refactor: rewrite raw sql queries with frappe.qb and database API
diff --git a/erpnext/accounts/doctype/payment_entry/payment_entry.py b/erpnext/accounts/doctype/payment_entry/payment_entry.py
index 42f48c0..9e2deed 100644
--- a/erpnext/accounts/doctype/payment_entry/payment_entry.py
+++ b/erpnext/accounts/doctype/payment_entry/payment_entry.py
@@ -1175,8 +1175,8 @@
@frappe.whitelist()
+# nosemgrep
def get_outstanding_reference_documents(args):
-
if isinstance(args, str):
args = json.loads(args)
diff --git a/erpnext/accounts/utils.py b/erpnext/accounts/utils.py
index 80a6f6b..9dafef7 100644
--- a/erpnext/accounts/utils.py
+++ b/erpnext/accounts/utils.py
@@ -420,7 +420,7 @@
return cc.name
-def reconcile_against_document(args):
+def reconcile_against_document(args): # nosemgrep
"""
Cancel PE or JV, Update against document, split if required and resubmit
"""
diff --git a/erpnext/hooks.py b/erpnext/hooks.py
index 9cb3fc4..d7cd8b9 100644
--- a/erpnext/hooks.py
+++ b/erpnext/hooks.py
@@ -87,6 +87,7 @@
"splash_image": "/assets/erpnext/images/erpnext-logo.svg",
}
+# nosemgrep
website_route_rules = [
{"from_route": "/orders", "to_route": "Sales Order"},
{
diff --git a/erpnext/setup/doctype/department/department.py b/erpnext/setup/doctype/department/department.py
index 159fa02..c4766ee 100644
--- a/erpnext/setup/doctype/department/department.py
+++ b/erpnext/setup/doctype/department/department.py
@@ -52,33 +52,18 @@
@frappe.whitelist()
def get_children(doctype, parent=None, company=None, is_root=False):
- condition = ""
- var_dict = {
- "name": get_root_of("Department"),
- "parent": parent,
- "company": company,
- }
- if company == parent:
- condition = "name=%(name)s"
- elif company:
- condition = "parent_department=%(parent)s and company=%(company)s"
- else:
- condition = "parent_department = %(parent)s"
+ fields = ["name as value", "is_group as expandable"]
+ filters = {}
- return frappe.db.sql(
- """
- select
- name as value,
- is_group as expandable
- from `tab{doctype}`
- where
- {condition}
- order by name""".format(
- doctype=doctype, condition=condition
- ),
- var_dict,
- as_dict=1,
- )
+ if company == parent:
+ filters["name"] = get_root_of("Department")
+ elif company:
+ filters["parent_department"] = parent
+ filters["company"] = company
+ else:
+ filters["parent_department"] = parent
+
+ return frappe.get_all(doctype, fields=fields, filters=filters, order_by="name")
@frappe.whitelist()
diff --git a/erpnext/setup/doctype/employee/employee.py b/erpnext/setup/doctype/employee/employee.py
index 84b1e51..3399b1a 100755
--- a/erpnext/setup/doctype/employee/employee.py
+++ b/erpnext/setup/doctype/employee/employee.py
@@ -217,14 +217,19 @@
frappe.throw(_("User {0} is disabled").format(self.user_id), EmployeeUserDisabledError)
def validate_duplicate_user_id(self):
- employee = frappe.db.sql_list(
- """select name from `tabEmployee` where
- user_id=%s and status='Active' and name!=%s""",
- (self.user_id, self.name),
- )
+ Employee = frappe.qb.DocType("Employee")
+ employee = (
+ frappe.qb.from_(Employee)
+ .select(Employee.name)
+ .where(
+ (Employee.user_id == self.user_id)
+ & (Employee.status == "Active")
+ & (Employee.name != self.name)
+ )
+ ).run()
if employee:
throw(
- _("User {0} is already assigned to Employee {1}").format(self.user_id, employee[0]),
+ _("User {0} is already assigned to Employee {1}").format(self.user_id, employee[0][0]),
frappe.DuplicateEntryError,
)
diff --git a/erpnext/setup/setup_wizard/operations/defaults_setup.py b/erpnext/setup/setup_wizard/operations/defaults_setup.py
index e5d3f28..eed8f73 100644
--- a/erpnext/setup/setup_wizard/operations/defaults_setup.py
+++ b/erpnext/setup/setup_wizard/operations/defaults_setup.py
@@ -6,6 +6,7 @@
from frappe.utils import cstr, getdate
+# nosemgrep
def set_default_settings(args):
# enable default currency
frappe.db.set_value("Currency", args.get("currency"), "enabled", 1)