How to attach an existing file to a document

Peer · December 3, 2024, 2:28pm

Here is the backend’s python code of the file manager:

frappe/frappe/blob/develop/frappe/utils/file_manager.py

# Copyright (c) 2021, Frappe Technologies Pvt. Ltd. and Contributors
# License: MIT. See LICENSE

import base64
import hashlib
import json
import mimetypes
import os
from copy import copy
from urllib.parse import unquote

import frappe
from frappe import _, conf
from frappe.query_builder.utils import DocType
from frappe.utils import call_hook_method, cint, cstr, encode, get_files_path, get_hook_method


class MaxFileSizeReachedError(frappe.ValidationError):
	pass

This file has been truncated. show original

This may help in an app.

There also is 1 whitelisted method in line 398ff.:

github.com

frappe/frappe/blob/3e74559617153f42b316127a552efd927e055f81/frappe/utils/file_manager.py#L399


      
          		f = fname.rsplit(".", 1)
          		if len(f) == 1:
          			partial, extn = f[0], ""
          		else:
          			partial, extn = f[0], "." + f[1]
          		return f"{partial}{optional_suffix}{extn}"
          	return fname
          
          
          @frappe.whitelist()
          def add_attachments(doctype, name, attachments):
          	"""Add attachments to the given DocType"""
          	if isinstance(attachments, str):
          		attachments = json.loads(attachments)
          	# loop through attachments
          	files = []
          	for a in attachments:
          		if isinstance(a, str):
          			attach = frappe.db.get_value(
          				"File", {"name": a}, ["file_name", "file_url", "is_private"], as_dict=1
          			)

Finding this:

github.com

frappe/frappe/blob/421f070e78ee1186e7f2f4b2575d8be1d3e2d646/frappe/public/js/frappe/file_uploader/FileUploader.vue#L381-L401


      
          				let form_data = new FormData();
          				if (file.file_obj) {
          					form_data.append('file', file.file_obj, file.name);
          				}
          				form_data.append('is_private', +file.private);
          				form_data.append('folder', this.folder);
          
          				if (file.file_url) {
          					form_data.append('file_url', file.file_url);
          				}
          
          				if (this.doctype && this.docname) {
          					form_data.append('doctype', this.doctype);
          					form_data.append('docname', this.docname);
          				}
          
          				if (this.method) {
          					form_data.append('method', this.method);
          				}
          
          				xhr.send(form_data);

I see that there is an API endpoint in line 377 like this:
xhr.open('POST', '/api/method/upload_file', true);
(followed by some header an CSRF security items, then building a form upload structure)
which betrays a whitelisted upload_file method which might be of use.
It seems to be just one “grep -r upload_file *” away from a usable point in the frappe app tree.

Here is another code snippet showing how to upload a file (using shell):

And we even got a long list of many other v14 api endpoints useable for many purposes:

gist.github.com

https://gist.github.com/revant/c2198c53673119e7020409764cf54a8c

erpnext-v14.2.1.json

{
  "guestFunctions": [
    "erpnext.www.book_appointment.verify.index.get_context(context)",
    "erpnext.www.book_appointment.index.get_appointment_settings()",
    "erpnext.www.book_appointment.index.get_timezones()",
    "erpnext.www.book_appointment.index.get_appointment_slots(date, timezone)",
    "erpnext.www.book_appointment.index.create_appointment(date, time, tz, contact)",
    "erpnext.templates.utils.send_message(subject='Website Query', message='', sender='', status='Open')",
    "erpnext.templates.pages.search_help.get_help_results_sections(text)",
    "erpnext.templates.pages.product_search.get_product_list(search=None, start=0, limit=12)",

This file has been truncated. show original

frappe-v14.9.0.json

{
  "guestFunctions": [
    "frappe.www.search.get_search_results(text, scope=None, start=0, as_html=False)",
    "frappe.www.login.login_via_google(code, state)",
    "frappe.www.login.login_via_github(code, state)",
    "frappe.www.login.login_via_facebook(code, state)",
    "frappe.www.login.login_via_frappe(code, state)",
    "frappe.www.login.login_via_office365(code, state)",
    "frappe.www.login.login_via_token(login_token)",
    "frappe.www.list.get(doctype, txt=None, limit_start=0, limit=20, pathname=None, **kwargs)",

This file has been truncated. show original

but, well, a recursive grep might help in many cases, too.