From 193cb67e9c822dca58be8a9581e845eea74c4ff7 Mon Sep 17 00:00:00 2001 From: Shrihari Mahabal <166826779+ShrihariMahabal@users.noreply.github.com> Date: Mon, 9 Feb 2026 07:29:06 +0530 Subject: [PATCH] fix: bypass size limit check for requesting personal information (#36584) * fix: bypass size limit check for requesting personal information * refactor: make size check skip generalized using flags and fix email sending test * fix: test for large file request * fix: update file size check flag name Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com> * fix: Update flag name to skip_file_size_check --------- Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com> --- frappe/core/doctype/file/file.py | 2 +- .../personal_data_download_request.py | 1 + .../test_personal_data_download_request.py | 33 +++++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/frappe/core/doctype/file/file.py b/frappe/core/doctype/file/file.py index 927e4c6a70..3b0514d594 100755 --- a/frappe/core/doctype/file/file.py +++ b/frappe/core/doctype/file/file.py @@ -767,7 +767,7 @@ class File(Document): max_file_size = get_max_file_size() file_size = len(self._content or b"") - if file_size > max_file_size: + if not self.flags.skip_file_size_check and file_size > max_file_size: msg = _("File size exceeded the maximum allowed size of {0} MB").format(max_file_size / 1048576) if frappe.has_permission("System Settings", "write"): msg += ".
" + _("You can increase the limit from System Settings.") diff --git a/frappe/website/doctype/personal_data_download_request/personal_data_download_request.py b/frappe/website/doctype/personal_data_download_request/personal_data_download_request.py index a41011e9fb..654b043fd0 100644 --- a/frappe/website/doctype/personal_data_download_request/personal_data_download_request.py +++ b/frappe/website/doctype/personal_data_download_request/personal_data_download_request.py @@ -48,6 +48,7 @@ class PersonalDataDownloadRequest(Document): "is_private": 1, } ) + f.flags.skip_file_size_check = True f.save(ignore_permissions=True) file_link = ( diff --git a/frappe/website/doctype/personal_data_download_request/test_personal_data_download_request.py b/frappe/website/doctype/personal_data_download_request/test_personal_data_download_request.py index 8b5854fea9..9cfa0743f6 100644 --- a/frappe/website/doctype/personal_data_download_request/test_personal_data_download_request.py +++ b/frappe/website/doctype/personal_data_download_request/test_personal_data_download_request.py @@ -13,10 +13,12 @@ from frappe.website.doctype.personal_data_download_request.personal_data_downloa class TestRequestPersonalData(IntegrationTestCase): def setUp(self): + frappe.set_user("Administrator") create_user_if_not_exists(email="test_privacy@example.com") def tearDown(self): frappe.db.delete("Personal Data Download Request") + frappe.set_user("Administrator") def test_user_data_creation(self): user_data = json.loads(get_user_data("test_privacy@example.com")) @@ -49,6 +51,37 @@ class TestRequestPersonalData(IntegrationTestCase): frappe.db.delete("Email Queue") + def test_large_file_request(self): + from unittest.mock import patch + + frappe.db.delete("File") + frappe.db.delete("Email Queue") + + frappe.set_user("test_privacy@example.com") + + with patch("frappe.sendmail"): + req = frappe.new_doc("Personal Data Download Request") + req.user = "test_privacy@example.com" + req.insert(ignore_permissions=True) + + req.generate_file_and_send_mail( + { + "data": "x" * (60 * 1024 * 1024) # 60MB + } + ) + + files = frappe.get_all( + "File", + filters={ + "attached_to_doctype": "Personal Data Download Request", + "attached_to_name": req.name, + }, + fields=["file_size"], + ) + + large_files = [f for f in files if f.file_size >= 60 * 1024 * 1024] + self.assertEqual(len(large_files), 1) + def create_user_if_not_exists(email, first_name=None): frappe.delete_doc_if_exists("User", email)