vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
50544 commits 1 branch 0 tags 587 MiB
Commit graph

50544 commits

This branch
This branch
All branches
Author SHA1 Message Date
Antoine Maas
52d686f7e2 fix: hide jinja placeholder for title when no value-section with small cta 2025-06-20 09:34:02 +00:00
Antoine Maas
1daad6f7f0 fix: hide jinja placeholder for title when no value-section with image grid 2025-06-20 09:33:50 +00:00
Antoine Maas
277286ff18 fix: hide jinja placeholder for title when no value-section with image 2025-06-20 09:32:33 +00:00
Antoine Maas
2b20e93fe7 fix: hide jinja placeholder for title when no value-section with embed 2025-06-20 09:31:46 +00:00
Antoine Maas
e9c302ac0d fix: hide jinja placeholder for title when no value-section with right image 2025-06-20 09:31:33 +00:00
Antoine Maas
a2bca73ac3 fix: hide jinja placeholder for title when no value set-hero 2025-06-20 09:27:49 +00:00
Antoine Maas
ed14fafe32 fix: hide jinja placeholder for title when no value set-section with cta 2025-06-20 09:26:58 +00:00
Antoine Maas
a96f3dc6cf fix: hide jinja placeholder for title when no value set 2025-06-20 09:25:43 +00:00
Soham Kulkarni
aedd5c29c0
fix: dont allow Website User to write to public events (#32966) 2025-06-19 20:57:27 +05:30
Ankush Menat
02d72d2bbb
perf: faster gzip compression (#33014) 
Same as https://github.com/frappe/press/pull/2400
 2025-06-19 12:52:58 +00:00
RitvikSardana
4fbdaf3a9b
fix: add flag for initial email sync (#33006) 
* fix: add flag for initial email sync

* fix: rever from_uid calc
 2025-06-19 18:13:32 +05:30
mahsem
94109de17d
fix: spelling_serbian_datepick (#32619) 2025-06-19 13:33:45 +02:00
Sagar Vora
4f6e19eec4
perf: use chain flag (#33007) 2025-06-19 11:32:25 +00:00
Ankush Menat
b57eb60486
perf: chain db transactions (#33004) 
* perf: chain transactions

Frequently used rollback/commits can be modified to chain previous
transaction.

This reduces one query to DB in most requests.

* perf: chain transactions in requests
 2025-06-19 12:37:39 +05:30
ruthra kumar
ee864dac12 refactor: introduce lightmode in parallel test runner 2025-06-19 11:40:09 +05:30
Raffael Meyer
c2dbae3ece
fix(DocType): offer calendar view as default (#32996) 2025-06-18 14:51:16 +02:00
Sagar Vora
f833e4e21b
fix: improve flow to rollback db transaction when processing requests (#32980) 
* fix: improve flow to rollback db transaction when processing requests

* fix: rollback, log request and process response for HTTPException
 2025-06-18 16:27:46 +05:30
sokumon
d822345d5f fix: add patch warning for newsletter 2025-06-18 16:25:33 +05:30
sokumon
793bd6387f fix: global search text, remove hooks 2025-06-18 16:23:36 +05:30
sokumon
7de009e292 fix: remove function from toolbar 2025-06-18 16:23:36 +05:30
sokumon
6be013804d fix: remove tests utils and workspace card 2025-06-18 16:23:36 +05:30
sokumon
32a87f53d6 fix: delete newsletter related files 2025-06-18 16:23:36 +05:30
Faris Ansari
e6c939c606 fix: revert get_all change 
get_all doesn't use get_query
 2025-06-18 16:15:25 +05:30
Faris Ansari
ae3f216255 chore: update sql function usage 2025-06-18 16:15:25 +05:30
Faris Ansari
b2e081d076 chore: update sql function usage 2025-06-18 16:15:25 +05:30
Faris Ansari
f2a0724f9a feat: add back sql functions support with json syntax 
```
fields=['user_type', {'COUNT': 'name', 'as': 'total'}]
fields=[{"IFNULL": ["first_name", "'Unknown'"], "as": "safe_name"}]
```
 2025-06-18 16:15:25 +05:30
Faris Ansari
a6e9028090 fix: cast link fields that are int to string 
- id fields should always be string
- easier to manage in typed code in frontend
 2025-06-18 16:14:32 +05:30
Faris Ansari
840e7991ce fix: dont allow partial backticks 
- add tests
 2025-06-18 16:14:32 +05:30
Faris Ansari
3f65806a0b fix: harden group by and order by inputs 
- only field, link_field.field, child_field.field allowed
- dont allow backticks
- add permlevel check
- add tests
 2025-06-18 16:10:52 +05:30
Faris Ansari
420e891d96 feat: remove support for sql functions in fields 2025-06-18 16:10:52 +05:30
Faris Ansari
36a990e4bf chore: update new docs domain 2025-06-18 16:10:52 +05:30
Faris Ansari
9a84f20436 feat: add support for nested AND and OR conditions 2025-06-18 16:10:52 +05:30
Faris Ansari
b2a37f86b3 fix: filtering should only be allowed on permitted fields 2025-06-18 16:00:22 +05:30
Faris Ansari
f77a940582 fix: check permlevel for fields like "link_field.fieldname" 2025-06-18 16:00:22 +05:30
Faris Ansari
63afc0601b fix: restrict child table access if user has only "select" on parent 2025-06-18 16:00:22 +05:30
Faris Ansari
a9fb29fb8e test: test for invalid inputs in fields, filters, group_by, order_by 
- comment out invalid tests
 2025-06-18 16:00:22 +05:30
Faris Ansari
87664ad604 refactor: Enhance field and function parsing in query engine 
- Introduce `SqlFunctionParser` for robust parsing of supported SQL functions (e.g., `COUNT(*)`, `SUM(amount) as total`, `AVG(price - cost)`), replacing get_function_object and has_function.
- Refactor `DynamicTableField.parse` for improved handling of:
    - Aliases (case-insensitive `as`, quoted/unquoted).
    - `tabDocType.fieldname` notation (distinguishing child vs. main doctype refs).
    - Add validation and better error handling during parsing.
- Rewrite filter field validation (`_validate_and_prepare_filter_field`):
    - Disallow backticks (`) in filter field names.
    - Enforce specific patterns for dot notation (link/child fields only, reject `tabDoc.field`).
    - Validate character sets for simple field names.
- Update standard field parsing (`parse_string_field`, `ALLOWED_FIELD_PATTERN`, `FIELD_PARSE_REGEX`):
    - Support quoted table names potentially containing spaces (e.g., `tabTable Name`.`field`).
- Improve `parse_fields` and `_parse_single_field_item` logic:
    - Handle direct pypika `Field`/`AggregateFunction` inputs.
    - Reliably split comma-separated field strings.
```
 2025-06-18 16:00:22 +05:30
Faris Ansari
ddca77429c fix: secure query building 
Add strict validation using regex for fields in SELECT, filters, GROUP BY, and ORDER BY clauses to avoid potential SQL injection risks.

Refactor field parsing and validation logic into dedicated functions.
 2025-06-18 16:00:22 +05:30
Faris Ansari
8aa4c1030f fix: add support for AND, OR, NOT in RawCriterion 2025-06-18 15:56:11 +05:30
Faris Ansari
39a65a1300 test: enable server script temporarily 2025-06-18 15:56:11 +05:30
Faris Ansari
601df8268f test: simpler assertions 2025-06-18 15:56:11 +05:30
Faris Ansari
a94c143314 fix: add support for permission query conditions 2025-06-18 15:56:11 +05:30
Faris Ansari
b3a05896ea fix: remove doc.reload 2025-06-18 15:56:11 +05:30
Faris Ansari
3ab0e8756f test: mandatory field 2025-06-18 15:56:11 +05:30
Faris Ansari
f3af0c582c test: fix test_api_v2 2025-06-18 15:56:11 +05:30
Faris Ansari
ccca6bffab test: add permissions tests for qb.get_query 2025-06-18 15:56:11 +05:30
Faris Ansari
f707cf5722 fix: raise PermissionError instead of ValidationError 2025-06-18 15:56:11 +05:30
Faris Ansari
f580cb3dad fix: add child query to allowed fields 2025-06-18 15:56:11 +05:30
Faris Ansari
56c3a55665 fix: print traceback instead of errprint 2025-06-18 15:56:11 +05:30
Faris Ansari
471e001ebb feat: apply permissions in get_query 2025-06-18 15:56:11 +05:30