fix: pass date range instead of from date (#22114)
* fix: pass date range instead of from date * fix: escape inputs Co-authored-by: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
This commit is contained in:
Prssanna Desai
GitHub
parent
3994aa8b06
commit
fb89906354
@ -50,11 +50,12 @@ def get_leaderboards():
|
|||||||
return leaderboards
|
return leaderboards
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
def get_all_customers(from_date, company, field, limit = None):
|
def get_all_customers(date_range, company, field, limit = None):
|
||||||
if field == "outstanding_amount":
|
if field == "outstanding_amount":
|
||||||
filters = [['docstatus', '=', '1'], ['company', '=', company]]
|
filters = [['docstatus', '=', '1'], ['company', '=', company]]
|
||||||
if from_date:
|
if date_range:
|
||||||
filters.append(['posting_date', '>=', from_date])
|
date_range = frappe.parse_json(date_range)
|
||||||
|
filters.append(['posting_date', '>=', 'between', [date_range[0], date_range[1]]])
|
||||||
return frappe.db.get_all('Sales Invoice',
|
return frappe.db.get_all('Sales Invoice',
|
||||||
fields = ['customer as name', 'sum(outstanding_amount) as value'],
|
fields = ['customer as name', 'sum(outstanding_amount) as value'],
|
||||||
filters = filters,
|
filters = filters,
|
||||||
@ -68,18 +69,20 @@ def get_all_customers(from_date, company, field, limit = None):
|
|||||||
elif field == "total_qty_sold":
|
elif field == "total_qty_sold":
|
||||||
select_field = "sum(so_item.stock_qty)"
|
select_field = "sum(so_item.stock_qty)"
|
||||||
|
|
||||||
|
date_condition = get_date_condition(date_range, 'so.transaction_date')
|
||||||
|
|
||||||
return frappe.db.sql("""
|
return frappe.db.sql("""
|
||||||
select so.customer as name, {0} as value
|
select so.customer as name, {0} as value
|
||||||
FROM `tabSales Order` as so JOIN `tabSales Order Item` as so_item
|
FROM `tabSales Order` as so JOIN `tabSales Order Item` as so_item
|
||||||
ON so.name = so_item.parent
|
ON so.name = so_item.parent
|
||||||
where so.docstatus = 1 and so.transaction_date >= %s and so.company = %s
|
where so.docstatus = 1 {1} and so.company = %s
|
||||||
group by so.customer
|
group by so.customer
|
||||||
order by value DESC
|
order by value DESC
|
||||||
limit %s
|
limit %s
|
||||||
""".format(select_field), (from_date, company, cint(limit)), as_dict=1) #nosec
|
""".format(select_field, date_condition), (company, cint(limit)), as_dict=1)
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
def get_all_items(from_date, company, field, limit = None):
|
def get_all_items(date_range, company, field, limit = None):
|
||||||
if field in ("available_stock_qty", "available_stock_value"):
|
if field in ("available_stock_qty", "available_stock_value"):
|
||||||
select_field = "sum(actual_qty)" if field=="available_stock_qty" else "sum(stock_value)"
|
select_field = "sum(actual_qty)" if field=="available_stock_qty" else "sum(stock_value)"
|
||||||
return frappe.db.get_all('Bin',
|
return frappe.db.get_all('Bin',
|
||||||
@ -102,23 +105,25 @@ def get_all_items(from_date, company, field, limit = None):
|
|||||||
select_field = "sum(order_item.stock_qty)"
|
select_field = "sum(order_item.stock_qty)"
|
||||||
select_doctype = "Purchase Order"
|
select_doctype = "Purchase Order"
|
||||||
|
|
||||||
|
date_condition = get_date_condition(date_range, 'sales_order.transaction_date')
|
||||||
|
|
||||||
return frappe.db.sql("""
|
return frappe.db.sql("""
|
||||||
select order_item.item_code as name, {0} as value
|
select order_item.item_code as name, {0} as value
|
||||||
from `tab{1}` sales_order join `tab{1} Item` as order_item
|
from `tab{1}` sales_order join `tab{1} Item` as order_item
|
||||||
on sales_order.name = order_item.parent
|
on sales_order.name = order_item.parent
|
||||||
where sales_order.docstatus = 1
|
where sales_order.docstatus = 1
|
||||||
and sales_order.company = %s and sales_order.transaction_date >= %s
|
and sales_order.company = %s {2}
|
||||||
group by order_item.item_code
|
group by order_item.item_code
|
||||||
order by value desc
|
order by value desc
|
||||||
limit %s
|
limit %s
|
||||||
""".format(select_field, select_doctype), (company, from_date, cint(limit)), as_dict=1) #nosec
|
""".format(select_field, select_doctype, date_condition), (company, cint(limit)), as_dict=1) #nosec
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
def get_all_suppliers(from_date, company, field, limit = None):
|
def get_all_suppliers(date_range, company, field, limit = None):
|
||||||
if field == "outstanding_amount":
|
if field == "outstanding_amount":
|
||||||
filters = [['docstatus', '=', '1'], ['company', '=', company]]
|
filters = [['docstatus', '=', '1'], ['company', '=', company]]
|
||||||
if from_date:
|
if date_range:
|
||||||
filters.append(['posting_date', '>=', from_date])
|
filters.append(['posting_date', 'between' [date_range[0], date_range[1]]])
|
||||||
return frappe.db.get_all('Purchase Invoice',
|
return frappe.db.get_all('Purchase Invoice',
|
||||||
fields = ['supplier as name', 'sum(outstanding_amount) as value'],
|
fields = ['supplier as name', 'sum(outstanding_amount) as value'],
|
||||||
filters = filters,
|
filters = filters,
|
||||||
@ -132,18 +137,22 @@ def get_all_suppliers(from_date, company, field, limit = None):
|
|||||||
elif field == "total_qty_purchased":
|
elif field == "total_qty_purchased":
|
||||||
select_field = "sum(purchase_order_item.stock_qty)"
|
select_field = "sum(purchase_order_item.stock_qty)"
|
||||||
|
|
||||||
|
date_condition = get_date_condition(date_range, 'purchase_order.modified')
|
||||||
|
|
||||||
return frappe.db.sql("""
|
return frappe.db.sql("""
|
||||||
select purchase_order.supplier as name, {0} as value
|
select purchase_order.supplier as name, {0} as value
|
||||||
FROM `tabPurchase Order` as purchase_order LEFT JOIN `tabPurchase Order Item`
|
FROM `tabPurchase Order` as purchase_order LEFT JOIN `tabPurchase Order Item`
|
||||||
as purchase_order_item ON purchase_order.name = purchase_order_item.parent
|
as purchase_order_item ON purchase_order.name = purchase_order_item.parent
|
||||||
where purchase_order.docstatus = 1 and purchase_order.modified >= %s
|
where
|
||||||
|
purchase_order.docstatus = 1
|
||||||
|
{1}
|
||||||
and purchase_order.company = %s
|
and purchase_order.company = %s
|
||||||
group by purchase_order.supplier
|
group by purchase_order.supplier
|
||||||
order by value DESC
|
order by value DESC
|
||||||
limit %s""".format(select_field), (from_date, company, cint(limit)), as_dict=1) #nosec
|
limit %s""".format(select_field, date_condition), (company, cint(limit)), as_dict=1) #nosec
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
def get_all_sales_partner(from_date, company, field, limit = None):
|
def get_all_sales_partner(date_range, company, field, limit = None):
|
||||||
if field == "total_sales_amount":
|
if field == "total_sales_amount":
|
||||||
select_field = "sum(`base_net_total`)"
|
select_field = "sum(`base_net_total`)"
|
||||||
elif field == "total_commission":
|
elif field == "total_commission":
|
||||||
@ -154,8 +163,9 @@ def get_all_sales_partner(from_date, company, field, limit = None):
|
|||||||
'docstatus': 1,
|
'docstatus': 1,
|
||||||
'company': company
|
'company': company
|
||||||
}
|
}
|
||||||
if from_date:
|
if date_range:
|
||||||
filters['transaction_date'] = ['>=', from_date]
|
date_range = frappe.parse_json(date_range)
|
||||||
|
filters['transaction_date'] = ['between', [date_range[0], date_range[1]]]
|
||||||
|
|
||||||
return frappe.get_list('Sales Order', fields=[
|
return frappe.get_list('Sales Order', fields=[
|
||||||
'`sales_partner` as name',
|
'`sales_partner` as name',
|
||||||
@ -163,15 +173,27 @@ def get_all_sales_partner(from_date, company, field, limit = None):
|
|||||||
], filters=filters, group_by='sales_partner', order_by='value DESC', limit=limit)
|
], filters=filters, group_by='sales_partner', order_by='value DESC', limit=limit)
|
||||||
|
|
||||||
@frappe.whitelist()
|
@frappe.whitelist()
|
||||||
def get_all_sales_person(from_date, company, field = None, limit = 0):
|
def get_all_sales_person(date_range, company, field = None, limit = 0):
|
||||||
|
date_condition = get_date_condition(date_range, 'sales_order.transaction_date')
|
||||||
|
|
||||||
return frappe.db.sql("""
|
return frappe.db.sql("""
|
||||||
select sales_team.sales_person as name, sum(sales_order.base_net_total) as value
|
select sales_team.sales_person as name, sum(sales_order.base_net_total) as value
|
||||||
from `tabSales Order` as sales_order join `tabSales Team` as sales_team
|
from `tabSales Order` as sales_order join `tabSales Team` as sales_team
|
||||||
on sales_order.name = sales_team.parent and sales_team.parenttype = 'Sales Order'
|
on sales_order.name = sales_team.parent and sales_team.parenttype = 'Sales Order'
|
||||||
where sales_order.docstatus = 1
|
where sales_order.docstatus = 1
|
||||||
and sales_order.transaction_date >= %s
|
|
||||||
and sales_order.company = %s
|
and sales_order.company = %s
|
||||||
|
{date_condition}
|
||||||
group by sales_team.sales_person
|
group by sales_team.sales_person
|
||||||
order by value DESC
|
order by value DESC
|
||||||
limit %s
|
limit %s
|
||||||
""", (from_date, company, cint(limit)), as_dict=1)
|
""".format(date_condition=date_condition), (company, cint(limit)), as_dict=1)
|
||||||
|
|
||||||
|
def get_date_condition(date_range, field):
|
||||||
|
date_condition = ''
|
||||||
|
if date_range:
|
||||||
|
date_range = frappe.parse_json(date_range)
|
||||||
|
from_date, to_date = date_range
|
||||||
|
date_condition = "and {0} between {1} and {2}".format(
|
||||||
|
field, frappe.db.escape(from_date), frappe.db.escape(to_date)
|
||||||
|
)
|
||||||
|
return date_condition
|
||||||
Loading…
x
Reference in New Issue
Block a user