Merge pull request #38815 from AarDG10/fix-client
fix(client): add stronger checks in save and set_value endpoints
This commit is contained in:
Aarol D'Souza
GitHub
commit
58badf002c
1 changed files with 19 additions and 11 deletions
|
|
@ -189,18 +189,21 @@ def set_value(doctype: str, name: str | int, fieldname: str | dict[str, Any], va
|
|||
:param fieldname: fieldname string or JSON / dict with key value pair
|
||||
:param value: value if fieldname is JSON / dict"""
|
||||
|
||||
if fieldname in (frappe.model.default_fields + frappe.model.child_table_fields):
|
||||
frappe.throw(_("Cannot edit standard fields"))
|
||||
|
||||
if not value:
|
||||
values = fieldname
|
||||
if isinstance(fieldname, str):
|
||||
try:
|
||||
values = json.loads(fieldname)
|
||||
except ValueError:
|
||||
values = {fieldname: ""}
|
||||
else:
|
||||
values = {}
|
||||
if value is not None:
|
||||
values = {fieldname: value}
|
||||
elif isinstance(fieldname, dict):
|
||||
values = fieldname
|
||||
elif isinstance(fieldname, str):
|
||||
try:
|
||||
values = json.loads(fieldname)
|
||||
except ValueError:
|
||||
values = {fieldname: ""}
|
||||
|
||||
forbidden = set(frappe.model.default_fields + frappe.model.child_table_fields)
|
||||
for field in values:
|
||||
if field in forbidden:
|
||||
frappe.throw(_("Cannot edit standard fields"))
|
||||
|
||||
# check for child table doctype
|
||||
if not frappe.get_meta(doctype).istable:
|
||||
|
|
@ -250,6 +253,11 @@ def save(doc: str | dict[str, Any]):
|
|||
if isinstance(doc, str):
|
||||
doc = json.loads(doc)
|
||||
|
||||
forbidden = {"docstatus", "idx"}
|
||||
for field in doc:
|
||||
if field in forbidden:
|
||||
frappe.throw(_("Cannot edit standard fields"))
|
||||
|
||||
doc = frappe.get_doc(doc)
|
||||
doc.save()
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue