anoopmb
/
frappe
1
0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37237 Commit
1 分支
314 MiB
 
 
 
 
 
 
目錄樹: eadf6acab9
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'eadf6acab9'
${ noResults }
frappe/frappe/desk/search.py

318 line
10 KiB
原始文件 Blame 文件歷史 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # License: MIT. See LICENSE

  3. 

  4. # Search

  5. import frappe, json

  6. from frappe.utils import cstr, unique, cint

  7. from frappe.permissions import has_permission

  8. from frappe import _, is_whitelisted

  9. import re

  10. import wrapt

  11. 

  12. 

  13. def sanitize_searchfield(searchfield):

  14. 	blacklisted_keywords = ['select', 'delete', 'drop', 'update', 'case', 'and', 'or', 'like']

  15. 

  16. 	def _raise_exception(searchfield):

  17. 		frappe.throw(_('Invalid Search Field {0}').format(searchfield), frappe.DataError)

  18. 

  19. 	if len(searchfield) == 1:

  20. 		# do not allow special characters to pass as searchfields

  21. 		regex = re.compile(r'^.*[=;*,\'"$\-+%#@()_].*')

  22. 		if regex.match(searchfield):

  23. 			_raise_exception(searchfield)

  24. 

  25. 	if len(searchfield) >= 3:

  26. 

  27. 		# to avoid 1=1

  28. 		if '=' in searchfield:

  29. 			_raise_exception(searchfield)

  30. 

  31. 		# in mysql -- is used for commenting the query

  32. 		elif ' --' in searchfield:

  33. 			_raise_exception(searchfield)

  34. 

  35. 		# to avoid and, or and like

  36. 		elif any(' {0} '.format(keyword) in searchfield.split() for keyword in blacklisted_keywords):

  37. 			_raise_exception(searchfield)

  38. 

  39. 		# to avoid select, delete, drop, update and case

  40. 		elif any(keyword in searchfield.split() for keyword in blacklisted_keywords):

  41. 			_raise_exception(searchfield)

  42. 

  43. 		else:

  44. 			regex = re.compile(r'^.*[=;*,\'"$\-+%#@()].*')

  45. 			if any(regex.match(f) for f in searchfield.split()):

  46. 				_raise_exception(searchfield)

  47. 

  48. # this is called by the Link Field

  49. @frappe.whitelist()

  50. def search_link(doctype, txt, query=None, filters=None, page_length=20, searchfield=None, reference_doctype=None, ignore_user_permissions=False):

  51. 	search_widget(doctype, txt.strip(), query, searchfield=searchfield, page_length=page_length, filters=filters,

  52. 		reference_doctype=reference_doctype, ignore_user_permissions=ignore_user_permissions)

  53. 

  54. 	frappe.response["results"] = build_for_autosuggest(frappe.response["values"], doctype=doctype)

  55. 	del frappe.response["values"]

  56. 

  57. # this is called by the search box

  58. @frappe.whitelist()

  59. def search_widget(doctype, txt, query=None, searchfield=None, start=0,

  60. 	page_length=20, filters=None, filter_fields=None, as_dict=False, reference_doctype=None, ignore_user_permissions=False):

  61. 

  62. 	start = cint(start)

  63. 

  64. 	if isinstance(filters, str):

  65. 		filters = json.loads(filters)

  66. 

  67. 	if searchfield:

  68. 		sanitize_searchfield(searchfield)

  69. 

  70. 	if not searchfield:

  71. 		searchfield = "name"

  72. 

  73. 	standard_queries = frappe.get_hooks().standard_queries or {}

  74. 

  75. 	if query and query.split()[0].lower()!="select":

  76. 		# by method

  77. 		try:

  78. 			is_whitelisted(frappe.get_attr(query))

  79. 			frappe.response["values"] = frappe.call(query, doctype, txt,

  80. 				searchfield, start, page_length, filters, as_dict=as_dict)

  81. 		except frappe.exceptions.PermissionError as e:

  82. 			if frappe.local.conf.developer_mode:

  83. 				raise e

  84. 			else:

  85. 				frappe.respond_as_web_page(title='Invalid Method', html='Method not found',

  86. 				indicator_color='red', http_status_code=404)

  87. 			return

  88. 		except Exception as e:

  89. 			raise e

  90. 	elif not query and doctype in standard_queries:

  91. 		# from standard queries

  92. 		search_widget(doctype, txt, standard_queries[doctype][0],

  93. 			searchfield, start, page_length, filters)

  94. 	else:

  95. 		meta = frappe.get_meta(doctype)

  96. 

  97. 		if query:

  98. 			frappe.throw(_("This query style is discontinued"))

  99. 			# custom query

  100. 			# frappe.response["values"] = frappe.db.sql(scrub_custom_query(query, searchfield, txt))

  101. 		else:

  102. 			if isinstance(filters, dict):

  103. 				filters_items = filters.items()

  104. 				filters = []

  105. 				for f in filters_items:

  106. 					if isinstance(f[1], (list, tuple)):

  107. 						filters.append([doctype, f[0], f[1][0], f[1][1]])

  108. 					else:

  109. 						filters.append([doctype, f[0], "=", f[1]])

  110. 

  111. 			if filters is None:

  112. 				filters = []

  113. 			or_filters = []

  114. 

  115. 

  116. 			translated_search_doctypes = frappe.get_hooks("translated_search_doctypes")

  117. 			# build from doctype

  118. 			if txt:

  119. 				search_fields = ["name"]

  120. 				if meta.title_field:

  121. 					search_fields.append(meta.title_field)

  122. 

  123. 				if meta.search_fields:

  124. 					search_fields.extend(meta.get_search_fields())

  125. 

  126. 				for f in search_fields:

  127. 					fmeta = meta.get_field(f.strip())

  128. 					if (doctype not in translated_search_doctypes) and (f == "name" or (fmeta and fmeta.fieldtype in ["Data", "Text", "Small Text", "Long Text",

  129. 						"Link", "Select", "Read Only", "Text Editor"])):

  130. 							or_filters.append([doctype, f.strip(), "like", "%{0}%".format(txt)])

  131. 

  132. 			if meta.get("fields", {"fieldname":"enabled", "fieldtype":"Check"}):

  133. 				filters.append([doctype, "enabled", "=", 1])

  134. 			if meta.get("fields", {"fieldname":"disabled", "fieldtype":"Check"}):

  135. 				filters.append([doctype, "disabled", "!=", 1])

  136. 

  137. 			# format a list of fields combining search fields and filter fields

  138. 			fields = get_std_fields_list(meta, searchfield or "name")

  139. 			if filter_fields:

  140. 				fields = list(set(fields + json.loads(filter_fields)))

  141. 			formatted_fields = ['`tab%s`.`%s`' % (meta.name, f.strip()) for f in fields]

  142. 

  143. 			title_field_query = get_title_field_query(meta)

  144. 

  145. 			# Insert title field query after name

  146. 			if title_field_query:

  147. 				formatted_fields.insert(1, title_field_query)

  148. 

  149. 			# find relevance as location of search term from the beginning of string `name`. used for sorting results.

  150. 			formatted_fields.append("""locate({_txt}, `tab{doctype}`.`name`) as `_relevance`""".format(

  151. 				_txt=frappe.db.escape((txt or "").replace("%", "").replace("@", "")), doctype=doctype))

  152. 

  153. 

  154. 			# In order_by, `idx` gets second priority, because it stores link count

  155. 			from frappe.model.db_query import get_order_by

  156. 			order_by_based_on_meta = get_order_by(doctype, meta)

  157. 			# 2 is the index of _relevance column

  158. 			order_by = "_relevance, {0}, `tab{1}`.idx desc".format(order_by_based_on_meta, doctype)

  159. 

  160. 			ptype = 'select' if frappe.only_has_select_perm(doctype) else 'read'

  161. 			ignore_permissions = True if doctype == "DocType" else (cint(ignore_user_permissions) and has_permission(doctype, ptype=ptype))

  162. 

  163. 			if doctype in translated_search_doctypes:

  164. 				page_length = None

  165. 

  166. 			values = frappe.get_list(doctype,

  167. 				filters=filters,

  168. 				fields=formatted_fields,

  169. 				or_filters=or_filters,

  170. 				limit_start=start,

  171. 				limit_page_length=page_length,

  172. 				order_by=order_by,

  173. 				ignore_permissions=ignore_permissions,

  174. 				reference_doctype=reference_doctype,

  175. 				as_list=not as_dict,

  176. 				strict=False)

  177. 

  178. 			if doctype in translated_search_doctypes:

  179. 				# Filtering the values array so that query is included in very element

  180. 				values = (

  181. 					v for v in values

  182. 					if re.search(

  183. 						f"{re.escape(txt)}.*", _(v.name if as_dict else v[0]), re.IGNORECASE

  184. 					)

  185. 				)

  186. 

  187. 			# Sorting the values array so that relevant results always come first

  188. 			# This will first bring elements on top in which query is a prefix of element

  189. 			# Then it will bring the rest of the elements and sort them in lexicographical order

  190. 			values = sorted(values, key=lambda x: relevance_sorter(x, txt, as_dict))

  191. 

  192. 			# remove _relevance from results

  193. 			if as_dict:

  194. 				for r in values:

  195. 					r.pop("_relevance")

  196. 				frappe.response["values"] = values

  197. 			else:

  198. 				frappe.response["values"] = [r[:-1] for r in values]

  199. 

  200. def get_std_fields_list(meta, key):

  201. 	# get additional search fields

  202. 	sflist = ["name"]

  203. 	if meta.search_fields:

  204. 		for d in meta.search_fields.split(","):

  205. 			if d.strip() not in sflist:

  206. 				sflist.append(d.strip())

  207. 

  208. 	if meta.title_field and meta.title_field not in sflist:

  209. 		sflist.append(meta.title_field)

  210. 

  211. 	if key not in sflist:

  212. 		sflist.append(key)

  213. 

  214. 	return sflist

  215. 

  216. def get_title_field_query(meta):

  217. 	title_field = meta.title_field if meta.title_field else None

  218. 	show_title_field_in_link = meta.show_title_field_in_link if meta.show_title_field_in_link else None

  219. 	field = None

  220. 

  221. 	if title_field and show_title_field_in_link:

  222. 		field = "`tab{0}`.{1} as `label`".format(meta.name, title_field)

  223. 

  224. 	return field

  225. 

  226. def build_for_autosuggest(res, doctype):

  227. 	results = []

  228. 	meta = frappe.get_meta(doctype)

  229. 	if not (meta.title_field and meta.show_title_field_in_link):

  230. 		for r in res:

  231. 			r = list(r)

  232. 			results.append({

  233. 				"value": r[0],

  234. 				"description": ", ".join(unique(cstr(d) for d in r[1:] if d))

  235. 			})

  236. 

  237. 	else:

  238. 		title_field_exists = meta.title_field and meta.show_title_field_in_link

  239. 		_from = 2 if title_field_exists else 1 # to exclude title from description if title_field_exists

  240. 		for r in res:

  241. 			r = list(r)

  242. 			results.append({

  243. 				"value": r[0],

  244. 				"label": r[1] if title_field_exists else None,

  245. 				"description": ", ".join(unique(cstr(d) for d in r[_from:] if d))

  246. 			})

  247. 

  248. 	return results

  249. 

  250. def scrub_custom_query(query, key, txt):

  251. 	if '%(key)s' in query:

  252. 		query = query.replace('%(key)s', key)

  253. 	if '%s' in query:

  254. 		query = query.replace('%s', ((txt or '') + '%'))

  255. 	return query

  256. 

  257. def relevance_sorter(key, query, as_dict):

  258. 	value = _(key.name if as_dict else key[0])

  259. 	return (

  260. 		cstr(value).lower().startswith(query.lower()) is not True,

  261. 		value

  262. 	)

  263. 

  264. @wrapt.decorator

  265. def validate_and_sanitize_search_inputs(fn, instance, args, kwargs):

  266. 	kwargs.update(dict(zip(fn.__code__.co_varnames, args)))

  267. 	sanitize_searchfield(kwargs['searchfield'])

  268. 	kwargs['start'] = cint(kwargs['start'])

  269. 	kwargs['page_len'] = cint(kwargs['page_len'])

  270. 

  271. 	if kwargs['doctype'] and not frappe.db.exists('DocType', kwargs['doctype']):

  272. 		return []

  273. 

  274. 	return fn(**kwargs)

  275. 

  276. 

  277. @frappe.whitelist()

  278. def get_names_for_mentions(search_term):

  279. 	users_for_mentions = frappe.cache().get_value('users_for_mentions', get_users_for_mentions)

  280. 	user_groups = frappe.cache().get_value('user_groups', get_user_groups)

  281. 

  282. 	filtered_mentions = []

  283. 	for mention_data in users_for_mentions + user_groups:

  284. 		if search_term.lower() not in mention_data.value.lower():

  285. 			continue

  286. 

  287. 		mention_data['link'] = frappe.utils.get_url_to_form(

  288. 			'User Group' if mention_data.get('is_group') else 'User Profile',

  289. 			mention_data['id']

  290. 		)

  291. 

  292. 		filtered_mentions.append(mention_data)

  293. 

  294. 	return sorted(filtered_mentions, key=lambda d: d['value'])

  295. 

  296. def get_users_for_mentions():

  297. 	return frappe.get_all('User',

  298. 		fields=['name as id', 'full_name as value'],

  299. 		filters={

  300. 			'name': ['not in', ('Administrator', 'Guest')],

  301. 			'allowed_in_mentions': True,

  302. 			'user_type': 'System User',

  303. 			'enabled': True,

  304. 		})

  305. 

  306. def get_user_groups():

  307. 	return frappe.get_all('User Group', fields=['name as id', 'name as value'], update={

  308. 		'is_group': True

  309. 	})

  310. 

  311. @frappe.whitelist()

  312. def get_link_title(doctype, docname):

  313. 	meta = frappe.get_meta(doctype)

  314. 

  315. 	if meta.title_field and meta.show_title_field_in_link:

  316. 		return frappe.db.get_value(doctype, docname, meta.title_field)

  317. 

  318. 	return docname