fix(Leave Balance Report): total allocated leaves not calculated properly (#16969)

* fix: total alloted leaves not calculated properly * fix: Possible SQL injection * typo fix in sql query * prevent sql injection again ? * Use ORM for query
2019-03-26 21:42:12 +05:30 · 2019-03-26 21:42:12 +05:30 · e43b6beff0
commit e43b6beff0
parent 6d2bb9126a
2 changed files with 26 additions and 14 deletions
--- a/erpnext/hr/doctype/leave_application/leave_application.py
+++ b/erpnext/hr/doctype/leave_application/leave_application.py
@ -399,6 +399,19 @@ def get_leave_balance_on(employee, leave_type, date, allocation_records=None, do
 	return flt(allocation.total_leaves_allocated) - (flt(leaves_taken) + flt(leaves_encashed))
 def get_total_allocated_leaves(employee, leave_type, date):
 	filters= {
 		'from_date': ['<=', date],
 		'to_date': ['>=', date],
 		'docstatus': 1,
 		'leave_type': leave_type,
 		'employee': employee
 	}
 	leave_allocation_records = frappe.db.get_all('Leave Allocation', filters=filters, fields=['total_leaves_allocated'])
 	return flt(leave_allocation_records[0]['total_leaves_allocated']) if leave_allocation_records else flt(0)
 def get_leaves_for_period(employee, leave_type, from_date, to_date, status, docname=None):
 	leave_applications = frappe.db.sql("""
 		select name, employee, leave_type, from_date, to_date, total_leave_days
--- a/erpnext/hr/report/employee_leave_balance/employee_leave_balance.py
+++ b/erpnext/hr/report/employee_leave_balance/employee_leave_balance.py
@ -5,7 +5,7 @@ from __future__ import unicode_literals
 import frappe
 from frappe import _
 from erpnext.hr.doctype.leave_application.leave_application \
-	import get_leave_allocation_records, get_leave_balance_on, get_approved_leaves_for_period
+	import get_leave_allocation_records, get_leave_balance_on, get_approved_leaves_for_period, get_total_allocated_leaves
 def execute(filters=None):
@ -51,8 +51,7 @@ def get_data(filters, leave_types):
 					filters.from_date, filters.to_date)
 				# opening balance
-				opening = get_leave_balance_on(employee.name, leave_type, filters.from_date,
+				opening = get_total_allocated_leaves(employee.name, leave_type, filters.to_date)
 					allocation_records_based_on_from_date.get(employee.name, frappe._dict()))
 				# closing balance
 				closing = get_leave_balance_on(employee.name, leave_type, filters.to_date,