fix(db_query): Allow standalone functions, rename get_permitted_fields
This commit is contained in:
Gavin D'souza
parent
6aea25a6c1
commit
3ee510439b
1 changed files with 6 additions and 4 deletions
|
|
@ -561,7 +561,7 @@ class DatabaseQuery:
|
|||
if self.flags.ignore_permissions:
|
||||
return
|
||||
|
||||
available_fields = get_available_fields(doctype=self.doctype)
|
||||
available_fields = get_permitted_fields(doctype=self.doctype)
|
||||
|
||||
for i, field in enumerate(self.fields):
|
||||
column = field.split(" ", 1)[0].replace("`", "")
|
||||
|
|
@ -580,7 +580,7 @@ class DatabaseQuery:
|
|||
|
||||
if table in self.tables:
|
||||
ch_doctype = table.replace("`", "").replace("tab", "", 1)
|
||||
available_child_table_fields = get_available_fields(
|
||||
available_child_table_fields = get_permitted_fields(
|
||||
doctype=ch_doctype, parenttype=self.doctype
|
||||
)
|
||||
if column in available_child_table_fields:
|
||||
|
|
@ -597,7 +597,9 @@ class DatabaseQuery:
|
|||
elif _params := FN_PARAMS_PATTERN.findall(column):
|
||||
params = (x for x in _params[0].split(","))
|
||||
for param in params:
|
||||
if param in available_fields or param.isnumeric() or "'" in param or '"' in param:
|
||||
if (
|
||||
not param or param in available_fields or param.isnumeric() or "'" in param or '"' in param
|
||||
):
|
||||
continue
|
||||
else:
|
||||
self.fields.remove(field)
|
||||
|
|
@ -1202,7 +1204,7 @@ def requires_owner_constraint(role_permissions):
|
|||
return True
|
||||
|
||||
|
||||
def get_available_fields(doctype, parenttype=None):
|
||||
def get_permitted_fields(doctype, parenttype=None):
|
||||
meta = frappe.get_meta(doctype)
|
||||
|
||||
if doctype in core_doctypes_list:
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue