fix: whitelist leaderboard functions

2019-09-30 11:12:10 +05:30 · 2019-09-30 11:12:10 +05:30 · b874922404
commit b874922404
parent 119c976ad1
1 changed files with 14 additions and 9 deletions
--- a/erpnext/startup/leaderboard.py
+++ b/erpnext/startup/leaderboard.py
@ -48,6 +48,7 @@ def get_leaderboards():

 	return leaderboards

+@frappe.whitelist()
 def get_all_customers(from_date, company, field, limit = None):
 	if field == "outstanding_amount":
 		filters = [['docstatus', '=', '1'], ['company', '=', company]]
@ -73,9 +74,10 @@ def get_all_customers(from_date, company, field, limit = None):
 			where so.docstatus = 1 and so.transaction_date >= %s and so.company = %s
 			group by so.customer
 			order by value DESC
-			limit %s
-		""".format(select_field), (from_date, company, limit), as_dict=1)
+			limit {1}
+		""".format(select_field, limit), (from_date, company), as_dict=1)

+@frappe.whitelist()
 def get_all_items(from_date, company, field, limit = None):
 	if field in ("available_stock_qty", "available_stock_value"):
 		select_field = "sum(actual_qty)" if field=="available_stock_qty" else "sum(stock_value)"
@ -107,9 +109,10 @@ def get_all_items(from_date, company, field, limit = None):
 				and sales_order.company = %s and sales_order.transaction_date >= %s
 			group by order_item.item_code
 			order by value desc
-			limit %s
-		""".format(select_field, select_doctype), (company, from_date, limit), as_dict=1)
+			limit {2}
+		""".format(select_field, select_doctype, limit), (company, from_date), as_dict=1)

+@frappe.whitelist()
 def get_all_suppliers(from_date, company, field, limit = None):
 	if field == "outstanding_amount":
 		filters = [['docstatus', '=', '1'], ['company', '=', company]]
@ -136,8 +139,9 @@ def get_all_suppliers(from_date, company, field, limit = None):
 				and  purchase_order.company = %s
 			group by purchase_order.supplier
 			order by value DESC
-			limit %s""".format(select_field), (from_date, company, limit), as_dict=1)
+			limit {1}""".format(select_field, limit), (from_date, company), as_dict=1)

+@frappe.whitelist()
 def get_all_sales_partner(from_date, company, field, limit = None):
 	if field == "total_sales_amount":
 		select_field = "sum(base_net_total)"
@ -151,9 +155,10 @@ def get_all_sales_partner(from_date, company, field, limit = None):
 			and transaction_date >= %s and company = %s
 		group by sales_partner
 		order by value DESC
-		limit %s
-	""".format(select_field), (from_date, company, limit), as_dict=1)
+		limit {1}
+	""".format(select_field, limit), (from_date, company), as_dict=1)

+@frappe.whitelist()
 def get_all_sales_person(from_date, company, field = None, limit = None):
 	return frappe.db.sql("""
 		select sales_team.sales_person as name, sum(sales_order.base_net_total) as value
@ -164,5 +169,5 @@ def get_all_sales_person(from_date, company, field = None, limit = None):
 			and sales_order.company = %s
 		group by sales_team.sales_person
 		order by value DESC
-		limit %s
-	""", (from_date, company, limit), as_dict=1)
+		limit {0}
+	""".format(limit), (from_date, company), as_dict=1)