diff --git a/erpnext/accounts/doctype/payment_entry/payment_entry.py b/erpnext/accounts/doctype/payment_entry/payment_entry.py index 42f48c0aef0..9e2deedc99e 100644 --- a/erpnext/accounts/doctype/payment_entry/payment_entry.py +++ b/erpnext/accounts/doctype/payment_entry/payment_entry.py @@ -1175,8 +1175,8 @@ def validate_inclusive_tax(tax, doc): @frappe.whitelist() +# nosemgrep def get_outstanding_reference_documents(args): - if isinstance(args, str): args = json.loads(args) diff --git a/erpnext/accounts/utils.py b/erpnext/accounts/utils.py index 80a6f6b4249..9dafef74f4a 100644 --- a/erpnext/accounts/utils.py +++ b/erpnext/accounts/utils.py @@ -420,7 +420,7 @@ def add_cc(args=None): return cc.name -def reconcile_against_document(args): +def reconcile_against_document(args): # nosemgrep """ Cancel PE or JV, Update against document, split if required and resubmit """ diff --git a/erpnext/hooks.py b/erpnext/hooks.py index 9cb3fc4616e..d7cd8b957c7 100644 --- a/erpnext/hooks.py +++ b/erpnext/hooks.py @@ -87,6 +87,7 @@ website_context = { "splash_image": "/assets/erpnext/images/erpnext-logo.svg", } +# nosemgrep website_route_rules = [ {"from_route": "/orders", "to_route": "Sales Order"}, { diff --git a/erpnext/setup/doctype/department/department.py b/erpnext/setup/doctype/department/department.py index 159fa02612e..c4766ee6f8e 100644 --- a/erpnext/setup/doctype/department/department.py +++ b/erpnext/setup/doctype/department/department.py @@ -52,33 +52,18 @@ def get_abbreviated_name(name, company): @frappe.whitelist() def get_children(doctype, parent=None, company=None, is_root=False): - condition = "" - var_dict = { - "name": get_root_of("Department"), - "parent": parent, - "company": company, - } - if company == parent: - condition = "name=%(name)s" - elif company: - condition = "parent_department=%(parent)s and company=%(company)s" - else: - condition = "parent_department = %(parent)s" + fields = ["name as value", "is_group as expandable"] + filters = {} - return frappe.db.sql( - """ - select - name as value, - is_group as expandable - from `tab{doctype}` - where - {condition} - order by name""".format( - doctype=doctype, condition=condition - ), - var_dict, - as_dict=1, - ) + if company == parent: + filters["name"] = get_root_of("Department") + elif company: + filters["parent_department"] = parent + filters["company"] = company + else: + filters["parent_department"] = parent + + return frappe.get_all(doctype, fields=fields, filters=filters, order_by="name") @frappe.whitelist() diff --git a/erpnext/setup/doctype/employee/employee.py b/erpnext/setup/doctype/employee/employee.py index 84b1e51feed..3399b1a5a33 100755 --- a/erpnext/setup/doctype/employee/employee.py +++ b/erpnext/setup/doctype/employee/employee.py @@ -217,14 +217,19 @@ class Employee(NestedSet): frappe.throw(_("User {0} is disabled").format(self.user_id), EmployeeUserDisabledError) def validate_duplicate_user_id(self): - employee = frappe.db.sql_list( - """select name from `tabEmployee` where - user_id=%s and status='Active' and name!=%s""", - (self.user_id, self.name), - ) + Employee = frappe.qb.DocType("Employee") + employee = ( + frappe.qb.from_(Employee) + .select(Employee.name) + .where( + (Employee.user_id == self.user_id) + & (Employee.status == "Active") + & (Employee.name != self.name) + ) + ).run() if employee: throw( - _("User {0} is already assigned to Employee {1}").format(self.user_id, employee[0]), + _("User {0} is already assigned to Employee {1}").format(self.user_id, employee[0][0]), frappe.DuplicateEntryError, ) diff --git a/erpnext/setup/setup_wizard/operations/defaults_setup.py b/erpnext/setup/setup_wizard/operations/defaults_setup.py index e5d3f284f90..eed8f73cb48 100644 --- a/erpnext/setup/setup_wizard/operations/defaults_setup.py +++ b/erpnext/setup/setup_wizard/operations/defaults_setup.py @@ -6,6 +6,7 @@ from frappe import _ from frappe.utils import cstr, getdate +# nosemgrep def set_default_settings(args): # enable default currency frappe.db.set_value("Currency", args.get("currency"), "enabled", 1)