anoopmb
/
frappe
1
0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39471 提交
1 分支
314 MiB
 
 
 
 
 
 
目錄樹: 73758d7883
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '73758d7883'
${ noResults }
frappe/frappe/desk/search.py

370 line
10 KiB
原始文件 Blame 歷史記錄 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # License: MIT. See LICENSE

  3. 

  4. import functools

  5. import json

  6. import re

  7. 

  8. import frappe

  9. from frappe import _, is_whitelisted

  10. from frappe.permissions import has_permission

  11. from frappe.utils import cint, cstr, unique

  12. 

  13. 

  14. def sanitize_searchfield(searchfield):

  15. 	blacklisted_keywords = ["select", "delete", "drop", "update", "case", "and", "or", "like"]

  16. 

  17. 	def _raise_exception(searchfield):

  18. 		frappe.throw(_("Invalid Search Field {0}").format(searchfield), frappe.DataError)

  19. 

  20. 	if len(searchfield) == 1:

  21. 		# do not allow special characters to pass as searchfields

  22. 		regex = re.compile(r'^.*[=;*,\'"$\-+%#@()_].*')

  23. 		if regex.match(searchfield):

  24. 			_raise_exception(searchfield)

  25. 

  26. 	if len(searchfield) >= 3:

  27. 

  28. 		# to avoid 1=1

  29. 		if "=" in searchfield:

  30. 			_raise_exception(searchfield)

  31. 

  32. 		# in mysql -- is used for commenting the query

  33. 		elif " --" in searchfield:

  34. 			_raise_exception(searchfield)

  35. 

  36. 		# to avoid and, or and like

  37. 		elif any(f" {keyword} " in searchfield.split() for keyword in blacklisted_keywords):

  38. 			_raise_exception(searchfield)

  39. 

  40. 		# to avoid select, delete, drop, update and case

  41. 		elif any(keyword in searchfield.split() for keyword in blacklisted_keywords):

  42. 			_raise_exception(searchfield)

  43. 

  44. 		else:

  45. 			regex = re.compile(r'^.*[=;*,\'"$\-+%#@()].*')

  46. 			if any(regex.match(f) for f in searchfield.split()):

  47. 				_raise_exception(searchfield)

  48. 

  49. 

  50. # this is called by the Link Field

  51. @frappe.whitelist()

  52. def search_link(

  53. 	doctype,

  54. 	txt,

  55. 	query=None,

  56. 	filters=None,

  57. 	page_length=20,

  58. 	searchfield=None,

  59. 	reference_doctype=None,

  60. 	ignore_user_permissions=False,

  61. ):

  62. 	search_widget(

  63. 		doctype,

  64. 		txt.strip(),

  65. 		query,

  66. 		searchfield=searchfield,

  67. 		page_length=page_length,

  68. 		filters=filters,

  69. 		reference_doctype=reference_doctype,

  70. 		ignore_user_permissions=ignore_user_permissions,

  71. 	)

  72. 

  73. 	frappe.response["results"] = build_for_autosuggest(frappe.response["values"], doctype=doctype)

  74. 	del frappe.response["values"]

  75. 

  76. 

  77. # this is called by the search box

  78. @frappe.whitelist()

  79. def search_widget(

  80. 	doctype,

  81. 	txt,

  82. 	query=None,

  83. 	searchfield=None,

  84. 	start=0,

  85. 	page_length=20,

  86. 	filters=None,

  87. 	filter_fields=None,

  88. 	as_dict=False,

  89. 	reference_doctype=None,

  90. 	ignore_user_permissions=False,

  91. ):

  92. 

  93. 	start = cint(start)

  94. 

  95. 	if isinstance(filters, str):

  96. 		filters = json.loads(filters)

  97. 

  98. 	if searchfield:

  99. 		sanitize_searchfield(searchfield)

  100. 

  101. 	if not searchfield:

  102. 		searchfield = "name"

  103. 

  104. 	standard_queries = frappe.get_hooks().standard_queries or {}

  105. 

  106. 	if query and query.split()[0].lower() != "select":

  107. 		# by method

  108. 		try:

  109. 			is_whitelisted(frappe.get_attr(query))

  110. 			frappe.response["values"] = frappe.call(

  111. 				query, doctype, txt, searchfield, start, page_length, filters, as_dict=as_dict

  112. 			)

  113. 		except frappe.exceptions.PermissionError as e:

  114. 			if frappe.local.conf.developer_mode:

  115. 				raise e

  116. 			else:

  117. 				frappe.respond_as_web_page(

  118. 					title="Invalid Method",

  119. 					html="Method not found",

  120. 					indicator_color="red",

  121. 					http_status_code=404,

  122. 				)

  123. 			return

  124. 		except Exception as e:

  125. 			raise e

  126. 	elif not query and doctype in standard_queries:

  127. 		# from standard queries

  128. 		search_widget(

  129. 			doctype, txt, standard_queries[doctype][0], searchfield, start, page_length, filters

  130. 		)

  131. 	else:

  132. 		meta = frappe.get_meta(doctype)

  133. 

  134. 		if query:

  135. 			frappe.throw(_("This query style is discontinued"))

  136. 			# custom query

  137. 			# frappe.response["values"] = frappe.db.sql(scrub_custom_query(query, searchfield, txt))

  138. 		else:

  139. 			if isinstance(filters, dict):

  140. 				filters_items = filters.items()

  141. 				filters = []

  142. 				for f in filters_items:

  143. 					if isinstance(f[1], (list, tuple)):

  144. 						filters.append([doctype, f[0], f[1][0], f[1][1]])

  145. 					else:

  146. 						filters.append([doctype, f[0], "=", f[1]])

  147. 

  148. 			if filters is None:

  149. 				filters = []

  150. 			or_filters = []

  151. 

  152. 			# build from doctype

  153. 			if txt:

  154. 				field_types = [

  155. 					"Data",

  156. 					"Text",

  157. 					"Small Text",

  158. 					"Long Text",

  159. 					"Link",

  160. 					"Select",

  161. 					"Read Only",

  162. 					"Text Editor",

  163. 				]

  164. 				search_fields = ["name"]

  165. 				if meta.title_field:

  166. 					search_fields.append(meta.title_field)

  167. 

  168. 				if meta.search_fields:

  169. 					search_fields.extend(meta.get_search_fields())

  170. 

  171. 				for f in search_fields:

  172. 					fmeta = meta.get_field(f.strip())

  173. 					if not meta.translated_doctype and (

  174. 						f == "name" or (fmeta and fmeta.fieldtype in field_types)

  175. 					):

  176. 						or_filters.append([doctype, f.strip(), "like", f"%{txt}%"])

  177. 

  178. 			if meta.get("fields", {"fieldname": "enabled", "fieldtype": "Check"}):

  179. 				filters.append([doctype, "enabled", "=", 1])

  180. 			if meta.get("fields", {"fieldname": "disabled", "fieldtype": "Check"}):

  181. 				filters.append([doctype, "disabled", "!=", 1])

  182. 

  183. 			# format a list of fields combining search fields and filter fields

  184. 			fields = get_std_fields_list(meta, searchfield or "name")

  185. 			if filter_fields:

  186. 				fields = list(set(fields + json.loads(filter_fields)))

  187. 			formatted_fields = [f"`tab{meta.name}`.`{f.strip()}`" for f in fields]

  188. 

  189. 			# Insert title field query after name

  190. 			if meta.show_title_field_in_link:

  191. 				formatted_fields.insert(1, f"`tab{meta.name}`.{meta.title_field} as `label`")

  192. 

  193. 			# In order_by, `idx` gets second priority, because it stores link count

  194. 			from frappe.model.db_query import get_order_by

  195. 

  196. 			order_by_based_on_meta = get_order_by(doctype, meta)

  197. 			# 2 is the index of _relevance column

  198. 			order_by = f"{order_by_based_on_meta}, `tab{doctype}`.idx desc"

  199. 

  200. 			if not meta.translated_doctype:

  201. 				formatted_fields.append(

  202. 					"""locate({_txt}, `tab{doctype}`.`name`) as `_relevance`""".format(

  203. 						_txt=frappe.db.escape((txt or "").replace("%", "").replace("@", "")),

  204. 						doctype=doctype,

  205. 					)

  206. 				)

  207. 				order_by = f"_relevance, {order_by}"

  208. 

  209. 			ptype = "select" if frappe.only_has_select_perm(doctype) else "read"

  210. 			ignore_permissions = (

  211. 				True

  212. 				if doctype == "DocType"

  213. 				else (cint(ignore_user_permissions) and has_permission(doctype, ptype=ptype))

  214. 			)

  215. 

  216. 			values = frappe.get_list(

  217. 				doctype,

  218. 				filters=filters,

  219. 				fields=formatted_fields,

  220. 				or_filters=or_filters,

  221. 				limit_start=start,

  222. 				limit_page_length=None if meta.translated_doctype else page_length,

  223. 				order_by=order_by,

  224. 				ignore_permissions=ignore_permissions,

  225. 				reference_doctype=reference_doctype,

  226. 				as_list=not as_dict,

  227. 				strict=False,

  228. 			)

  229. 

  230. 			if meta.translated_doctype:

  231. 				# Filtering the values array so that query is included in very element

  232. 				values = (

  233. 					result

  234. 					for result in values

  235. 					if any(

  236. 						re.search(f"{re.escape(txt)}.*", _(cstr(value)) or "", re.IGNORECASE)

  237. 						for value in (result.values() if as_dict else result)

  238. 					)

  239. 				)

  240. 

  241. 			# Sorting the values array so that relevant results always come first

  242. 			# This will first bring elements on top in which query is a prefix of element

  243. 			# Then it will bring the rest of the elements and sort them in lexicographical order

  244. 			values = sorted(values, key=lambda x: relevance_sorter(x, txt, as_dict))

  245. 

  246. 			# remove _relevance from results

  247. 			if not meta.translated_doctype:

  248. 				if as_dict:

  249. 					for r in values:

  250. 						r.pop("_relevance")

  251. 				else:

  252. 					values = [r[:-1] for r in values]

  253. 

  254. 			frappe.response["values"] = values

  255. 

  256. 

  257. def get_std_fields_list(meta, key):

  258. 	# get additional search fields

  259. 	sflist = ["name"]

  260. 	if meta.search_fields:

  261. 		for d in meta.search_fields.split(","):

  262. 			if d.strip() not in sflist:

  263. 				sflist.append(d.strip())

  264. 

  265. 	if meta.title_field and meta.title_field not in sflist:

  266. 		sflist.append(meta.title_field)

  267. 

  268. 	if key not in sflist:

  269. 		sflist.append(key)

  270. 

  271. 	return sflist

  272. 

  273. 

  274. def build_for_autosuggest(res: list[tuple], doctype: str) -> list[dict]:

  275. 	def to_string(parts):

  276. 		return ", ".join(

  277. 			unique(_(cstr(part)) if meta.translated_doctype else cstr(part) for part in parts if part)

  278. 		)

  279. 

  280. 	results = []

  281. 	meta = frappe.get_meta(doctype)

  282. 	if meta.show_title_field_in_link:

  283. 		for item in res:

  284. 			item = list(item)

  285. 			label = item[1]  # use title as label

  286. 			item[1] = item[0]  # show name in description instead of title

  287. 			del item[2]  # remove redundant title ("label") value

  288. 			results.append({"value": item[0], "label": label, "description": to_string(item[1:])})

  289. 	else:

  290. 		results.extend({"value": item[0], "description": to_string(item[1:])} for item in res)

  291. 

  292. 	return results

  293. 

  294. 

  295. def scrub_custom_query(query, key, txt):

  296. 	if "%(key)s" in query:

  297. 		query = query.replace("%(key)s", key)

  298. 	if "%s" in query:

  299. 		query = query.replace("%s", ((txt or "") + "%"))

  300. 	return query

  301. 

  302. 

  303. def relevance_sorter(key, query, as_dict):

  304. 	value = _(key.name if as_dict else key[0])

  305. 	return (cstr(value).lower().startswith(query.lower()) is not True, value)

  306. 

  307. 

  308. def validate_and_sanitize_search_inputs(fn):

  309. 	@functools.wraps(fn)

  310. 	def wrapper(*args, **kwargs):

  311. 		kwargs.update(dict(zip(fn.__code__.co_varnames, args)))

  312. 		sanitize_searchfield(kwargs["searchfield"])

  313. 		kwargs["start"] = cint(kwargs["start"])

  314. 		kwargs["page_len"] = cint(kwargs["page_len"])

  315. 

  316. 		if kwargs["doctype"] and not frappe.db.exists("DocType", kwargs["doctype"]):

  317. 			return []

  318. 

  319. 		return fn(**kwargs)

  320. 

  321. 	return wrapper

  322. 

  323. 

  324. @frappe.whitelist()

  325. def get_names_for_mentions(search_term):

  326. 	users_for_mentions = frappe.cache().get_value("users_for_mentions", get_users_for_mentions)

  327. 	user_groups = frappe.cache().get_value("user_groups", get_user_groups)

  328. 

  329. 	filtered_mentions = []

  330. 	for mention_data in users_for_mentions + user_groups:

  331. 		if search_term.lower() not in mention_data.value.lower():

  332. 			continue

  333. 

  334. 		mention_data["link"] = frappe.utils.get_url_to_form(

  335. 			"User Group" if mention_data.get("is_group") else "User Profile", mention_data["id"]

  336. 		)

  337. 

  338. 		filtered_mentions.append(mention_data)

  339. 

  340. 	return sorted(filtered_mentions, key=lambda d: d["value"])

  341. 

  342. 

  343. def get_users_for_mentions():

  344. 	return frappe.get_all(

  345. 		"User",

  346. 		fields=["name as id", "full_name as value"],

  347. 		filters={

  348. 			"name": ["not in", ("Administrator", "Guest")],

  349. 			"allowed_in_mentions": True,

  350. 			"user_type": "System User",

  351. 			"enabled": True,

  352. 		},

  353. 	)

  354. 

  355. 

  356. def get_user_groups():

  357. 	return frappe.get_all(

  358. 		"User Group", fields=["name as id", "name as value"], update={"is_group": True}

  359. 	)

  360. 

  361. 

  362. @frappe.whitelist()

  363. def get_link_title(doctype, docname):

  364. 	meta = frappe.get_meta(doctype)

  365. 

  366. 	if meta.show_title_field_in_link:

  367. 		return frappe.db.get_value(doctype, docname, meta.title_field)

  368. 

  369. 	return docname