From c1658382280e2377bee7899bcb6a9f769756e84c Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Thu, 24 Jan 2019 15:45:46 +0530 Subject: [PATCH 1/3] Filter bin list based on warehouses that are accessible to the user --- erpnext/stock/dashboard/item_dashboard.py | 56 ++++++++++------------- 1 file changed, 25 insertions(+), 31 deletions(-) diff --git a/erpnext/stock/dashboard/item_dashboard.py b/erpnext/stock/dashboard/item_dashboard.py index f95daafd38..8762920c6e 100644 --- a/erpnext/stock/dashboard/item_dashboard.py +++ b/erpnext/stock/dashboard/item_dashboard.py @@ -1,43 +1,37 @@ from __future__ import unicode_literals import frappe +from frappe.model.db_query import DatabaseQuery @frappe.whitelist() def get_data(item_code=None, warehouse=None, item_group=None, start=0, sort_by='actual_qty', sort_order='desc'): '''Return data to render the item dashboard''' - conditions = [] - values = [] + filters = [] if item_code: - conditions.append('b.item_code=%s') - values.append(item_code) + filters.append(['item_code', '=', item_code]) if warehouse: - conditions.append('b.warehouse=%s') - values.append(warehouse) + filters.append(['warehouse', '=', warehouse]) if item_group: - conditions.append('i.item_group=%s') - values.append(item_group) + filters.append(['item_group', '=', item_group]) + try: + # check if user has any restrictions based on user permissions on warehouse + if DatabaseQuery('Warehouse', user=frappe.session.user).build_match_conditions(): + filters.append(['warehouse', 'in', [w.name for w in frappe.get_list('Warehouse')]]) + except frappe.PermissionError: + # user does not have access to warehouse + return [] - if conditions: - conditions = ' and ' + ' and '.join(conditions) - else: - conditions = '' - - return frappe.db.sql(''' - select - b.item_code, b.warehouse, b.projected_qty, b.reserved_qty, - b.reserved_qty_for_production, b.reserved_qty_for_sub_contract, b.actual_qty, b.valuation_rate, i.item_name - from - tabBin b, tabItem i - where - b.item_code = i.name - and - (b.projected_qty != 0 or b.reserved_qty != 0 or b.reserved_qty_for_production != 0 - or b.reserved_qty_for_sub_contract != 0 or b.actual_qty != 0) - {conditions} - order by - {sort_by} {sort_order} - limit - {start}, 21 - '''.format(conditions=conditions, sort_by=sort_by, sort_order=sort_order, - start=start), values, as_dict=True) + return frappe.db.get_all('Bin', fields=['item_code', 'warehouse', 'projected_qty', + 'reserved_qty', 'reserved_qty_for_sub_contract', 'actual_qty', 'valuation_rate'], + or_filters={ + 'projected_qty': ['!=', 0], + 'reserved_qty': ['!=', 0], + 'reserved_qty_for_production': ['!=', 0], + 'reserved_qty_for_sub_contract': ['!=', 0], + 'actual_qty': ['!=', 0], + }, + filters=filters, + order_by=sort_by + ' ' + sort_order, + limit_start=start, + limit_page_length='21') \ No newline at end of file From dd0496f7aae119de4bfa1586e0a3d08c7da5b71a Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Thu, 24 Jan 2019 16:18:43 +0530 Subject: [PATCH 2/3] Add missed out field field --- erpnext/stock/dashboard/item_dashboard.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erpnext/stock/dashboard/item_dashboard.py b/erpnext/stock/dashboard/item_dashboard.py index 8762920c6e..6667317bf0 100644 --- a/erpnext/stock/dashboard/item_dashboard.py +++ b/erpnext/stock/dashboard/item_dashboard.py @@ -23,7 +23,7 @@ def get_data(item_code=None, warehouse=None, item_group=None, return [] return frappe.db.get_all('Bin', fields=['item_code', 'warehouse', 'projected_qty', - 'reserved_qty', 'reserved_qty_for_sub_contract', 'actual_qty', 'valuation_rate'], + 'reserved_qty', 'reserved_qty_for_production', 'reserved_qty_for_sub_contract', 'actual_qty', 'valuation_rate'], or_filters={ 'projected_qty': ['!=', 0], 'reserved_qty': ['!=', 0], From 7a45887fa192be2d3293777be252e8b0ac139375 Mon Sep 17 00:00:00 2001 From: Suraj Shetty Date: Thu, 24 Jan 2019 16:26:48 +0530 Subject: [PATCH 3/3] fix typo --- erpnext/stock/dashboard/item_dashboard.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/erpnext/stock/dashboard/item_dashboard.py b/erpnext/stock/dashboard/item_dashboard.py index 6667317bf0..d817e5ff2d 100644 --- a/erpnext/stock/dashboard/item_dashboard.py +++ b/erpnext/stock/dashboard/item_dashboard.py @@ -19,7 +19,7 @@ def get_data(item_code=None, warehouse=None, item_group=None, if DatabaseQuery('Warehouse', user=frappe.session.user).build_match_conditions(): filters.append(['warehouse', 'in', [w.name for w in frappe.get_list('Warehouse')]]) except frappe.PermissionError: - # user does not have access to warehouse + # user does not have access on warehouse return [] return frappe.db.get_all('Bin', fields=['item_code', 'warehouse', 'projected_qty', @@ -34,4 +34,4 @@ def get_data(item_code=None, warehouse=None, item_group=None, filters=filters, order_by=sort_by + ' ' + sort_order, limit_start=start, - limit_page_length='21') \ No newline at end of file + limit_page_length='21')