vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
54489 commits 1 branch 0 tags 587 MiB
Commit graph

517 commits

Author SHA1 Message Date
Akhil Narang
04b2a433b6
fix(db_query): relax some restrictions (#37314) 
Allow valid identifiers

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2026-02-23 12:21:26 +05:30
Aarol D'Souza
a043c26709
Merge pull request #35318 from AarDG10/add-custom-hook 
feat(server script): parse child table list onto server script for customizations
 2026-02-17 23:05:32 +05:30
Ankush Menat
c38815c60c
fix: limit join param to get_all (#37131) 2026-02-17 10:19:54 +00:00
Akhil Narang
ab577751f2
fix(sanitize_fields): strengthen field check 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2026-02-10 21:35:53 +05:30
Sumit Jain
c6868b11c6 feat: Enhance IN/NOT IN operator handling for empty lists 
Added logic to return appropriate criteria for empty lists in IN and NOT IN operators. An empty list with IN now returns 0 results (1=0), while NOT IN returns all results (1=1). Updated tests to verify this behavior.
 2026-02-03 12:31:29 +05:30
AarDG10
7485f1367d refactor: parse in db_query as is parsed in query to maintain parity 2026-01-30 23:45:03 +05:30
AarDG10
edd15715b6 feat(query): parse child tables via query file too 2026-01-30 23:25:26 +05:30
AarDG10
3774a68093 refactor: get rid of noise and add docstring 2026-01-27 13:51:03 +05:30
AarDG10
6929f5e7a9 feat(permissions): parse child tables to be used in server scripts 2026-01-13 12:13:37 +05:30
AarDG10
2c96697c76 feat(custom app): add custom permissions hook 2026-01-07 10:44:55 +05:30
Akhil Narang
c7f5ea837a
feat: implement field masking for query builder (#35230) 
* feat: implement field masking for query builder

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* fix: add series and sessions to "core doctypes" list

This is so that we don't try to query their meta
This should also resolve #35030

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-12-16 12:08:13 +05:30
Sagar Vora
3a3a83b644 refactor: remove redundant child table permission checks 
The `check_parent_permission` calls in client.py are redundant because
`frappe.has_permission` already handles child tables via `has_child_permission`,
which performs the same validations plus additional permlevel checks.
 2025-12-01 20:37:18 +05:30
Akhil Narang
977aee5ab3
refactor: backticks aren't allowed in order_by or group_by 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Raffael Meyer
c55372a3b3
Merge pull request #34435 from barredterra/distinct-order-by-mariadb 
fix(DatabaseQuery): allow distinct order_by for MariaDB
 2025-10-24 12:28:05 +05:30
Akhil Narang
984c641bff
fix(sanitize_fields): use sqlparse for function detection 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-10-14 16:10:14 +05:30
Ejaaz Khan
e7832bfd4b
Merge pull request #32684 from iamejaaz/32489-role-perm-based-masking 
feat: show mask data in form, list and report view
 2025-10-09 10:55:50 +05:30
Akhil Narang
9d9789b752
fix(db_query): adjust doctype name detection 
Add tab prefix, and replace with `" doc "` hardcoded string

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-10-01 15:51:48 +05:30
Eben van Deventer
2e707c8a33
fix(db_query): Issue with certain DocType Names 
The previous update broke systems where DocTypes exist that contains names like Union or Select

(cherry picked from commit f997d40c56d717693c66a8b7e69d12462a673ede)
 2025-10-01 15:49:04 +05:30
mergify[bot]
16058b92af
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-30 09:00:48 +00:00
Ejaaz Khan
335c0d5f36 fix: refactor code and change field type 2025-09-30 12:38:39 +05:30
Akhil Narang
dc0b5792ba
fix(db_query): improve function checking 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-24 16:08:31 +05:30
Ejaaz Khan
54b34c9535
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-17 16:17:30 +05:30
Akhil Narang
f7d4f272ad
fix(db_query): raw string was broken 
Add another function to blacklist

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-03 16:13:16 +05:30
Ejaaz Khan
590fe7e520
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-02 10:48:06 +05:30
Akhil Narang
9a9f7e1d91
fix(db_query): check for some more functions 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-01 16:11:04 +05:30
Ejaaz Khan
c2544f9096 refactor: change approach of masking fields 2025-08-18 23:38:18 +05:30
Akhil Narang
6461592b5d
Merge pull request #32192 from henriquefalconer/fix/field-level-permissions-filtering 
fix: Field Level Permissions Not Applied Correctly in frappe.get_list
 2025-08-01 16:35:08 +05:30
mergify[bot]
c0aa39ee9a
Merge branch 'develop' into 32489-role-perm-based-masking 2025-08-01 05:57:54 +00:00
Akhil Narang
ce4f7f7418
chore: extend function blacklist 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-15 17:05:08 +05:30
Akhil Narang
0934d5117d
fix: strengthen subquery check 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-15 17:05:08 +05:30
Akhil Narang
8d62e4de01
Revert "fix(db_query): don't allow unclosed quotes" 
This reverts commit 6e6150d193.
 2025-07-15 17:05:08 +05:30
Akhil Narang
6e6150d193
fix(db_query): don't allow unclosed quotes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-07 17:37:06 +05:30
Akhil Narang
41a13a0b07
fix: tighten function check in validate_order_by_and_group_by 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-07 17:37:06 +05:30
Ejaaz Khan
cbcf16440a refactor: remove masking setting from System Settings 2025-06-26 13:06:44 +05:30
Ejaaz Khan
4a866ca370 refactor: remove useless conditions 2025-06-26 13:00:27 +05:30
Ejaaz Khan
aba7f29aa6 refactor: remove debugging statement 2025-06-10 19:54:13 +05:30
Ejaaz Khan
1d96a933cb
Merge branch 'develop' into 32489-role-perm-based-masking 2025-06-10 19:46:20 +05:30
Ejaaz Khan
ed0071df9e feat: export encrypted data and add system setting 2025-06-10 19:42:49 +05:30
Sagar Vora
7c4b6b3dc1 fix: check permissions as per specified user 2025-06-09 23:31:50 +05:30
Ankush Menat
ddbaf09125
fix: Standard field falsy comparisons in db_query (#32791) 
Extends the fix to standard fields. e0f63a928f
 2025-06-05 09:55:05 +05:30
mergify[bot]
2aacdd8d33
Merge branch 'develop' into 32489-role-perm-based-masking 2025-06-04 07:48:07 +00:00
Ejaaz Khan
a4fbe0160e feat: show mask data in form, list and report view 2025-05-27 13:16:27 +05:30
Ankush Menat
c249e75fe4
fix(db_query): allow filtering name: None (#32644) 
This doesn't make any sense, but ig it might get introduced via indirect
calls, so better to handle this in code explicitly.

closes https://github.com/frappe/frappe/issues/32643
 2025-05-23 10:02:14 +05:30
Ankush Menat
dbb1fcba99 perf: avoid ifnull for is set and is not set 2025-05-02 12:35:58 +05:30
Ankush Menat
6d32ffcc6c perf: optimize != operator when field can be null 2025-05-02 12:11:27 +05:30
Ankush Menat
e0f63a928f fix: avoid bad default of flt on string types 
🤦 this whole thing needs a refactor, fixing all bugs first to
ensure we don't screw up something in process
 2025-05-02 12:00:36 +05:30
Ankush Menat
23ffdc87ae perf: Split ifnull into two conditions 
This produces better query plan with index intersection using 2
conditions instead of fulltable scan on dumb condition

TODO: LOTS OF TESTS
 2025-05-02 11:17:53 +05:30
Ankush Menat
c317462379 fix(DX): Better formatted SQL queries from DB Query 
Avoid unnecessary tabs, thought of using dedent but unnecessary overhead
for small stylistic benefit inside code vs. stylistic benefit in logs.
 2025-05-02 11:10:05 +05:30
Ankush Menat
42f1d1b460
fix(db_query): double-escaped value (#32376) 2025-05-02 11:09:11 +05:30
Ankush Menat
dcb476c990
perf: cast dynamic links while filtering (#32294) 
lessen impact of https://github.com/frappe/frappe/issues/32287
 2025-04-25 05:43:01 +00:00