vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
51791 commits 1 branch 0 tags 587 MiB
Commit graph

999 commits

Author SHA1 Message Date
Akhil Narang
e15ec47ba1
fix(query): allow passing as in any case 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
8e03924356
fix(query): allow AggregateFunction as well in apply_field_permissions 
Without this `fields=[{"COUNT": "name"}]` didn't work, although fields=[{"COUNT": "NAME"}] did.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
7183caf871
fix(query_builder): default sorting based on doctype meta 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
90ed0502fa
refactor: support new function style 
- Migrate all SQL function usage from string format to dict format
- Old: fields=['count(*) as count']
- New: fields=[{'COUNT': '*', 'as': 'count'}]
- Add `NULLIF`

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Akhil Narang
340fe279b3
feat: add in initial version of DatabaseQuery using query builder 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-11-19 21:15:57 +05:30
Tanmoy Sarkar
5ce54d0144
feat(sqlite): Set 5s of busy_timeout 
To reduce database lock issue during concurrent write / wal merge
 2025-10-28 13:54:53 +05:30
Tanmoy Sarkar
b2e7b6fafb
fix(sqlite): Use DEFERRED isolation level 
sqlite connection starts with no transaction if isolation level hasn't provided
 2025-10-28 13:54:53 +05:30
Ankush Menat
04f9d95718
fix: Clear value cache on savepoint restore too (#34367) 2025-10-13 09:48:30 +00:00
Ankush Menat
598ba6d63d
fix: Clear DB value cache after commit/rollback (#34335) 
Respect repeatable read, but not beyond transaction, if transaction is committed during a request then cache should be invalidated.

This will likely slow down some code in a loop that did repeated queries + commit but we can't compromise correctness here.
 2025-10-10 07:42:11 +00:00
Akhil Narang
cf75128617
fix(schema): ensure int-int comparison (#34320) 
Some fields somehow have string lengths apparently

Resolves #34318 and support ticket 50658

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-10-09 15:25:50 +05:30
Soham Kulkarni
2c3b85a7e0
Merge pull request #33491 from sokumon/row-size-issue 
fix: prevent row-size limit error
 2025-10-03 11:32:54 +05:30
Akhil Narang
0fab9a0bc8
fix: create index if it doesn't exist 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-30 22:15:09 +05:30
Akhil Narang
5441658b39
feat: define regexp_replace 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-30 22:15:09 +05:30
Ejaaz Khan
a52da6c8d6 fix(db_query): != condition not working in case of None 2025-09-30 13:23:16 +05:30
Akhil Narang
6ca4d4d167
refactor(treewide): ruff format 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-26 13:16:43 +05:30
Hussain Nagaria
9bd8dc8900 refactor: cleaner handling of length and precision 2025-09-17 23:54:06 +05:30
Hussain Nagaria
c230e86e2c fix: handle length more robustly 2025-09-17 13:27:13 +05:30
sokumon
3cb061bacb fix: add reference and test_case 2025-09-04 12:54:35 +05:30
sokumon
a13bf7246f fix: prevent row-size limit error 2025-09-04 12:54:35 +05:30
Hussain Nagaria
8f83dedbba feat: allow length change for decimal columns 2025-09-03 15:28:10 +05:30
Prafful S
bd4fc118e5
feat: Database SSL one way support (#33044) 
* feat: Support one-way SSL authentication for database connections

Updated MariaDB database connection to support one-way SSL authentication

* feat(database): Add support for MySQLClient one-way SSL connections

* feat: Format and pre-commit

* fix: Default option for hostname check

* chore: simplify

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
Co-authored-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-16 06:36:19 +00:00
Ankush Menat
1ed2447f6b
fix!: Always cast db.get_value for singles (#33276) 2025-07-11 07:32:41 +00:00
Akhil Narang
8cbd51eafa
fix(sqlite): accept chain for commit and rollback (#33250) 
Don't do anything with it for now

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-08 07:14:29 +00:00
Sagar Vora
71428b7dcb
feat: utility to commit certain queries after sending response (#32978) 
* feat: utility to commit certain queries after sending response

* fix: add error handling

* refactor: subclass CallbackManager
 2025-07-08 05:02:27 +00:00
Ankush Menat
35c1cc0276
fix(DX): print execution time after printing query (#33207) 
Who reads it the other way around 🗿
 2025-07-03 09:18:19 +00:00
ruthra kumar
f19bd7c915
Merge pull request #33189 from ruthra-kumar/get_existing_procedures_and_functions 
refactor: utility method to fetch custom sql functions and procedure
 2025-07-03 10:22:51 +05:30
ruthra kumar
1ceea953fb refactor: utility method to fetch custom sql functions and procedure 2025-07-02 17:07:34 +05:30
Ankush Menat
f6567dabee
Revert: Keep None check (#33167) 
No idea why, but some numeric fields can have unspecified defaults.
 2025-06-30 12:45:38 +00:00
Corentin Forler
e94361e12b
fix(schema): Fix default value change detection for Time fields (#33142) 
* fix(schema): Handle "NULL" in default_changed_for_decimal

* fix(schema): Fix default value change detection for Time fields

* chore: format

* fix: Don't set zero default during change

This makes the check more aggresive. We by default set 0 on all numeric
fields, so we should ideally only migrate default between numbers and
not check `NULL` ever.

---------

Co-authored-by: Ankush Menat <ankush@frappe.io>
 2025-06-30 11:34:01 +00:00
Ankush Menat
1a1dc0a62c
fix: more bad migrations and sanity test (#33112) 
* test: prevent unnecessary migrations

* fix: Avoid resyncing JSON repeatedly

* fix: Varchar not nullable defaults should be casted

* fix: force cast to float before

Bad default values cause it to break.
 2025-06-26 10:31:55 +00:00
Ankush Menat
02ee722e5a
fix: Avoid unnecessary int/long-int migrations (#33109) 
Because size wasn't specified it kept syncing over and over again.

Specified default sizes for mariadb.
 2025-06-26 12:39:44 +05:30
Ankush Menat
40b465ee0d
fix: Avoid unnecessary syncing defaults (#33108) 
When default is `'0.0000'` (string) it gets synced again and again even
though it will end up being 0 again.
 2025-06-26 06:49:44 +00:00
Ankush Menat
2a1d3dd474
fix: Unnecessary migration from hard-coded not-nullable fields (#33107) 2025-06-26 06:25:14 +00:00
Faris Ansari
d584b8691d
Merge pull request #32381 from netchampfaris/api-v2-fixes 
feat!: Apply permissions in frappe.qb.get_query

Enhancements:
- Supports applying permissions
- Strict input parsing

BREAKING CHANGE:
```py
# Before
frappe.qb.get_query("Task", fields=["sum(is_completed) as count"])

# After
frappe.qb.get_query("Task", fields=[{"SUM": "is_completed", "as": "count"}])
```
 2025-06-23 15:50:25 +05:30
Faris Ansari
c2e08b3822 chore: remove unused code 2025-06-23 14:54:22 +05:30
Ankush Menat
b57eb60486
perf: chain db transactions (#33004) 
* perf: chain transactions

Frequently used rollback/commits can be modified to chain previous
transaction.

This reduces one query to DB in most requests.

* perf: chain transactions in requests
 2025-06-19 12:37:39 +05:30
Faris Ansari
f2a0724f9a feat: add back sql functions support with json syntax 
```
fields=['user_type', {'COUNT': 'name', 'as': 'total'}]
fields=[{"IFNULL": ["first_name", "'Unknown'"], "as": "safe_name"}]
```
 2025-06-18 16:15:25 +05:30
Faris Ansari
840e7991ce fix: dont allow partial backticks 
- add tests
 2025-06-18 16:14:32 +05:30
Faris Ansari
3f65806a0b fix: harden group by and order by inputs 
- only field, link_field.field, child_field.field allowed
- dont allow backticks
- add permlevel check
- add tests
 2025-06-18 16:10:52 +05:30
Faris Ansari
420e891d96 feat: remove support for sql functions in fields 2025-06-18 16:10:52 +05:30
Faris Ansari
9a84f20436 feat: add support for nested AND and OR conditions 2025-06-18 16:10:52 +05:30
Faris Ansari
b2a37f86b3 fix: filtering should only be allowed on permitted fields 2025-06-18 16:00:22 +05:30
Faris Ansari
f77a940582 fix: check permlevel for fields like "link_field.fieldname" 2025-06-18 16:00:22 +05:30
Faris Ansari
63afc0601b fix: restrict child table access if user has only "select" on parent 2025-06-18 16:00:22 +05:30
Faris Ansari
87664ad604 refactor: Enhance field and function parsing in query engine 
- Introduce `SqlFunctionParser` for robust parsing of supported SQL functions (e.g., `COUNT(*)`, `SUM(amount) as total`, `AVG(price - cost)`), replacing get_function_object and has_function.
- Refactor `DynamicTableField.parse` for improved handling of:
    - Aliases (case-insensitive `as`, quoted/unquoted).
    - `tabDocType.fieldname` notation (distinguishing child vs. main doctype refs).
    - Add validation and better error handling during parsing.
- Rewrite filter field validation (`_validate_and_prepare_filter_field`):
    - Disallow backticks (`) in filter field names.
    - Enforce specific patterns for dot notation (link/child fields only, reject `tabDoc.field`).
    - Validate character sets for simple field names.
- Update standard field parsing (`parse_string_field`, `ALLOWED_FIELD_PATTERN`, `FIELD_PARSE_REGEX`):
    - Support quoted table names potentially containing spaces (e.g., `tabTable Name`.`field`).
- Improve `parse_fields` and `_parse_single_field_item` logic:
    - Handle direct pypika `Field`/`AggregateFunction` inputs.
    - Reliably split comma-separated field strings.
```
 2025-06-18 16:00:22 +05:30
Faris Ansari
ddca77429c fix: secure query building 
Add strict validation using regex for fields in SELECT, filters, GROUP BY, and ORDER BY clauses to avoid potential SQL injection risks.

Refactor field parsing and validation logic into dedicated functions.
 2025-06-18 16:00:22 +05:30
Faris Ansari
8aa4c1030f fix: add support for AND, OR, NOT in RawCriterion 2025-06-18 15:56:11 +05:30
Faris Ansari
a94c143314 fix: add support for permission query conditions 2025-06-18 15:56:11 +05:30
Faris Ansari
f707cf5722 fix: raise PermissionError instead of ValidationError 2025-06-18 15:56:11 +05:30
Faris Ansari
f580cb3dad fix: add child query to allowed fields 2025-06-18 15:56:11 +05:30