Gitiles
Code Review Sign In
git.clicks.codes / Clicks / Forks / ERPNext / aa1210921b944532986c6ecac918fca748fa19a3^! / .
commitaa1210921b944532986c6ecac918fca748fa19a3[log] [tgz]
authorChinmay D. Pai <chinmaydpai@gmail.com>Wed Jul 01 21:14:32 2020 +0530
committerChinmay D. Pai <chinmaydpai@gmail.com>Wed Jul 01 21:14:32 2020 +0530
treebc84300fcd58f6b703f76bac414b9028877d8d16
parent25b6c5d55aced74a83606d49a1800d3747389d3f [diff]
fix: whitelist all query functions for search widget

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>

diff --git a/erpnext/controllers/queries.py b/erpnext/controllers/queries.py
index f6a8d27..f373a43 100644
--- a/erpnext/controllers/queries.py
+++ b/erpnext/controllers/queries.py

@@ -10,7 +10,8 @@
 from erpnext.stock.get_item_details import _get_item_tax_template
 from frappe.utils import unique
 
- # searches for active employees
+# searches for active employees
+@frappe.whitelist()
 def employee_query(doctype, txt, searchfield, start, page_len, filters):
 	conditions = []
 	fields = get_fields("Employee", ["name", "employee_name"])
@@ -40,6 +41,7 @@
 
 
 # searches for leads which are not converted
+@frappe.whitelist()
 def lead_query(doctype, txt, searchfield, start, page_len, filters):
 	fields = get_fields("Lead", ["name", "lead_name", "company_name"])
 
@@ -69,6 +71,7 @@
 
 
  # searches for customer
+@frappe.whitelist()
 def customer_query(doctype, txt, searchfield, start, page_len, filters):
 	conditions = []
 	cust_master_name = frappe.defaults.get_user_default("cust_master_name")
@@ -106,6 +109,7 @@
 
 
 # searches for supplier
+@frappe.whitelist()
 def supplier_query(doctype, txt, searchfield, start, page_len, filters):
 	supp_master_name = frappe.defaults.get_user_default("supp_master_name")
 	if supp_master_name == "Supplier Name":
@@ -137,6 +141,7 @@
 		})
 
 
+@frappe.whitelist()
 def tax_account_query(doctype, txt, searchfield, start, page_len, filters):
 	company_currency = erpnext.get_company_currency(filters.get('company'))
 
@@ -162,6 +167,7 @@
 	return tax_accounts
 
 
+@frappe.whitelist()
 def item_query(doctype, txt, searchfield, start, page_len, filters, as_dict=False):
 	conditions = []
 
@@ -224,6 +230,7 @@
 			}, as_dict=as_dict)
 
 
+@frappe.whitelist()
 def bom(doctype, txt, searchfield, start, page_len, filters):
 	conditions = []
 	fields = get_fields("BOM", ["name", "item"])
@@ -250,6 +257,7 @@
 		})
 
 
+@frappe.whitelist()
 def get_project_name(doctype, txt, searchfield, start, page_len, filters):
 	cond = ''
 	if filters.get('customer'):
@@ -276,6 +284,7 @@
 			})
 
 
+@frappe.whitelist()
 def get_delivery_notes_to_be_billed(doctype, txt, searchfield, start, page_len, filters, as_dict):
 	fields = get_fields("Delivery Note", ["name", "customer", "posting_date"])
 
@@ -305,6 +314,7 @@
 	}, {"txt": ("%%%s%%" % txt)}, as_dict=as_dict)
 
 
+@frappe.whitelist()
 def get_batch_no(doctype, txt, searchfield, start, page_len, filters):
 	cond = ""
 	if filters.get("posting_date"):
@@ -362,6 +372,7 @@
 			limit %(start)s, %(page_len)s""".format(cond, match_conditions=get_match_cond(doctype)), args)
 
 
+@frappe.whitelist()
 def get_account_list(doctype, txt, searchfield, start, page_len, filters):
 	filter_list = []
 
@@ -385,6 +396,7 @@
 		limit_start=start, limit_page_length=page_len, as_list=True)
 
 
+@frappe.whitelist()
 def get_blanket_orders(doctype, txt, searchfield, start, page_len, filters):
 	return frappe.db.sql("""select distinct bo.name, bo.blanket_order_type, bo.to_date
 		from `tabBlanket Order` bo, `tabBlanket Order Item` boi