vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
28667 commits 1 branch 0 tags 587 MiB
Commit graph

262 commits

Author SHA1 Message Date
Saurabh
97b693c6b0
feat: Added permission to grant only Select access to document (#12063) 
* feat: add permtype 'select' to DocPerm and CustomDocPerm

* feat: add 'select' perm in rights tupple

* feat: provisions to handle select permission

* feat: toggle href based on permissions

* feat: pass permission type explicitly while validating link in permission check

* fix: sider

* feat: added test cases to validate select perm

* feat: add method frappe.only_has_select_perm to explicitly check the select perm

* fix: if user only has select perm then do not show anchor tag for link fields

* fix: sider
 2020-12-29 16:58:28 +05:30
Faris Ansari
9ac14fb5ab feat: Permission Query script type 
Add dynamic conditions in where clause of get_list query
 2020-12-03 23:26:34 +05:30
Rushabh Mehta
97191f90af fix(minor): dont run a query when table is missing 2020-10-27 23:02:11 +05:30
Rushabh Mehta
69d2c10736 fix(minor): db_query (ignore_ddl) 2020-10-26 10:02:04 +05:30
Rushabh Mehta
742605542c fix(minor): added ignore_ddl in frappe.db.get_all to ignore missing tables, columns 2020-10-26 10:02:04 +05:30
Gavin D'souza
cf1b01fb5e fix: Remove partial support for distinct keyword 
* Added supporting sql functions and distinct kw in TODO
 2020-10-12 15:34:48 +05:30
Gavin D'souza
b00a389cfd fix: Add provision for quotes in DatabaseQuery.prepare_args 2020-10-09 19:40:45 +05:30
marination
d39216b273 fix: Select only last 3 args 2020-10-07 15:46:39 +05:30
Aditya Hase
e6c16f3184
fix(db_query): Allow plucking a field without having to add it to the fields list 
e.g.

frappe.get_all("ToDo", pluck="owner")

Didn't work before, instead

frappe.get_all("ToDo", fields=["owner"], pluck="owner")

was needed
 2020-10-06 18:32:43 +05:30
mergify[bot]
3275cc4c5a
Merge pull request #11500 from gavindsouza/mysql-syntax-error 
fix(doctype): Allow MySQL keywords as Docfields
 2020-09-24 08:45:34 +00:00
Gavin D'souza
31bf172f73 fix: Check if as token in statement explicitly 
tests failing due to this conditon becoming truthy for value: "assignment_rule"
 2020-09-23 15:15:26 +05:30
Faris Ansari
ed9abe0d7c fix: Pluck syntax for get_all and friends 2020-09-23 12:55:16 +05:30
Gavin D'souza
ef276257d4 fix: Handle mysql functions and "as" 2020-09-18 21:51:44 +05:30
Gavin D'souza
b6f6bbadb0 fix: Allow keywords as fieldnames 2020-09-18 12:58:28 +05:30
mergify[bot]
cbf1077490
Merge pull request #11475 from prssanna/empty-tree-filter 
fix: handle undefined tree filter value
 2020-09-11 15:19:14 +00:00
prssanna
a429729e92 fix: handle undefined tree filter value 2020-09-10 12:57:34 +05:30
Aditya Hase
555c52fc70
fix(db_query): Reject user argument in whitelisted methods 2020-09-07 18:56:24 +05:30
Chinmay Pai
e30161b222
fix: disallow global variable access through sql (#10875) 
* fix: disallow global variable access through sql

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
Co-authored-by: Sahil Khan <sahilkhan28297@gmail.com>

* chore: add test for sql disallowed variable access

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>

Co-authored-by: Sahil Khan <sahilkhan28297@gmail.com>
 2020-07-10 13:55:06 +00:00
prssanna
1b691c799d refactor: refactor get_date_range 2020-06-01 10:52:07 +05:30
prssanna
d9e8b7ef4f fix: handle old date filters in query 2020-06-01 10:51:38 +05:30
prssanna
f7f2be5926 fix: rename function 2020-06-01 10:51:38 +05:30
prssanna
4b2d730a8c fix: variable naming 2020-06-01 10:51:38 +05:30
prssanna
6495ee2426 style: fix formatting 2020-06-01 10:51:38 +05:30
prssanna
2fcd8c2905 fix: move timespan function to data.py 2020-06-01 10:51:38 +05:30
prssanna
f0d62d4007 fix: all periods in timespan filter 2020-06-01 10:51:38 +05:30
prssanna
4c16b2a608 feat: api to get additional filters 2020-06-01 10:51:38 +05:30
prssanna
53e2e60cab feat: filter for current timespan 2020-06-01 10:51:38 +05:30
prssanna
cfdc24aef5 fix: dayofyear unit function for child table query 2020-02-28 13:00:04 +05:30
prssanna
946990d531 fix: set filter button for all chart types 2020-02-28 13:00:04 +05:30
prssanna
6977025614 fix: child table filters for dashboard charts based on doctype 2020-02-28 13:00:04 +05:30
Shridhar
b3b70f3b7f Bug fixed ID value should not be set to 0 by default 2019-12-11 09:21:17 +05:30
Shridhar
44c7f08ccf convert operator to lowercase while checking 2019-11-28 18:07:14 +05:30
Shridhar
acae06a36a case insensitive search for postgres 2019-11-28 16:13:20 +05:30
Shivam Mishra
00d21a2ac5 fix: tests for db_query 2019-10-29 10:17:52 +05:30
Shivam Mishra
08b992d547 style: removed loop to check standard SQL 2019-10-29 10:07:39 +05:30
Shivam Mishra
c0d69a04c4 feat: added tests 2019-10-24 19:47:53 +05:30
Shivam Mishra
d93b060f22 refactor: improved for readability 2019-10-24 18:43:24 +05:30
Shivam Mishra
e1aa309b87 fix: do not append table names for mysql methods 2019-10-24 17:29:56 +05:30
Aditya Hase
10bd8012ce
perf(orm): Use cached table_columns instead of querying the database 2019-10-23 23:00:02 +05:30
Rucha Mahabal
20ea14efe4 fix(Report View): Error on setting Is Set filter for date fields 2019-09-19 20:41:56 +05:30
Prssanna Desai
d42fea0104 feat: Add child table fields to group by in reports (#8390) 2019-09-11 17:11:24 +05:30
Suraj Shetty
2e2ebcd9cc fix: Comments in add_user_permissions 2019-08-12 09:47:22 +05:30
Aditya Hase
5d04fb4eb7 fix(search): Reduce restrictions on field contents 2019-07-30 14:25:13 +05:30
Aditya Hase
8ac155f7b6 fix(security): Sanitize fields list, group_by and order_by clause to prevent SQLi 2019-07-30 12:52:01 +05:30
Aditya Hase
ce60f98ab6 Revert "fix(security): Disallow unnecessary characters in group_by and fields" 
This reverts commit fb8993663c.
 2019-07-26 20:49:46 +05:30
Aditya Hase
fb8993663c fix(security): Disallow unnecessary characters in group_by and fields 2019-07-25 20:54:08 +05:30
Prssanna Desai
8a4bfb1429 Improve query for assignment count and add test 2019-03-27 22:41:02 +05:30
Frappe Bot
94ea028db3 Merge branch 'master' into develop 2019-03-08 09:38:18 +00:00
Anurag Mishra
cd191439fd feat: Document subscription (#6745) 2019-03-07 14:06:22 +05:30
Rushabh Mehta
43fe6bd152 fix(db_query): handle null in fields list 2019-03-05 10:26:26 +05:30