refactor(query): improve logic in add_permission_conditions by sagarvora [frappe] PR#35303

Bot Dokosrequested to merge
ft-pr-35303 into develop

From: https://github.com/frappe/frappe/pull/35303
Date: 2025-12-17 22:28:52+05:30

  • fix(query): wrap CombinedRawCriterion in parentheses for correct precedence Without proper grouping, OR conditions from shared docs could bypass WHERE filters: WHERE filter=X AND perm_cond OR shared_cond -- shared_cond ignores filter!
  • test: improve single query test
  • chore: fix linter issues
  • fix: update logic for child tables
  • refactor(query): simplify permission logic in add_permission_conditions


Diagnostics 

pre-commit failed for source commit: 2b822cc63f33fdfc848ec77847b95ad3f481871c
warning: The following rules have been removed and ignoring them has no effect:
    - UP038

RUF005 Consider `[*self.fields, "parent", "parentfield"]` instead of concatenation
    --> frappe/database/query.py:1795:11
     |
1793 |         return frappe.qb.get_query(
1794 |             self.doctype,
1795 |             fields=self.fields + ["parent", "parentfield"],
     |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1796 |             filters=filters,
1797 |             order_by="idx asc",
     |
help: Replace with `[*self.fields, "parent", "parentfield"]`

Found 1 error.
No fixes available (1 hidden fix can be enabled with the `--unsafe-fixes` option).


pre-commit failed for source commit: 591d9a353510f5e3f9a48cacf66377e958f459fa
warning: The following rules have been removed and ignoring them has no effect:
    - UP038

RUF005 Consider `[*self.fields, "parent", "parentfield"]` instead of concatenation
    --> frappe/database/query.py:1814:11
     |
1812 |         return frappe.qb.get_query(
1813 |             self.doctype,
1814 |             fields=self.fields + ["parent", "parentfield"],
     |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1815 |             filters=filters,
1816 |             order_by="idx asc",
     |
help: Replace with `[*self.fields, "parent", "parentfield"]`

Found 1 error.
No fixes available (1 hidden fix can be enabled with the `--unsafe-fixes` option).


pre-commit failed for source commit: c7e9e01eb87d42a7276e4333165eb9172b2bbee8
warning: The following rules have been removed and ignoring them has no effect:
    - UP038

RUF005 Consider `[*self.fields, "parent", "parentfield"]` instead of concatenation
    --> frappe/database/query.py:1814:11
     |
1812 |         return frappe.qb.get_query(
1813 |             self.doctype,
1814 |             fields=self.fields + ["parent", "parentfield"],
     |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1815 |             filters=filters,
1816 |             order_by="idx asc",
     |
help: Replace with `[*self.fields, "parent", "parentfield"]`

Found 1 error.
No fixes available (1 hidden fix can be enabled with the `--unsafe-fixes` option).


pre-commit failed for source commit: d1ffd99fe8f03ce6f0a48cc968505aecfa9dd328
warning: The following rules have been removed and ignoring them has no effect:
    - UP038

RUF005 Consider `[*self.fields, "parent", "parentfield"]` instead of concatenation
    --> frappe/database/query.py:1814:11
     |
1812 |         return frappe.qb.get_query(
1813 |             self.doctype,
1814 |             fields=self.fields + ["parent", "parentfield"],
     |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1815 |             filters=filters,
1816 |             order_by="idx asc",
     |
help: Replace with `[*self.fields, "parent", "parentfield"]`

Found 1 error.
No fixes available (1 hidden fix can be enabled with the `--unsafe-fixes` option).


Checkout instructions 
# Checkout locally
git fetch upstream
git switch ft-pr-35303

# Alternatively, re-take the changes
git switch develop
ft take ft-pr-35303

# Make changes then rebase
git rebase -i develop

# Fix or ignore conflicts
git checkout --theirs .
git rebase --continue

# Force-push changes
git push --force-with-lease

Merge request reports