vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: Return empty result if no perm level access (#24591)

Browse source
This commit is contained in:
Ankush Menat 2024-01-29 19:48:19 +05:30 committed by GitHub
parent 1cce6588ee
commit 3bea50d519
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
frappe/model/db_query.py
View file

@ -217,6 +217,10 @@ class DatabaseQuery:
args = self.prepare_args()
args.limit = self.add_limit()
if not args.fields:
# apply_fieldlevel_read_permissions has likely removed ALL the fields that user asked for
return []
if args.conditions:
args.conditions = "where " + args.conditions

3
frappe/tests/test_db_query.py
View file

@ -1255,6 +1255,9 @@ class TestReportView(FrappeTestCase):
response = execute_cmd("frappe.desk.reportview.get")
self.assertNotIn("published", response["keys"])
# If none of the fields are accessible then result should be empty
self.assertEqual(frappe.get_list("Blog Post", "published"), [])
def test_reportview_get_admin(self):
# Admin should be able to see access all fields
with setup_patched_blog_post():