vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
53783 commits 1 branch 0 tags 587 MiB
Commit graph

508 commits

Author SHA1 Message Date
Sumit Jain
c6868b11c6 feat: Enhance IN/NOT IN operator handling for empty lists 
Added logic to return appropriate criteria for empty lists in IN and NOT IN operators. An empty list with IN now returns 0 results (1=0), while NOT IN returns all results (1=1). Updated tests to verify this behavior.
 2026-02-03 12:31:29 +05:30
Akhil Narang
c7f5ea837a
feat: implement field masking for query builder (#35230) 
* feat: implement field masking for query builder

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* fix: add series and sessions to "core doctypes" list

This is so that we don't try to query their meta
This should also resolve #35030

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-12-16 12:08:13 +05:30
Sagar Vora
3a3a83b644 refactor: remove redundant child table permission checks 
The `check_parent_permission` calls in client.py are redundant because
`frappe.has_permission` already handles child tables via `has_child_permission`,
which performs the same validations plus additional permlevel checks.
 2025-12-01 20:37:18 +05:30
Akhil Narang
977aee5ab3
refactor: backticks aren't allowed in order_by or group_by 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Raffael Meyer
c55372a3b3
Merge pull request #34435 from barredterra/distinct-order-by-mariadb 
fix(DatabaseQuery): allow distinct order_by for MariaDB
 2025-10-24 12:28:05 +05:30
Akhil Narang
984c641bff
fix(sanitize_fields): use sqlparse for function detection 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-10-14 16:10:14 +05:30
Ejaaz Khan
e7832bfd4b
Merge pull request #32684 from iamejaaz/32489-role-perm-based-masking 
feat: show mask data in form, list and report view
 2025-10-09 10:55:50 +05:30
Akhil Narang
9d9789b752
fix(db_query): adjust doctype name detection 
Add tab prefix, and replace with `" doc "` hardcoded string

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-10-01 15:51:48 +05:30
Eben van Deventer
2e707c8a33
fix(db_query): Issue with certain DocType Names 
The previous update broke systems where DocTypes exist that contains names like Union or Select

(cherry picked from commit f997d40c56d717693c66a8b7e69d12462a673ede)
 2025-10-01 15:49:04 +05:30
mergify[bot]
16058b92af
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-30 09:00:48 +00:00
Ejaaz Khan
335c0d5f36 fix: refactor code and change field type 2025-09-30 12:38:39 +05:30
Akhil Narang
dc0b5792ba
fix(db_query): improve function checking 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-24 16:08:31 +05:30
Ejaaz Khan
54b34c9535
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-17 16:17:30 +05:30
Akhil Narang
f7d4f272ad
fix(db_query): raw string was broken 
Add another function to blacklist

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-03 16:13:16 +05:30
Ejaaz Khan
590fe7e520
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-02 10:48:06 +05:30
Akhil Narang
9a9f7e1d91
fix(db_query): check for some more functions 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-01 16:11:04 +05:30
Ejaaz Khan
c2544f9096 refactor: change approach of masking fields 2025-08-18 23:38:18 +05:30
Akhil Narang
6461592b5d
Merge pull request #32192 from henriquefalconer/fix/field-level-permissions-filtering 
fix: Field Level Permissions Not Applied Correctly in frappe.get_list
 2025-08-01 16:35:08 +05:30
mergify[bot]
c0aa39ee9a
Merge branch 'develop' into 32489-role-perm-based-masking 2025-08-01 05:57:54 +00:00
Akhil Narang
ce4f7f7418
chore: extend function blacklist 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-15 17:05:08 +05:30
Akhil Narang
0934d5117d
fix: strengthen subquery check 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-15 17:05:08 +05:30
Akhil Narang
8d62e4de01
Revert "fix(db_query): don't allow unclosed quotes" 
This reverts commit 6e6150d193.
 2025-07-15 17:05:08 +05:30
Akhil Narang
6e6150d193
fix(db_query): don't allow unclosed quotes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-07 17:37:06 +05:30
Akhil Narang
41a13a0b07
fix: tighten function check in validate_order_by_and_group_by 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-07 17:37:06 +05:30
Ejaaz Khan
cbcf16440a refactor: remove masking setting from System Settings 2025-06-26 13:06:44 +05:30
Ejaaz Khan
4a866ca370 refactor: remove useless conditions 2025-06-26 13:00:27 +05:30
Ejaaz Khan
aba7f29aa6 refactor: remove debugging statement 2025-06-10 19:54:13 +05:30
Ejaaz Khan
1d96a933cb
Merge branch 'develop' into 32489-role-perm-based-masking 2025-06-10 19:46:20 +05:30
Ejaaz Khan
ed0071df9e feat: export encrypted data and add system setting 2025-06-10 19:42:49 +05:30
Sagar Vora
7c4b6b3dc1 fix: check permissions as per specified user 2025-06-09 23:31:50 +05:30
Ankush Menat
ddbaf09125
fix: Standard field falsy comparisons in db_query (#32791) 
Extends the fix to standard fields. e0f63a928f
 2025-06-05 09:55:05 +05:30
mergify[bot]
2aacdd8d33
Merge branch 'develop' into 32489-role-perm-based-masking 2025-06-04 07:48:07 +00:00
Ejaaz Khan
a4fbe0160e feat: show mask data in form, list and report view 2025-05-27 13:16:27 +05:30
Ankush Menat
c249e75fe4
fix(db_query): allow filtering name: None (#32644) 
This doesn't make any sense, but ig it might get introduced via indirect
calls, so better to handle this in code explicitly.

closes https://github.com/frappe/frappe/issues/32643
 2025-05-23 10:02:14 +05:30
Ankush Menat
dbb1fcba99 perf: avoid ifnull for is set and is not set 2025-05-02 12:35:58 +05:30
Ankush Menat
6d32ffcc6c perf: optimize != operator when field can be null 2025-05-02 12:11:27 +05:30
Ankush Menat
e0f63a928f fix: avoid bad default of flt on string types 
🤦 this whole thing needs a refactor, fixing all bugs first to
ensure we don't screw up something in process
 2025-05-02 12:00:36 +05:30
Ankush Menat
23ffdc87ae perf: Split ifnull into two conditions 
This produces better query plan with index intersection using 2
conditions instead of fulltable scan on dumb condition

TODO: LOTS OF TESTS
 2025-05-02 11:17:53 +05:30
Ankush Menat
c317462379 fix(DX): Better formatted SQL queries from DB Query 
Avoid unnecessary tabs, thought of using dedent but unnecessary overhead
for small stylistic benefit inside code vs. stylistic benefit in logs.
 2025-05-02 11:10:05 +05:30
Ankush Menat
42f1d1b460
fix(db_query): double-escaped value (#32376) 2025-05-02 11:09:11 +05:30
Ankush Menat
dcb476c990
perf: cast dynamic links while filtering (#32294) 
lessen impact of https://github.com/frappe/frappe/issues/32287
 2025-04-25 05:43:01 +00:00
Akhil Narang
7255c5fdf2
fix(db_query): improve subquery check 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-04-22 11:40:09 +05:30
Akhil Narang
9cf718b8f6
fix(db_query): use re.DOTALL 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-04-22 11:30:29 +05:30
Henrique
d3c01452c4 fix: correct field level permissions filtering in frappe.get_list 2025-04-18 02:19:55 -03:00
Akhil Narang
ad32216040
fix: support sqlite 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-04-15 13:59:16 +05:30
Sagar Vora
6ca6e2aebd perf: improve get_permitted_fields logic 2025-03-17 08:55:32 +05:30
Sagar Vora
628ddfd494 perf: remove repeated calls to get_permitted_fieldnames 2025-03-16 23:39:46 +05:30
Ankush Menat
3bfc9fa8da
perf: Don't update list view settings on every query (#31743) 
It literally doesn't do anything ever.

User settings are explicitly updated using `user_settings.save` endpoint.
 2025-03-16 05:35:39 +00:00
Ankush Menat
357b6fb11a
perf: don't parse comments just to get comment count (#28921) 
This parsing isn't necessary and we are copying all of _comments just to count
how many there are.

Imagine 2500 documents w/ 1-2 auto generated comments each.
 2025-03-13 05:00:21 +00:00
Akhil Narang
bada8cabcb
fix(db_query): improve regex 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-03-07 16:57:27 +05:30