Gitiles
Code Review Sign In
git.clicks.codes / Clicks / Forks / ERPNext / b8749224040d96f1f6e8ed0d1a6e10bc2789b81c^! / .
commitb8749224040d96f1f6e8ed0d1a6e10bc2789b81c[log] [tgz]
authorprssanna <prssud@gmail.com>Mon Sep 30 11:12:10 2019 +0530
committerprssanna <prssud@gmail.com>Mon Sep 30 11:12:10 2019 +0530
tree801ad43a0e49c224b7c5452de55934bb2da036d2
parent119c976ad143110fd0fa65916de03b14d21481fd [diff]
fix: whitelist leaderboard functions

diff --git a/erpnext/startup/leaderboard.py b/erpnext/startup/leaderboard.py
index 6d9b77e..00b761b 100644
--- a/erpnext/startup/leaderboard.py
+++ b/erpnext/startup/leaderboard.py

@@ -48,6 +48,7 @@
 
 	return leaderboards
 
+@frappe.whitelist()
 def get_all_customers(from_date, company, field, limit = None):
 	if field == "outstanding_amount":
 		filters = [['docstatus', '=', '1'], ['company', '=', company]]
@@ -73,9 +74,10 @@
 			where so.docstatus = 1 and so.transaction_date >= %s and so.company = %s
 			group by so.customer
 			order by value DESC
-			limit %s
-		""".format(select_field), (from_date, company, limit), as_dict=1)
+			limit {1}
+		""".format(select_field, limit), (from_date, company), as_dict=1)
 
+@frappe.whitelist()
 def get_all_items(from_date, company, field, limit = None):
 	if field in ("available_stock_qty", "available_stock_value"):
 		select_field = "sum(actual_qty)" if field=="available_stock_qty" else "sum(stock_value)"
@@ -107,9 +109,10 @@
 				and sales_order.company = %s and sales_order.transaction_date >= %s
 			group by order_item.item_code
 			order by value desc
-			limit %s
-		""".format(select_field, select_doctype), (company, from_date, limit), as_dict=1)
+			limit {2}
+		""".format(select_field, select_doctype, limit), (company, from_date), as_dict=1)
 
+@frappe.whitelist()
 def get_all_suppliers(from_date, company, field, limit = None):
 	if field == "outstanding_amount":
 		filters = [['docstatus', '=', '1'], ['company', '=', company]]
@@ -136,8 +139,9 @@
 				and  purchase_order.company = %s
 			group by purchase_order.supplier
 			order by value DESC
-			limit %s""".format(select_field), (from_date, company, limit), as_dict=1)
+			limit {1}""".format(select_field, limit), (from_date, company), as_dict=1)
 
+@frappe.whitelist()
 def get_all_sales_partner(from_date, company, field, limit = None):
 	if field == "total_sales_amount":
 		select_field = "sum(base_net_total)"
@@ -151,9 +155,10 @@
 			and transaction_date >= %s and company = %s
 		group by sales_partner
 		order by value DESC
-		limit %s
-	""".format(select_field), (from_date, company, limit), as_dict=1)
+		limit {1}
+	""".format(select_field, limit), (from_date, company), as_dict=1)
 
+@frappe.whitelist()
 def get_all_sales_person(from_date, company, field = None, limit = None):
 	return frappe.db.sql("""
 		select sales_team.sales_person as name, sum(sales_order.base_net_total) as value
@@ -164,5 +169,5 @@
 			and sales_order.company = %s
 		group by sales_team.sales_person
 		order by value DESC
-		limit %s
-	""", (from_date, company, limit), as_dict=1)
+		limit {0}
+	""".format(limit), (from_date, company), as_dict=1)