Skip to content

fix(query_builder): don't explode plucked scalars on masked doctypes (v16.12.2 hotfix)#2

Open
spc-agent-00 wants to merge 3 commits into
v16.12.2from
v16.12.2-hotfix
Open

fix(query_builder): don't explode plucked scalars on masked doctypes (v16.12.2 hotfix)#2
spc-agent-00 wants to merge 3 commits into
v16.12.2from
v16.12.2-hotfix

Conversation

@spc-agent-00

Copy link
Copy Markdown
Collaborator

Backports the masked-fields pluck fix from #1 onto a hotfix branch cut from the v16.12.2 tag.

Why

execute_query runs mask_fields() on every result when the queried doctype has masked fields for the current (non-admin) user. With pluck=True the DB layer returns a flat list of scalars, but mask_list_results ran list(row) on each scalar — turning "P-1156" into ('P','-','1','1','5','6') and raising TypeError: 'int' object is not iterable for numeric fields.

What

  • Handle pluck explicitly: mask each scalar only when the plucked field is itself a masked field, otherwise return the value untouched.
  • Add type hints to the mask_pluck_results helper.

Commits (cherry-picked from #1)

  • fix(query_builder): don't explode plucked scalars on masked doctypes
  • fix(query_builder): add type hints to mask_pluck_results args

The base branch v16.12.2 was created from the v16.12.2 tag.

🤖 Generated with Claude Code

pipech and others added 3 commits June 11, 2026 13:51
`execute_query` runs `mask_fields()` on every result whenever the queried
doctype has masked fields for the current (non-admin) user. With `pluck=True`
the DB layer has already reduced each row to a scalar, so the result is a flat
list of values rather than rows. `mask_list_results` then ran `list(row)` on
each scalar, turning "P-1156" into `('P', '-', '1', '1', '5', '6')` for strings
and raising `TypeError: 'int' object is not iterable` for numeric fields.

Handle `pluck` explicitly: mask each scalar only when the plucked field is
itself a masked field, otherwise return the value untouched. Admin users were
never affected since `get_masked_fields()` returns nothing for them.

Fixes frappe#39898

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Address review feedback on frappe#39898: annotate the helper's arguments and
return type, matching the style of mask_fields().

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
DatabaseQuery.execute returned the plucked scalar list before running
mask_fields, so a masked field leaked its raw value for non-admin users
when callers asked for a flat pluck list. Mask the dict rows first, then
pluck, reusing the existing mask_dict_results path.

This is the legacy db_query counterpart to the query-builder pluck fix in
#1. No core caller routes pluck through this engine on
16.12.2 (get_list/get_all/reportview use qb_query), so this covers direct
DatabaseQuery callers and any code still on the legacy path.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants