anoopmb
/
frappe
1
0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32884 提交
1 分支
314 MiB
 
 
 
 
 
 
目錄樹: 10fe05da29
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '10fe05da29'
${ noResults }
frappe/frappe/desk/search.py

258 line
8.4 KiB
原始文件 Blame 歷史記錄 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. 

  4. # Search

  5. from __future__ import unicode_literals

  6. import frappe, json

  7. from frappe.utils import cstr, unique, cint

  8. from frappe.permissions import has_permission

  9. from frappe import _, is_whitelisted

  10. from six import string_types

  11. import re

  12. import wrapt

  13. 

  14. UNTRANSLATED_DOCTYPES = ["DocType", "Role"]

  15. 

  16. def sanitize_searchfield(searchfield):

  17. 	blacklisted_keywords = ['select', 'delete', 'drop', 'update', 'case', 'and', 'or', 'like']

  18. 

  19. 	def _raise_exception(searchfield):

  20. 		frappe.throw(_('Invalid Search Field {0}').format(searchfield), frappe.DataError)

  21. 

  22. 	if len(searchfield) == 1:

  23. 		# do not allow special characters to pass as searchfields

  24. 		regex = re.compile(r'^.*[=;*,\'"$\-+%#@()_].*')

  25. 		if regex.match(searchfield):

  26. 			_raise_exception(searchfield)

  27. 

  28. 	if len(searchfield) >= 3:

  29. 

  30. 		# to avoid 1=1

  31. 		if '=' in searchfield:

  32. 			_raise_exception(searchfield)

  33. 

  34. 		# in mysql -- is used for commenting the query

  35. 		elif ' --' in searchfield:

  36. 			_raise_exception(searchfield)

  37. 

  38. 		# to avoid and, or and like

  39. 		elif any(' {0} '.format(keyword) in searchfield.split() for keyword in blacklisted_keywords):

  40. 			_raise_exception(searchfield)

  41. 

  42. 		# to avoid select, delete, drop, update and case

  43. 		elif any(keyword in searchfield.split() for keyword in blacklisted_keywords):

  44. 			_raise_exception(searchfield)

  45. 

  46. 		else:

  47. 			regex = re.compile(r'^.*[=;*,\'"$\-+%#@()].*')

  48. 			if any(regex.match(f) for f in searchfield.split()):

  49. 				_raise_exception(searchfield)

  50. 

  51. # this is called by the Link Field

  52. @frappe.whitelist()

  53. def search_link(doctype, txt, query=None, filters=None, page_length=20, searchfield=None, reference_doctype=None, ignore_user_permissions=False):

  54. 	search_widget(doctype, txt.strip(), query, searchfield=searchfield, page_length=page_length, filters=filters, reference_doctype=reference_doctype, ignore_user_permissions=ignore_user_permissions)

  55. 	frappe.response['results'] = build_for_autosuggest(frappe.response["values"])

  56. 	del frappe.response["values"]

  57. 

  58. # this is called by the search box

  59. @frappe.whitelist()

  60. def search_widget(doctype, txt, query=None, searchfield=None, start=0,

  61. 	page_length=20, filters=None, filter_fields=None, as_dict=False, reference_doctype=None, ignore_user_permissions=False):

  62. 

  63. 	start = cint(start)

  64. 

  65. 	if isinstance(filters, string_types):

  66. 		filters = json.loads(filters)

  67. 

  68. 	if searchfield:

  69. 		sanitize_searchfield(searchfield)

  70. 

  71. 	if not searchfield:

  72. 		searchfield = "name"

  73. 

  74. 	standard_queries = frappe.get_hooks().standard_queries or {}

  75. 

  76. 	if query and query.split()[0].lower()!="select":

  77. 		# by method

  78. 		try:

  79. 			is_whitelisted(frappe.get_attr(query))

  80. 			frappe.response["values"] = frappe.call(query, doctype, txt,

  81. 				searchfield, start, page_length, filters, as_dict=as_dict)

  82. 		except frappe.exceptions.PermissionError as e:

  83. 			if frappe.local.conf.developer_mode:

  84. 				raise e

  85. 			else:

  86. 				frappe.respond_as_web_page(title='Invalid Method', html='Method not found',

  87. 				indicator_color='red', http_status_code=404)

  88. 			return

  89. 		except Exception as e:

  90. 			raise e

  91. 	elif not query and doctype in standard_queries:

  92. 		# from standard queries

  93. 		search_widget(doctype, txt, standard_queries[doctype][0],

  94. 			searchfield, start, page_length, filters)

  95. 	else:

  96. 		meta = frappe.get_meta(doctype)

  97. 

  98. 		if query:

  99. 			frappe.throw(_("This query style is discontinued"))

  100. 			# custom query

  101. 			# frappe.response["values"] = frappe.db.sql(scrub_custom_query(query, searchfield, txt))

  102. 		else:

  103. 			if isinstance(filters, dict):

  104. 				filters_items = filters.items()

  105. 				filters = []

  106. 				for f in filters_items:

  107. 					if isinstance(f[1], (list, tuple)):

  108. 						filters.append([doctype, f[0], f[1][0], f[1][1]])

  109. 					else:

  110. 						filters.append([doctype, f[0], "=", f[1]])

  111. 

  112. 			if filters==None:

  113. 				filters = []

  114. 			or_filters = []

  115. 

  116. 

  117. 			# build from doctype

  118. 			if txt:

  119. 				search_fields = ["name"]

  120. 				if meta.title_field:

  121. 					search_fields.append(meta.title_field)

  122. 

  123. 				if meta.search_fields:

  124. 					search_fields.extend(meta.get_search_fields())

  125. 

  126. 				for f in search_fields:

  127. 					fmeta = meta.get_field(f.strip())

  128. 					if (doctype not in UNTRANSLATED_DOCTYPES) and (f == "name" or (fmeta and fmeta.fieldtype in ["Data", "Text", "Small Text", "Long Text",

  129. 						"Link", "Select", "Read Only", "Text Editor"])):

  130. 							or_filters.append([doctype, f.strip(), "like", "%{0}%".format(txt)])

  131. 

  132. 			if meta.get("fields", {"fieldname":"enabled", "fieldtype":"Check"}):

  133. 				filters.append([doctype, "enabled", "=", 1])

  134. 			if meta.get("fields", {"fieldname":"disabled", "fieldtype":"Check"}):

  135. 				filters.append([doctype, "disabled", "!=", 1])

  136. 

  137. 			# format a list of fields combining search fields and filter fields

  138. 			fields = get_std_fields_list(meta, searchfield or "name")

  139. 			if filter_fields:

  140. 				fields = list(set(fields + json.loads(filter_fields)))

  141. 			formatted_fields = ['`tab%s`.`%s`' % (meta.name, f.strip()) for f in fields]

  142. 

  143. 			# find relevance as location of search term from the beginning of string `name`. used for sorting results.

  144. 			formatted_fields.append("""locate({_txt}, `tab{doctype}`.`name`) as `_relevance`""".format(

  145. 				_txt=frappe.db.escape((txt or "").replace("%", "").replace("@", "")), doctype=doctype))

  146. 

  147. 

  148. 			# In order_by, `idx` gets second priority, because it stores link count

  149. 			from frappe.model.db_query import get_order_by

  150. 			order_by_based_on_meta = get_order_by(doctype, meta)

  151. 			# 2 is the index of _relevance column

  152. 			order_by = "_relevance, {0}, `tab{1}`.idx desc".format(order_by_based_on_meta, doctype)

  153. 

  154. 			ptype = 'select' if frappe.only_has_select_perm(doctype) else 'read'

  155. 			ignore_permissions = True if doctype == "DocType" else (cint(ignore_user_permissions) and has_permission(doctype, ptype=ptype))

  156. 

  157. 			if doctype in UNTRANSLATED_DOCTYPES:

  158. 				page_length = None

  159. 

  160. 			values = frappe.get_list(doctype,

  161. 				filters=filters,

  162. 				fields=formatted_fields,

  163. 				or_filters=or_filters,

  164. 				limit_start=start,

  165. 				limit_page_length=page_length,

  166. 				order_by=order_by,

  167. 				ignore_permissions=ignore_permissions,

  168. 				reference_doctype=reference_doctype,

  169. 				as_list=not as_dict,

  170. 				strict=False)

  171. 

  172. 			if doctype in UNTRANSLATED_DOCTYPES:

  173. 				values = tuple([v for v in list(values) if re.search(re.escape(txt)+".*", (_(v.name) if as_dict else _(v[0])), re.IGNORECASE)])

  174. 

  175. 			# remove _relevance from results

  176. 			if as_dict:

  177. 				for r in values:

  178. 					r.pop("_relevance")

  179. 				frappe.response["values"] = values

  180. 			else:

  181. 				frappe.response["values"] = [r[:-1] for r in values]

  182. 

  183. def get_std_fields_list(meta, key):

  184. 	# get additional search fields

  185. 	sflist = ["name"]

  186. 	if meta.search_fields:

  187. 		for d in meta.search_fields.split(","):

  188. 			if d.strip() not in sflist:

  189. 				sflist.append(d.strip())

  190. 

  191. 	if meta.title_field and meta.title_field not in sflist:

  192. 		sflist.append(meta.title_field)

  193. 

  194. 	if key not in sflist:

  195. 		sflist.append(key)

  196. 

  197. 	return sflist

  198. 

  199. def build_for_autosuggest(res):

  200. 	results = []

  201. 	for r in res:

  202. 		out = {"value": r[0], "description": ", ".join(unique(cstr(d) for d in r if d)[1:])}

  203. 		results.append(out)

  204. 	return results

  205. 

  206. def scrub_custom_query(query, key, txt):

  207. 	if '%(key)s' in query:

  208. 		query = query.replace('%(key)s', key)

  209. 	if '%s' in query:

  210. 		query = query.replace('%s', ((txt or '') + '%'))

  211. 	return query

  212. 

  213. @wrapt.decorator

  214. def validate_and_sanitize_search_inputs(fn, instance, args, kwargs):

  215. 	kwargs.update(dict(zip(fn.__code__.co_varnames, args)))

  216. 	sanitize_searchfield(kwargs['searchfield'])

  217. 	kwargs['start'] = cint(kwargs['start'])

  218. 	kwargs['page_len'] = cint(kwargs['page_len'])

  219. 

  220. 	if kwargs['doctype'] and not frappe.db.exists('DocType', kwargs['doctype']):

  221. 		return []

  222. 

  223. 	return fn(**kwargs)

  224. 

  225. 

  226. @frappe.whitelist()

  227. def get_names_for_mentions(search_term):

  228. 	users_for_mentions = frappe.cache().get_value('users_for_mentions', get_users_for_mentions)

  229. 	user_groups = frappe.cache().get_value('user_groups', get_user_groups)

  230. 

  231. 	filtered_mentions = []

  232. 	for mention_data in users_for_mentions + user_groups:

  233. 		if search_term.lower() not in mention_data.value.lower():

  234. 			continue

  235. 

  236. 		mention_data['link'] = frappe.utils.get_url_to_form(

  237. 			'User Group' if mention_data.get('is_group') else 'User Profile',

  238. 			mention_data['id']

  239. 		)

  240. 

  241. 		filtered_mentions.append(mention_data)

  242. 

  243. 	return sorted(filtered_mentions, key=lambda d: d['value'])

  244. 

  245. def get_users_for_mentions():

  246. 	return frappe.get_all('User',

  247. 		fields=['name as id', 'full_name as value'],

  248. 		filters={

  249. 			'name': ['not in', ('Administrator', 'Guest')],

  250. 			'allowed_in_mentions': True,

  251. 			'user_type': 'System User',

  252. 		})

  253. 

  254. def get_user_groups():

  255. 	return frappe.get_all('User Group', fields=['name as id', 'name as value'], update={

  256. 		'is_group': True

  257. 	})