vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
51348 commits 1 branch 0 tags 587 MiB
Commit graph

503 commits

Author SHA1 Message Date
Akhil Narang
984c641bff
fix(sanitize_fields): use sqlparse for function detection 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-10-14 16:10:14 +05:30
Ejaaz Khan
e7832bfd4b
Merge pull request #32684 from iamejaaz/32489-role-perm-based-masking 
feat: show mask data in form, list and report view
 2025-10-09 10:55:50 +05:30
Akhil Narang
9d9789b752
fix(db_query): adjust doctype name detection 
Add tab prefix, and replace with `" doc "` hardcoded string

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-10-01 15:51:48 +05:30
Eben van Deventer
2e707c8a33
fix(db_query): Issue with certain DocType Names 
The previous update broke systems where DocTypes exist that contains names like Union or Select

(cherry picked from commit f997d40c56d717693c66a8b7e69d12462a673ede)
 2025-10-01 15:49:04 +05:30
mergify[bot]
16058b92af
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-30 09:00:48 +00:00
Ejaaz Khan
335c0d5f36 fix: refactor code and change field type 2025-09-30 12:38:39 +05:30
Akhil Narang
dc0b5792ba
fix(db_query): improve function checking 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-24 16:08:31 +05:30
Ejaaz Khan
54b34c9535
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-17 16:17:30 +05:30
Akhil Narang
f7d4f272ad
fix(db_query): raw string was broken 
Add another function to blacklist

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-03 16:13:16 +05:30
Ejaaz Khan
590fe7e520
Merge branch 'develop' into 32489-role-perm-based-masking 2025-09-02 10:48:06 +05:30
Akhil Narang
9a9f7e1d91
fix(db_query): check for some more functions 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-01 16:11:04 +05:30
Ejaaz Khan
c2544f9096 refactor: change approach of masking fields 2025-08-18 23:38:18 +05:30
Akhil Narang
6461592b5d
Merge pull request #32192 from henriquefalconer/fix/field-level-permissions-filtering 
fix: Field Level Permissions Not Applied Correctly in frappe.get_list
 2025-08-01 16:35:08 +05:30
mergify[bot]
c0aa39ee9a
Merge branch 'develop' into 32489-role-perm-based-masking 2025-08-01 05:57:54 +00:00
Akhil Narang
ce4f7f7418
chore: extend function blacklist 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-15 17:05:08 +05:30
Akhil Narang
0934d5117d
fix: strengthen subquery check 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-15 17:05:08 +05:30
Akhil Narang
8d62e4de01
Revert "fix(db_query): don't allow unclosed quotes" 
This reverts commit 6e6150d193.
 2025-07-15 17:05:08 +05:30
Akhil Narang
6e6150d193
fix(db_query): don't allow unclosed quotes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-07 17:37:06 +05:30
Akhil Narang
41a13a0b07
fix: tighten function check in validate_order_by_and_group_by 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-07-07 17:37:06 +05:30
Ejaaz Khan
cbcf16440a refactor: remove masking setting from System Settings 2025-06-26 13:06:44 +05:30
Ejaaz Khan
4a866ca370 refactor: remove useless conditions 2025-06-26 13:00:27 +05:30
Ejaaz Khan
aba7f29aa6 refactor: remove debugging statement 2025-06-10 19:54:13 +05:30
Ejaaz Khan
1d96a933cb
Merge branch 'develop' into 32489-role-perm-based-masking 2025-06-10 19:46:20 +05:30
Ejaaz Khan
ed0071df9e feat: export encrypted data and add system setting 2025-06-10 19:42:49 +05:30
Sagar Vora
7c4b6b3dc1 fix: check permissions as per specified user 2025-06-09 23:31:50 +05:30
Ankush Menat
ddbaf09125
fix: Standard field falsy comparisons in db_query (#32791) 
Extends the fix to standard fields. e0f63a928f
 2025-06-05 09:55:05 +05:30
mergify[bot]
2aacdd8d33
Merge branch 'develop' into 32489-role-perm-based-masking 2025-06-04 07:48:07 +00:00
Ejaaz Khan
a4fbe0160e feat: show mask data in form, list and report view 2025-05-27 13:16:27 +05:30
Ankush Menat
c249e75fe4
fix(db_query): allow filtering name: None (#32644) 
This doesn't make any sense, but ig it might get introduced via indirect
calls, so better to handle this in code explicitly.

closes https://github.com/frappe/frappe/issues/32643
 2025-05-23 10:02:14 +05:30
Ankush Menat
dbb1fcba99 perf: avoid ifnull for is set and is not set 2025-05-02 12:35:58 +05:30
Ankush Menat
6d32ffcc6c perf: optimize != operator when field can be null 2025-05-02 12:11:27 +05:30
Ankush Menat
e0f63a928f fix: avoid bad default of flt on string types 
🤦 this whole thing needs a refactor, fixing all bugs first to
ensure we don't screw up something in process
 2025-05-02 12:00:36 +05:30
Ankush Menat
23ffdc87ae perf: Split ifnull into two conditions 
This produces better query plan with index intersection using 2
conditions instead of fulltable scan on dumb condition

TODO: LOTS OF TESTS
 2025-05-02 11:17:53 +05:30
Ankush Menat
c317462379 fix(DX): Better formatted SQL queries from DB Query 
Avoid unnecessary tabs, thought of using dedent but unnecessary overhead
for small stylistic benefit inside code vs. stylistic benefit in logs.
 2025-05-02 11:10:05 +05:30
Ankush Menat
42f1d1b460
fix(db_query): double-escaped value (#32376) 2025-05-02 11:09:11 +05:30
Ankush Menat
dcb476c990
perf: cast dynamic links while filtering (#32294) 
lessen impact of https://github.com/frappe/frappe/issues/32287
 2025-04-25 05:43:01 +00:00
Akhil Narang
7255c5fdf2
fix(db_query): improve subquery check 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-04-22 11:40:09 +05:30
Akhil Narang
9cf718b8f6
fix(db_query): use re.DOTALL 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-04-22 11:30:29 +05:30
Henrique
d3c01452c4 fix: correct field level permissions filtering in frappe.get_list 2025-04-18 02:19:55 -03:00
Akhil Narang
ad32216040
fix: support sqlite 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-04-15 13:59:16 +05:30
Sagar Vora
6ca6e2aebd perf: improve get_permitted_fields logic 2025-03-17 08:55:32 +05:30
Sagar Vora
628ddfd494 perf: remove repeated calls to get_permitted_fieldnames 2025-03-16 23:39:46 +05:30
Ankush Menat
3bfc9fa8da
perf: Don't update list view settings on every query (#31743) 
It literally doesn't do anything ever.

User settings are explicitly updated using `user_settings.save` endpoint.
 2025-03-16 05:35:39 +00:00
Ankush Menat
357b6fb11a
perf: don't parse comments just to get comment count (#28921) 
This parsing isn't necessary and we are copying all of _comments just to count
how many there are.

Imagine 2500 documents w/ 1-2 auto generated comments each.
 2025-03-13 05:00:21 +00:00
Akhil Narang
bada8cabcb
fix(db_query): improve regex 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-03-07 16:57:27 +05:30
Akhil Narang
3c01bf3d5c
fix: check properly for blacklisted function usage 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-03-05 14:17:39 +05:30
Ankush Menat
dd44b3dba6
perf: cast int-link field filters to string (#31396) 
Comparing varchar field with ints makes indexes unusable in MariaDB.

This PR is just one small fix for DB query, similar fixes won't be made
for DB APIs which do not assume anything about database schema.
 2025-02-24 10:39:55 +00:00
Ankush Menat
fdba41c682
perf: misc client cache improvements (#29070) 
* perf: Reduce penalty for lack of redis connection

If redis isn't running than this client cache is slower than default
implementation because of the extra locking overhead.

* test: update perf redis counts

* perf: cache table columns in client-cache

* fix: race condition on cache-client_cache init

Rare but apparant in synthetic benchmarks.

Cache is set but client cache is still being initialized then request
will fail.

* perf: Don't run notifications when loading document

WHAT?

* fix: use cached doc to repopulate

* perf: reduce get_meta calls
 2025-01-07 16:14:43 +05:30
David Arnold
75377aaaf5
refactor(typing): type filters (#28218) 
* chore(typing): type filters

* chore(typing): type filters for get_list et al

* fix: dashboard chart filter expression

* test: fix case with new-style right hand object to equality check

* chore: place new typed filter under typing verification

* chore: remove debug print statment

* chore: inverse logic of type guard

* fix: add float to filter value types

* chore: clarify value naming
 2024-12-04 23:18:53 +00:00
Akhil Narang
84ef6ec677
refactor: fixup with ruff 0.8.1 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-12-04 13:18:04 +05:30