vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
52062 commits 1 branch 0 tags 587 MiB
Commit graph

218 commits

Author SHA1 Message Date
Sagar Vora
b5bae10dc8 perf: remove unnecessary sqlparse.format and comment stripping in _sanitize_field 
ALLOWED_FIELD_PATTERN already restricts fields to simple identifiers
that cannot contain SQL comments, making the sqlparse.format(strip_comments=True)
and MARIADB_SPECIFIC_COMMENT.sub() calls unnecessary overhead.

Merged _sanitize_field into _validate_select_field.
 2025-12-02 00:23:25 +05:30
Sagar Vora
bcac30836b refactor: remove redundant share check in check_read_permission 
has_permission() already checks for shared documents internally when
role permissions do not grant access, so the separate frappe.share.get_shared()
call was dead code.
 2025-12-02 00:19:44 +05:30
Sagar Vora
5297edc732 refactor: use FIELD_PARSE_REGEX instead of sqlparse for _parse_backtick_field_notation 2025-12-02 00:14:58 +05:30
Sagar Vora
04932e20a0 fix: tighten FIELD_PARSE_REGEX to only allow backticks (not double quotes) 2025-12-01 23:59:45 +05:30
Sagar Vora
72b1fe299d fix: tighten ALLOWED_FIELD_PATTERN to disallow hyphens/spaces in field names 2025-12-01 23:58:53 +05:30
Sagar Vora
e7c8091507 fix: use Field instead of Column for field-to-field filter comparison detection 2025-12-01 23:45:56 +05:30
Sagar Vora
3f2fbd7d4e fix: use Star() instead of Column("*") for correct COUNT(*) SQL 2025-12-01 23:44:41 +05:30
Sagar Vora
730f35ab70 refactor: remove unused Permission class 2025-12-01 23:42:37 +05:30
Sagar Vora
dca4b36684 chore: remove debug print statement in DynamicTableField.parse 2025-12-01 23:41:53 +05:30
Sagar Vora
732137b9bc fix: simplify permission conditions logic 2025-12-01 23:35:57 +05:30
Sagar Vora
d48b0d1632 fix(search)!: validate ignore_user_permissions in link search 2025-12-01 19:03:55 +05:30
Akhil Narang
9e380bc33c
fix(query): don't create 2 error logs for the same thing (#34925) 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-28 12:39:31 +05:30
Akhil Narang
1bcdec6283
fix(query): check standard field definitions (#34828) 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-26 18:14:03 +05:30
Akhil Narang
b640faa80b
fix: allow selecting optional fields (#34901) 
Simplification/follow up to 9455721c77

Resolves #34861

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-26 17:31:17 +05:30
Corentin Forler
afa0cedfca
fix(query): Add set to valid types for the fields parameter (#34866) 2025-11-25 05:56:45 +00:00
Akhil Narang
bd044e520c
fix(query): don't allow using Document as a filter value (#34823) 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-24 11:13:43 +05:30
Akhil Narang
ea03bd020e
Merge pull request #34800 from akhilnarang/skip-null-fields 
fix(qb): skip null fields
 2025-11-20 18:48:23 +05:30
Akhil Narang
28a00251b1
fix(qb): skip null fields 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-20 18:39:28 +05:30
Akhil Narang
ba192648f3
fix(qb): track field aliases 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-20 18:05:33 +05:30
Akhil Narang
0f3fc00f00
fix: handle converting datetime -> date for fieldtype date 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
15588de6cd
fix(query): ensure backwards compatibility for sorting, filtering 
If `db_query_compat=True` (set by `qb_query.py`), then we default to some `db_query.py` behaviour.
Otherwise, we'll retail the previous query builder behaviour, this is to minimize breakage on either side.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
2c15bb4a5b
fix(query): extend regex for allow backticked aliases 
For example:

```
`tabSerial and Batch Entry`.`name` as `child_row`
```

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
bd84d7a66a
fix: match db_query behaviour for certain cases like 
`filters.append(["reports_to", "=", ""])`

Earlier this generated:
```
( `tabEmployee`.`reports_to` is NULL OR `tabEmployee`.`reports_to` = '' )
```

Without this change, with qb it was

```
`reports_to`=''
```

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
9455721c77
fix: skip group by permission check for certain columns 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
978edeaa1d
feat: add in some functions 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
0bb1b4477c
fix(query): case insensitive check 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
07e8c987cb
fix(check_field_permissions): allow if no permissions defined 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
1ba9c14cd5
fix: check for shared documents 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
943df998d6
feat: support certain backticked expressions 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
7ad6f7e2c6
refactor: ensure no meta recursion 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
a5e44c4c6e
fix(query): check whether filter fields belong to child tables if not part of parent 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
ea926b0f31
fix(search): adjust query formation to align with new restrictions 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:58 +05:30
Akhil Narang
ddcda11d67
fix: function detection 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
b407fe8093
fix: allow function aliases 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
3040ab7eb2
feat(query): add in IFNULL logic from db_query 
Use `IFNULL(var, "") == ""` instead of `isnull()`

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
e420e7646f
fix(query): match db_query, add parentheses around condition 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
b4cf69732b
fix(query): allow numeric strings 
For things like `COUNT(1)`

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
e15ec47ba1
fix(query): allow passing as in any case 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
8e03924356
fix(query): allow AggregateFunction as well in apply_field_permissions 
Without this `fields=[{"COUNT": "name"}]` didn't work, although fields=[{"COUNT": "NAME"}] did.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
7183caf871
fix(query_builder): default sorting based on doctype meta 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
90ed0502fa
refactor: support new function style 
- Migrate all SQL function usage from string format to dict format
- Old: fields=['count(*) as count']
- New: fields=[{'COUNT': '*', 'as': 'count'}]
- Add `NULLIF`

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
340fe279b3
feat: add in initial version of DatabaseQuery using query builder 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Ejaaz Khan
a52da6c8d6 fix(db_query): != condition not working in case of None 2025-09-30 13:23:16 +05:30
Faris Ansari
c2e08b3822 chore: remove unused code 2025-06-23 14:54:22 +05:30
Faris Ansari
f2a0724f9a feat: add back sql functions support with json syntax 
```
fields=['user_type', {'COUNT': 'name', 'as': 'total'}]
fields=[{"IFNULL": ["first_name", "'Unknown'"], "as": "safe_name"}]
```
 2025-06-18 16:15:25 +05:30
Faris Ansari
840e7991ce fix: dont allow partial backticks 
- add tests
 2025-06-18 16:14:32 +05:30
Faris Ansari
3f65806a0b fix: harden group by and order by inputs 
- only field, link_field.field, child_field.field allowed
- dont allow backticks
- add permlevel check
- add tests
 2025-06-18 16:10:52 +05:30
Faris Ansari
420e891d96 feat: remove support for sql functions in fields 2025-06-18 16:10:52 +05:30
Faris Ansari
9a84f20436 feat: add support for nested AND and OR conditions 2025-06-18 16:10:52 +05:30
Faris Ansari
b2a37f86b3 fix: filtering should only be allowed on permitted fields 2025-06-18 16:00:22 +05:30