refactor: Format and sanitise user inputs to search queries. (#22913)
* refactor: Sanitize whitelisted method inputs Co-authored-by: Prssanna Desai <prssud@gmail.com> Co-authored-by: Shivam Mishra <scmmishra@users.noreply.github.com> * refactor: Format and sanitize tax_account_query inputs Co-authored-by: Nabin Hait <nabinhait@gmail.com> Co-authored-by: Prssanna Desai <prssud@gmail.com> Co-authored-by: Shivam Mishra <scmmishra@users.noreply.github.com> * refactor: Validate and sanitize search inputs via decorator Co-authored-by: Nabin Hait <nabinhait@gmail.com> Co-authored-by: Prssanna Desai <prssud@gmail.com> Co-authored-by: Shivam Mishra <scmmishra@users.noreply.github.com> * style: Minor formatting fix * refactor: Validate and sanitize search inputs using decorator * fix: Typo * fix: Remove unwanted import statement * refactor: Repalce validate_and_sanitize_search_inputs() with validate_and_sanitize_search_inputs Co-authored-by: Prssanna Desai <prssud@gmail.com> Co-authored-by: Shivam Mishra <scmmishra@users.noreply.github.com> Co-authored-by: Prssanna Desai <prssud@gmail.com> Co-authored-by: Shivam Mishra <scmmishra@users.noreply.github.com> Co-authored-by: Nabin Hait <nabinhait@gmail.com>
This commit is contained in:
Suraj Shetty
GitHub
parent
0c818927a5
commit
1923ef052c
@ -244,6 +244,8 @@ class Account(NestedSet):
|
|||||||
|
|
||||||
super(Account, self).on_trash(True)
|
super(Account, self).on_trash(True)
|
||||||
|
|
||||||
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_parent_account(doctype, txt, searchfield, start, page_len, filters):
|
def get_parent_account(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql("""select name from tabAccount
|
return frappe.db.sql("""select name from tabAccount
|
||||||
where is_group = 1 and docstatus != 2 and company = %s
|
where is_group = 1 and docstatus != 2 and company = %s
|
||||||
|
|||||||
@ -841,13 +841,33 @@ def get_opening_accounts(company):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_against_jv(doctype, txt, searchfield, start, page_len, filters):
|
def get_against_jv(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql("""select jv.name, jv.posting_date, jv.user_remark
|
if not frappe.db.has_column('Journal Entry', searchfield):
|
||||||
from `tabJournal Entry` jv, `tabJournal Entry Account` jv_detail
|
return []
|
||||||
where jv_detail.parent = jv.name and jv_detail.account = %s and ifnull(jv_detail.party, '') = %s
|
|
||||||
and (jv_detail.reference_type is null or jv_detail.reference_type = '')
|
return frappe.db.sql("""
|
||||||
and jv.docstatus = 1 and jv.`{0}` like %s order by jv.name desc limit %s, %s""".format(searchfield),
|
SELECT jv.name, jv.posting_date, jv.user_remark
|
||||||
(filters.get("account"), cstr(filters.get("party")), "%{0}%".format(txt), start, page_len))
|
FROM `tabJournal Entry` jv, `tabJournal Entry Account` jv_detail
|
||||||
|
WHERE jv_detail.parent = jv.name
|
||||||
|
AND jv_detail.account = %(account)s
|
||||||
|
AND IFNULL(jv_detail.party, '') = %(party)s
|
||||||
|
AND (
|
||||||
|
jv_detail.reference_type IS NULL
|
||||||
|
OR jv_detail.reference_type = ''
|
||||||
|
)
|
||||||
|
AND jv.docstatus = 1
|
||||||
|
AND jv.`{0}` LIKE %(txt)s
|
||||||
|
ORDER BY jv.name DESC
|
||||||
|
LIMIT %(offset)s, %(limit)s
|
||||||
|
""".format(searchfield), dict(
|
||||||
|
account=filters.get("account"),
|
||||||
|
party=cstr(filters.get("party")),
|
||||||
|
txt="%{0}%".format(txt),
|
||||||
|
offset=start,
|
||||||
|
limit=page_len
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
|||||||
@ -27,6 +27,7 @@ class PaymentOrder(Document):
|
|||||||
frappe.db.set_value(self.payment_order_type, d.get(frappe.scrub(self.payment_order_type)), ref_field, status)
|
frappe.db.set_value(self.payment_order_type, d.get(frappe.scrub(self.payment_order_type)), ref_field, status)
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_mop_query(doctype, txt, searchfield, start, page_len, filters):
|
def get_mop_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql(""" select mode_of_payment from `tabPayment Order Reference`
|
return frappe.db.sql(""" select mode_of_payment from `tabPayment Order Reference`
|
||||||
where parent = %(parent)s and mode_of_payment like %(txt)s
|
where parent = %(parent)s and mode_of_payment like %(txt)s
|
||||||
@ -38,6 +39,7 @@ def get_mop_query(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
})
|
})
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_supplier_query(doctype, txt, searchfield, start, page_len, filters):
|
def get_supplier_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql(""" select supplier from `tabPayment Order Reference`
|
return frappe.db.sql(""" select supplier from `tabPayment Order Reference`
|
||||||
where parent = %(parent)s and supplier like %(txt)s and
|
where parent = %(parent)s and supplier like %(txt)s and
|
||||||
|
|||||||
@ -41,6 +41,7 @@ class POSClosingEntry(Document):
|
|||||||
{"data": self, "currency": currency})
|
{"data": self, "currency": currency})
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_cashiers(doctype, txt, searchfield, start, page_len, filters):
|
def get_cashiers(doctype, txt, searchfield, start, page_len, filters):
|
||||||
cashiers_list = frappe.get_all("POS Profile User", filters=filters, fields=['user'])
|
cashiers_list = frappe.get_all("POS Profile User", filters=filters, fields=['user'])
|
||||||
return [c['user'] for c in cashiers_list]
|
return [c['user'] for c in cashiers_list]
|
||||||
|
|||||||
@ -105,6 +105,7 @@ def get_series():
|
|||||||
return frappe.get_meta("POS Invoice").get_field("naming_series").options or "s"
|
return frappe.get_meta("POS Invoice").get_field("naming_series").options or "s"
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def pos_profile_query(doctype, txt, searchfield, start, page_len, filters):
|
def pos_profile_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
user = frappe.session['user']
|
user = frappe.session['user']
|
||||||
company = filters.get('company') or frappe.defaults.get_user_default('company')
|
company = filters.get('company') or frappe.defaults.get_user_default('company')
|
||||||
|
|||||||
@ -433,14 +433,14 @@ def make_pricing_rule(doctype, docname):
|
|||||||
return doc
|
return doc
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_item_uoms(doctype, txt, searchfield, start, page_len, filters):
|
def get_item_uoms(doctype, txt, searchfield, start, page_len, filters):
|
||||||
items = [filters.get('value')]
|
items = [filters.get('value')]
|
||||||
if filters.get('apply_on') != 'Item Code':
|
if filters.get('apply_on') != 'Item Code':
|
||||||
field = frappe.scrub(filters.get('apply_on'))
|
field = frappe.scrub(filters.get('apply_on'))
|
||||||
|
items = [d.name for d in frappe.db.get_all("Item", filters={field: filters.get('value')})]
|
||||||
|
|
||||||
items = frappe.db.sql_list("""select name
|
return frappe.get_all('UOM Conversion Detail', filters={
|
||||||
from `tabItem` where {0} = %s""".format(field), filters.get('value'))
|
'parent': ('in', items),
|
||||||
|
'uom': ("like", "{0}%".format(txt))
|
||||||
return frappe.get_all('UOM Conversion Detail',
|
}, fields = ["distinct uom"], as_list=1)
|
||||||
filters = {'parent': ('in', items), 'uom': ("like", "{0}%".format(txt))},
|
|
||||||
fields = ["distinct uom"], as_list=1)
|
|
||||||
|
|||||||
@ -290,6 +290,7 @@ def get_matching_transactions_payments(description_matching):
|
|||||||
return []
|
return []
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def payment_entry_query(doctype, txt, searchfield, start, page_len, filters):
|
def payment_entry_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
account = frappe.db.get_value("Bank Account", filters.get("bank_account"), "account")
|
account = frappe.db.get_value("Bank Account", filters.get("bank_account"), "account")
|
||||||
if not account:
|
if not account:
|
||||||
@ -319,6 +320,7 @@ def payment_entry_query(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
)
|
)
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def journal_entry_query(doctype, txt, searchfield, start, page_len, filters):
|
def journal_entry_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
account = frappe.db.get_value("Bank Account", filters.get("bank_account"), "account")
|
account = frappe.db.get_value("Bank Account", filters.get("bank_account"), "account")
|
||||||
|
|
||||||
@ -355,6 +357,7 @@ def journal_entry_query(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
)
|
)
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def sales_invoices_query(doctype, txt, searchfield, start, page_len, filters):
|
def sales_invoices_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql("""
|
return frappe.db.sql("""
|
||||||
SELECT
|
SELECT
|
||||||
|
|||||||
@ -106,6 +106,7 @@ def update_maintenance_log(asset_maintenance, item_code, item_name, task):
|
|||||||
maintenance_log.save()
|
maintenance_log.save()
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_team_members(doctype, txt, searchfield, start, page_len, filters):
|
def get_team_members(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.get_values('Maintenance Team Member', { 'parent': filters.get("maintenance_team") })
|
return frappe.db.get_values('Maintenance Team Member', { 'parent': filters.get("maintenance_team") })
|
||||||
|
|
||||||
|
|||||||
@ -41,6 +41,7 @@ class AssetMaintenanceLog(Document):
|
|||||||
asset_maintenance_doc.save()
|
asset_maintenance_doc.save()
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_maintenance_tasks(doctype, txt, searchfield, start, page_len, filters):
|
def get_maintenance_tasks(doctype, txt, searchfield, start, page_len, filters):
|
||||||
asset_maintenance_tasks = frappe.db.get_values('Asset Maintenance Task', {'parent':filters.get("asset_maintenance")}, 'maintenance_task')
|
asset_maintenance_tasks = frappe.db.get_values('Asset Maintenance Task', {'parent':filters.get("asset_maintenance")}, 'maintenance_task')
|
||||||
return asset_maintenance_tasks
|
return asset_maintenance_tasks
|
||||||
|
|||||||
@ -207,6 +207,7 @@ def get_list_context(context=None):
|
|||||||
return list_context
|
return list_context
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_supplier_contacts(doctype, txt, searchfield, start, page_len, filters):
|
def get_supplier_contacts(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql("""select `tabContact`.name from `tabContact`, `tabDynamic Link`
|
return frappe.db.sql("""select `tabContact`.name from `tabContact`, `tabDynamic Link`
|
||||||
where `tabDynamic Link`.link_doctype = 'Supplier' and (`tabDynamic Link`.link_name=%(name)s
|
where `tabDynamic Link`.link_doctype = 'Supplier' and (`tabDynamic Link`.link_name=%(name)s
|
||||||
|
|||||||
@ -12,6 +12,7 @@ from frappe.utils import unique
|
|||||||
|
|
||||||
# searches for active employees
|
# searches for active employees
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def employee_query(doctype, txt, searchfield, start, page_len, filters):
|
def employee_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
conditions = []
|
conditions = []
|
||||||
fields = get_fields("Employee", ["name", "employee_name"])
|
fields = get_fields("Employee", ["name", "employee_name"])
|
||||||
@ -42,6 +43,7 @@ def employee_query(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
# searches for leads which are not converted
|
# searches for leads which are not converted
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def lead_query(doctype, txt, searchfield, start, page_len, filters):
|
def lead_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
fields = get_fields("Lead", ["name", "lead_name", "company_name"])
|
fields = get_fields("Lead", ["name", "lead_name", "company_name"])
|
||||||
|
|
||||||
@ -72,6 +74,7 @@ def lead_query(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
# searches for customer
|
# searches for customer
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def customer_query(doctype, txt, searchfield, start, page_len, filters):
|
def customer_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
conditions = []
|
conditions = []
|
||||||
cust_master_name = frappe.defaults.get_user_default("cust_master_name")
|
cust_master_name = frappe.defaults.get_user_default("cust_master_name")
|
||||||
@ -110,8 +113,10 @@ def customer_query(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
# searches for supplier
|
# searches for supplier
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def supplier_query(doctype, txt, searchfield, start, page_len, filters):
|
def supplier_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
supp_master_name = frappe.defaults.get_user_default("supp_master_name")
|
supp_master_name = frappe.defaults.get_user_default("supp_master_name")
|
||||||
|
|
||||||
if supp_master_name == "Supplier Name":
|
if supp_master_name == "Supplier Name":
|
||||||
fields = ["name", "supplier_group"]
|
fields = ["name", "supplier_group"]
|
||||||
else:
|
else:
|
||||||
@ -142,32 +147,49 @@ def supplier_query(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def tax_account_query(doctype, txt, searchfield, start, page_len, filters):
|
def tax_account_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
company_currency = erpnext.get_company_currency(filters.get('company'))
|
company_currency = erpnext.get_company_currency(filters.get('company'))
|
||||||
|
|
||||||
tax_accounts = frappe.db.sql("""select name, parent_account from tabAccount
|
def get_accounts(with_account_type_filter):
|
||||||
where tabAccount.docstatus!=2
|
account_type_condition = ''
|
||||||
and account_type in (%s)
|
if with_account_type_filter:
|
||||||
and is_group = 0
|
account_type_condition = "AND account_type in %(account_types)s"
|
||||||
and company = %s
|
|
||||||
and account_currency = %s
|
accounts = frappe.db.sql("""
|
||||||
and `%s` LIKE %s
|
SELECT name, parent_account
|
||||||
order by idx desc, name
|
FROM `tabAccount`
|
||||||
limit %s, %s""" %
|
WHERE `tabAccount`.docstatus!=2
|
||||||
(", ".join(['%s']*len(filters.get("account_type"))), "%s", "%s", searchfield, "%s", "%s", "%s"),
|
{account_type_condition}
|
||||||
tuple(filters.get("account_type") + [filters.get("company"), company_currency, "%%%s%%" % txt,
|
AND is_group = 0
|
||||||
start, page_len]))
|
AND company = %(company)s
|
||||||
|
AND account_currency = %(currency)s
|
||||||
|
AND `{searchfield}` LIKE %(txt)s
|
||||||
|
ORDER BY idx DESC, name
|
||||||
|
LIMIT %(offset)s, %(limit)s
|
||||||
|
""".format(account_type_condition=account_type_condition, searchfield=searchfield),
|
||||||
|
dict(
|
||||||
|
account_types=filters.get("account_type"),
|
||||||
|
company=filters.get("company"),
|
||||||
|
currency=company_currency,
|
||||||
|
txt="%{}%".format(txt),
|
||||||
|
offset=start,
|
||||||
|
limit=page_len
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
return accounts
|
||||||
|
|
||||||
|
tax_accounts = get_accounts(True)
|
||||||
|
|
||||||
if not tax_accounts:
|
if not tax_accounts:
|
||||||
tax_accounts = frappe.db.sql("""select name, parent_account from tabAccount
|
tax_accounts = get_accounts(False)
|
||||||
where tabAccount.docstatus!=2 and is_group = 0
|
|
||||||
and company = %s and account_currency = %s and `%s` LIKE %s limit %s, %s""" #nosec
|
|
||||||
% ("%s", "%s", searchfield, "%s", "%s", "%s"),
|
|
||||||
(filters.get("company"), company_currency, "%%%s%%" % txt, start, page_len))
|
|
||||||
|
|
||||||
return tax_accounts
|
return tax_accounts
|
||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def item_query(doctype, txt, searchfield, start, page_len, filters, as_dict=False):
|
def item_query(doctype, txt, searchfield, start, page_len, filters, as_dict=False):
|
||||||
conditions = []
|
conditions = []
|
||||||
|
|
||||||
@ -215,7 +237,6 @@ def item_query(doctype, txt, searchfield, start, page_len, filters, as_dict=Fals
|
|||||||
idx desc,
|
idx desc,
|
||||||
name, item_name
|
name, item_name
|
||||||
limit %(start)s, %(page_len)s """.format(
|
limit %(start)s, %(page_len)s """.format(
|
||||||
key=searchfield,
|
|
||||||
columns=columns,
|
columns=columns,
|
||||||
scond=searchfields,
|
scond=searchfields,
|
||||||
fcond=get_filters_cond(doctype, filters, conditions).replace('%', '%%'),
|
fcond=get_filters_cond(doctype, filters, conditions).replace('%', '%%'),
|
||||||
@ -231,6 +252,7 @@ def item_query(doctype, txt, searchfield, start, page_len, filters, as_dict=Fals
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def bom(doctype, txt, searchfield, start, page_len, filters):
|
def bom(doctype, txt, searchfield, start, page_len, filters):
|
||||||
conditions = []
|
conditions = []
|
||||||
fields = get_fields("BOM", ["name", "item"])
|
fields = get_fields("BOM", ["name", "item"])
|
||||||
@ -258,6 +280,7 @@ def bom(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_project_name(doctype, txt, searchfield, start, page_len, filters):
|
def get_project_name(doctype, txt, searchfield, start, page_len, filters):
|
||||||
cond = ''
|
cond = ''
|
||||||
if filters.get('customer'):
|
if filters.get('customer'):
|
||||||
@ -285,6 +308,7 @@ def get_project_name(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_delivery_notes_to_be_billed(doctype, txt, searchfield, start, page_len, filters, as_dict):
|
def get_delivery_notes_to_be_billed(doctype, txt, searchfield, start, page_len, filters, as_dict):
|
||||||
fields = get_fields("Delivery Note", ["name", "customer", "posting_date"])
|
fields = get_fields("Delivery Note", ["name", "customer", "posting_date"])
|
||||||
|
|
||||||
@ -315,6 +339,7 @@ def get_delivery_notes_to_be_billed(doctype, txt, searchfield, start, page_len,
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_batch_no(doctype, txt, searchfield, start, page_len, filters):
|
def get_batch_no(doctype, txt, searchfield, start, page_len, filters):
|
||||||
cond = ""
|
cond = ""
|
||||||
if filters.get("posting_date"):
|
if filters.get("posting_date"):
|
||||||
@ -373,6 +398,7 @@ def get_batch_no(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_account_list(doctype, txt, searchfield, start, page_len, filters):
|
def get_account_list(doctype, txt, searchfield, start, page_len, filters):
|
||||||
filter_list = []
|
filter_list = []
|
||||||
|
|
||||||
@ -395,8 +421,8 @@ def get_account_list(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
fields = ["name", "parent_account"],
|
fields = ["name", "parent_account"],
|
||||||
limit_start=start, limit_page_length=page_len, as_list=True)
|
limit_start=start, limit_page_length=page_len, as_list=True)
|
||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_blanket_orders(doctype, txt, searchfield, start, page_len, filters):
|
def get_blanket_orders(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql("""select distinct bo.name, bo.blanket_order_type, bo.to_date
|
return frappe.db.sql("""select distinct bo.name, bo.blanket_order_type, bo.to_date
|
||||||
from `tabBlanket Order` bo, `tabBlanket Order Item` boi
|
from `tabBlanket Order` bo, `tabBlanket Order Item` boi
|
||||||
@ -413,6 +439,7 @@ def get_blanket_orders(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_income_account(doctype, txt, searchfield, start, page_len, filters):
|
def get_income_account(doctype, txt, searchfield, start, page_len, filters):
|
||||||
from erpnext.controllers.queries import get_match_cond
|
from erpnext.controllers.queries import get_match_cond
|
||||||
|
|
||||||
@ -439,6 +466,7 @@ def get_income_account(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_expense_account(doctype, txt, searchfield, start, page_len, filters):
|
def get_expense_account(doctype, txt, searchfield, start, page_len, filters):
|
||||||
from erpnext.controllers.queries import get_match_cond
|
from erpnext.controllers.queries import get_match_cond
|
||||||
|
|
||||||
@ -463,6 +491,7 @@ def get_expense_account(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def warehouse_query(doctype, txt, searchfield, start, page_len, filters):
|
def warehouse_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
# Should be used when item code is passed in filters.
|
# Should be used when item code is passed in filters.
|
||||||
conditions, bin_conditions = [], []
|
conditions, bin_conditions = [], []
|
||||||
@ -506,6 +535,7 @@ def get_doctype_wise_filters(filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_batch_numbers(doctype, txt, searchfield, start, page_len, filters):
|
def get_batch_numbers(doctype, txt, searchfield, start, page_len, filters):
|
||||||
query = """select batch_id from `tabBatch`
|
query = """select batch_id from `tabBatch`
|
||||||
where disabled = 0
|
where disabled = 0
|
||||||
@ -519,6 +549,7 @@ def get_batch_numbers(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def item_manufacturer_query(doctype, txt, searchfield, start, page_len, filters):
|
def item_manufacturer_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
item_filters = [
|
item_filters = [
|
||||||
['manufacturer', 'like', '%' + txt + '%'],
|
['manufacturer', 'like', '%' + txt + '%'],
|
||||||
@ -537,6 +568,7 @@ def item_manufacturer_query(doctype, txt, searchfield, start, page_len, filters)
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_purchase_receipts(doctype, txt, searchfield, start, page_len, filters):
|
def get_purchase_receipts(doctype, txt, searchfield, start, page_len, filters):
|
||||||
query = """
|
query = """
|
||||||
select pr.name
|
select pr.name
|
||||||
@ -551,6 +583,7 @@ def get_purchase_receipts(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_purchase_invoices(doctype, txt, searchfield, start, page_len, filters):
|
def get_purchase_invoices(doctype, txt, searchfield, start, page_len, filters):
|
||||||
query = """
|
query = """
|
||||||
select pi.name
|
select pi.name
|
||||||
@ -565,6 +598,7 @@ def get_purchase_invoices(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_tax_template(doctype, txt, searchfield, start, page_len, filters):
|
def get_tax_template(doctype, txt, searchfield, start, page_len, filters):
|
||||||
|
|
||||||
item_doc = frappe.get_cached_doc('Item', filters.get('item_code'))
|
item_doc = frappe.get_cached_doc('Item', filters.get('item_code'))
|
||||||
|
|||||||
@ -97,6 +97,7 @@ class ProgramEnrollment(Document):
|
|||||||
return quiz_progress
|
return quiz_progress
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_program_courses(doctype, txt, searchfield, start, page_len, filters):
|
def get_program_courses(doctype, txt, searchfield, start, page_len, filters):
|
||||||
if filters.get('program'):
|
if filters.get('program'):
|
||||||
return frappe.db.sql("""select course, course_name from `tabProgram Course`
|
return frappe.db.sql("""select course, course_name from `tabProgram Course`
|
||||||
@ -115,6 +116,7 @@ def get_program_courses(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
})
|
})
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_students(doctype, txt, searchfield, start, page_len, filters):
|
def get_students(doctype, txt, searchfield, start, page_len, filters):
|
||||||
if not filters.get("academic_term"):
|
if not filters.get("academic_term"):
|
||||||
filters["academic_term"] = frappe.defaults.get_defaults().academic_term
|
filters["academic_term"] = frappe.defaults.get_defaults().academic_term
|
||||||
|
|||||||
@ -108,6 +108,7 @@ def get_program_enrollment(academic_year, academic_term=None, program=None, batc
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def fetch_students(doctype, txt, searchfield, start, page_len, filters):
|
def fetch_students(doctype, txt, searchfield, start, page_len, filters):
|
||||||
if filters.get("group_based_on") != "Activity":
|
if filters.get("group_based_on") != "Activity":
|
||||||
enrolled_students = get_program_enrollment(filters.get('academic_year'), filters.get('academic_term'),
|
enrolled_students = get_program_enrollment(filters.get('academic_year'), filters.get('academic_term'),
|
||||||
|
|||||||
@ -71,6 +71,7 @@ def validate_service_item(item, msg):
|
|||||||
frappe.throw(_(msg))
|
frappe.throw(_(msg))
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_practitioner_list(doctype, txt, searchfield, start, page_len, filters=None):
|
def get_practitioner_list(doctype, txt, searchfield, start, page_len, filters=None):
|
||||||
fields = ['name', 'practitioner_name', 'mobile_phone']
|
fields = ['name', 'practitioner_name', 'mobile_phone']
|
||||||
|
|
||||||
|
|||||||
@ -222,6 +222,7 @@ def patient_leave_service_unit(inpatient_record, check_out, leave_from):
|
|||||||
inpatient_record.save(ignore_permissions = True)
|
inpatient_record.save(ignore_permissions = True)
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_leave_from(doctype, txt, searchfield, start, page_len, filters):
|
def get_leave_from(doctype, txt, searchfield, start, page_len, filters):
|
||||||
docname = filters['docname']
|
docname = filters['docname']
|
||||||
|
|
||||||
|
|||||||
@ -11,6 +11,7 @@ class DepartmentApprover(Document):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_approvers(doctype, txt, searchfield, start, page_len, filters):
|
def get_approvers(doctype, txt, searchfield, start, page_len, filters):
|
||||||
|
|
||||||
if not filters.get("employee"):
|
if not filters.get("employee"):
|
||||||
|
|||||||
@ -911,6 +911,7 @@ def get_bom_diff(bom1, bom2):
|
|||||||
return out
|
return out
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def item_query(doctype, txt, searchfield, start, page_len, filters):
|
def item_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
meta = frappe.get_meta("Item", cached=True)
|
meta = frappe.get_meta("Item", cached=True)
|
||||||
searchfields = meta.get_search_fields()
|
searchfields = meta.get_search_fields()
|
||||||
|
|||||||
@ -632,6 +632,7 @@ class WorkOrder(Document):
|
|||||||
return bom
|
return bom
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_bom_operations(doctype, txt, searchfield, start, page_len, filters):
|
def get_bom_operations(doctype, txt, searchfield, start, page_len, filters):
|
||||||
if txt:
|
if txt:
|
||||||
filters['operation'] = ('like', '%%%s%%' % txt)
|
filters['operation'] = ('like', '%%%s%%' % txt)
|
||||||
|
|||||||
@ -95,6 +95,7 @@ def get_data(filters):
|
|||||||
return results
|
return results
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_work_orders(doctype, txt, searchfield, start, page_len, filters):
|
def get_work_orders(doctype, txt, searchfield, start, page_len, filters):
|
||||||
cond = "1=1"
|
cond = "1=1"
|
||||||
if filters.get('bom_no'):
|
if filters.get('bom_no'):
|
||||||
|
|||||||
@ -369,6 +369,3 @@ class ProductionPlanReport(object):
|
|||||||
"fieldtype": "Float",
|
"fieldtype": "Float",
|
||||||
"width": 140
|
"width": 140
|
||||||
}])
|
}])
|
||||||
|
|
||||||
def document_query(doctype, txt, searchfield, start, page_len, filters):
|
|
||||||
pass
|
|
||||||
@ -223,6 +223,7 @@ def get_benefit_amount_based_on_pro_rata(sal_struct, component_max_benefit):
|
|||||||
return benefit_amount
|
return benefit_amount
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_earning_components(doctype, txt, searchfield, start, page_len, filters):
|
def get_earning_components(doctype, txt, searchfield, start, page_len, filters):
|
||||||
if len(filters) < 2:
|
if len(filters) < 2:
|
||||||
return {}
|
return {}
|
||||||
|
|||||||
@ -540,6 +540,7 @@ def submit_salary_slips_for_employees(payroll_entry, salary_slips, publish_progr
|
|||||||
frappe.msgprint(_("Could not submit some Salary Slips"))
|
frappe.msgprint(_("Could not submit some Salary Slips"))
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_payroll_entries_for_jv(doctype, txt, searchfield, start, page_len, filters):
|
def get_payroll_entries_for_jv(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql("""
|
return frappe.db.sql("""
|
||||||
select name from `tabPayroll Entry`
|
select name from `tabPayroll Entry`
|
||||||
|
|||||||
@ -239,6 +239,7 @@ def get_list_context(context=None):
|
|||||||
}
|
}
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_users_for_project(doctype, txt, searchfield, start, page_len, filters):
|
def get_users_for_project(doctype, txt, searchfield, start, page_len, filters):
|
||||||
conditions = []
|
conditions = []
|
||||||
return frappe.db.sql("""select name, concat_ws(' ', first_name, middle_name, last_name)
|
return frappe.db.sql("""select name, concat_ws(' ', first_name, middle_name, last_name)
|
||||||
|
|||||||
@ -193,6 +193,7 @@ def check_if_child_exists(name):
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_project(doctype, txt, searchfield, start, page_len, filters):
|
def get_project(doctype, txt, searchfield, start, page_len, filters):
|
||||||
from erpnext.controllers.queries import get_match_cond
|
from erpnext.controllers.queries import get_match_cond
|
||||||
return frappe.db.sql(""" select name from `tabProject`
|
return frappe.db.sql(""" select name from `tabProject`
|
||||||
|
|||||||
@ -214,6 +214,7 @@ def get_projectwise_timesheet_data(project, parent=None):
|
|||||||
and sales_invoice is null""".format(cond), {'project': project, 'parent': parent}, as_dict=1)
|
and sales_invoice is null""".format(cond), {'project': project, 'parent': parent}, as_dict=1)
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_timesheet(doctype, txt, searchfield, start, page_len, filters):
|
def get_timesheet(doctype, txt, searchfield, start, page_len, filters):
|
||||||
if not filters: filters = {}
|
if not filters: filters = {}
|
||||||
|
|
||||||
|
|||||||
@ -7,6 +7,7 @@ from __future__ import unicode_literals
|
|||||||
import frappe
|
import frappe
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def query_task(doctype, txt, searchfield, start, page_len, filters):
|
def query_task(doctype, txt, searchfield, start, page_len, filters):
|
||||||
from frappe.desk.reportview import build_match_conditions
|
from frappe.desk.reportview import build_match_conditions
|
||||||
|
|
||||||
|
|||||||
@ -340,6 +340,7 @@ def get_loyalty_programs(doc):
|
|||||||
return lp_details
|
return lp_details
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_customer_list(doctype, txt, searchfield, start, page_len, filters=None):
|
def get_customer_list(doctype, txt, searchfield, start, page_len, filters=None):
|
||||||
from erpnext.controllers.queries import get_fields
|
from erpnext.controllers.queries import get_fields
|
||||||
fields = ["name", "customer_name", "customer_group", "territory"]
|
fields = ["name", "customer_name", "customer_group", "territory"]
|
||||||
@ -542,6 +543,7 @@ def make_address(args, is_primary_address=1):
|
|||||||
return address
|
return address
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_customer_primary_contact(doctype, txt, searchfield, start, page_len, filters):
|
def get_customer_primary_contact(doctype, txt, searchfield, start, page_len, filters):
|
||||||
customer = filters.get('customer')
|
customer = filters.get('customer')
|
||||||
return frappe.db.sql("""
|
return frappe.db.sql("""
|
||||||
|
|||||||
@ -29,6 +29,7 @@ class ProductBundle(Document):
|
|||||||
frappe.throw(_("Row #{0}: Child Item should not be a Product Bundle. Please remove Item {1} and Save").format(item.idx, frappe.bold(item.item_code)))
|
frappe.throw(_("Row #{0}: Child Item should not be a Product Bundle. Please remove Item {1} and Save").format(item.idx, frappe.bold(item.item_code)))
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_new_item_code(doctype, txt, searchfield, start, page_len, filters):
|
def get_new_item_code(doctype, txt, searchfield, start, page_len, filters):
|
||||||
from erpnext.controllers.queries import get_match_cond
|
from erpnext.controllers.queries import get_match_cond
|
||||||
|
|
||||||
|
|||||||
@ -888,6 +888,7 @@ def make_purchase_order(source_name, for_supplier=None, selected_items=[], targe
|
|||||||
|
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_supplier(doctype, txt, searchfield, start, page_len, filters):
|
def get_supplier(doctype, txt, searchfield, start, page_len, filters):
|
||||||
supp_master_name = frappe.defaults.get_user_default("supp_master_name")
|
supp_master_name = frappe.defaults.get_user_default("supp_master_name")
|
||||||
if supp_master_name == "Supplier Name":
|
if supp_master_name == "Supplier Name":
|
||||||
|
|||||||
@ -160,6 +160,7 @@ def get_item_group_condition(pos_profile):
|
|||||||
return cond % tuple(item_groups)
|
return cond % tuple(item_groups)
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def item_group_query(doctype, txt, searchfield, start, page_len, filters):
|
def item_group_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
item_groups = []
|
item_groups = []
|
||||||
cond = "1=1"
|
cond = "1=1"
|
||||||
|
|||||||
@ -10,6 +10,7 @@ class PartyType(Document):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_party_type(doctype, txt, searchfield, start, page_len, filters):
|
def get_party_type(doctype, txt, searchfield, start, page_len, filters):
|
||||||
cond = ''
|
cond = ''
|
||||||
if filters and filters.get('account'):
|
if filters and filters.get('account'):
|
||||||
|
|||||||
@ -43,6 +43,7 @@ class ItemAlternative(Document):
|
|||||||
frappe.throw(_("Already record exists for the item {0}").format(self.item_code))
|
frappe.throw(_("Already record exists for the item {0}").format(self.item_code))
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_alternative_items(doctype, txt, searchfield, start, page_len, filters):
|
def get_alternative_items(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.db.sql(""" (select alternative_item_code from `tabItem Alternative`
|
return frappe.db.sql(""" (select alternative_item_code from `tabItem Alternative`
|
||||||
where item_code = %(item_code)s and alternative_item_code like %(txt)s)
|
where item_code = %(item_code)s and alternative_item_code like %(txt)s)
|
||||||
|
|||||||
@ -370,6 +370,7 @@ def get_items_based_on_default_supplier(supplier):
|
|||||||
return supplier_items
|
return supplier_items
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_material_requests_based_on_supplier(doctype, txt, searchfield, start, page_len, filters):
|
def get_material_requests_based_on_supplier(doctype, txt, searchfield, start, page_len, filters):
|
||||||
conditions = ""
|
conditions = ""
|
||||||
if txt:
|
if txt:
|
||||||
@ -403,6 +404,7 @@ def get_material_requests_based_on_supplier(doctype, txt, searchfield, start, pa
|
|||||||
return material_requests
|
return material_requests
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def get_default_supplier_query(doctype, txt, searchfield, start, page_len, filters):
|
def get_default_supplier_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
doc = frappe.get_doc("Material Request", filters.get("doc"))
|
doc = frappe.get_doc("Material Request", filters.get("doc"))
|
||||||
item_list = []
|
item_list = []
|
||||||
|
|||||||
@ -176,6 +176,7 @@ class PackingSlip(Document):
|
|||||||
self.update_item_details()
|
self.update_item_details()
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def item_details(doctype, txt, searchfield, start, page_len, filters):
|
def item_details(doctype, txt, searchfield, start, page_len, filters):
|
||||||
from erpnext.controllers.queries import get_match_cond
|
from erpnext.controllers.queries import get_match_cond
|
||||||
return frappe.db.sql("""select name, item_name, description from `tabItem`
|
return frappe.db.sql("""select name, item_name, description from `tabItem`
|
||||||
|
|||||||
@ -59,6 +59,7 @@ class QualityInspection(Document):
|
|||||||
(quality_inspection, self.modified, self.reference_name, self.item_code))
|
(quality_inspection, self.modified, self.reference_name, self.item_code))
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def item_query(doctype, txt, searchfield, start, page_len, filters):
|
def item_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
if filters.get("from"):
|
if filters.get("from"):
|
||||||
from frappe.desk.reportview import get_match_cond
|
from frappe.desk.reportview import get_match_cond
|
||||||
@ -88,6 +89,7 @@ def item_query(doctype, txt, searchfield, start, page_len, filters):
|
|||||||
{'parent': filters.get('parent'), 'txt': "%%%s%%" % txt})
|
{'parent': filters.get('parent'), 'txt': "%%%s%%" % txt})
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
|
@frappe.validate_and_sanitize_search_inputs
|
||||||
def quality_inspection_query(doctype, txt, searchfield, start, page_len, filters):
|
def quality_inspection_query(doctype, txt, searchfield, start, page_len, filters):
|
||||||
return frappe.get_all('Quality Inspection',
|
return frappe.get_all('Quality Inspection',
|
||||||
limit_start=start,
|
limit_start=start,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user