_name, email_field) + recipients = get_recipients(doctype, email_field) if not recipients: frappe.log_error("No Email Recipient found for {0}".format(service_name), "{0}: Failed to send backup status email".format(service_name)) @@ -36,11 +36,11 @@ def send_email(success, service_name, doctype, email_field, error_status=None): frappe.sendmail(recipients=recipients, subject=subject, message=message) -def get_recipients(service_name, email_field): +def get_recipients(doctype, email_field): if not frappe.db: frappe.connect() - return split_emails(frappe.db.get_value(service_name, None, email_field)) + return split_emails(frappe.db.get_value(doctype, None, email_field)) def get_latest_backup_file(with_files=False):