From 66486a5a1c7d76c9f99c0c54eff22ff85abfa780 Mon Sep 17 00:00:00 2001 From: Jannat Patel Date: Mon, 19 Jan 2026 18:17:40 +0530 Subject: [PATCH 1/2] fix: do no execute send_notification bg job from batch immediately --- lms/lms/doctype/lms_batch/lms_batch.js | 8 -------- lms/lms/doctype/lms_batch/lms_batch.py | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/lms/lms/doctype/lms_batch/lms_batch.js b/lms/lms/doctype/lms_batch/lms_batch.js index f196c867..d18d1430 100644 --- a/lms/lms/doctype/lms_batch/lms_batch.js +++ b/lms/lms/doctype/lms_batch/lms_batch.js @@ -3,14 +3,6 @@ frappe.ui.form.on("LMS Batch", { onload: function (frm) { - frm.set_query("student", "students", function (doc) { - return { - filters: { - ignore_user_type: 1, - }, - }; - }); - frm.set_query("reference_doctype", "timetable", function () { let doctypes = ["Course Lesson", "LMS Quiz", "LMS Assignment"]; return { diff --git a/lms/lms/doctype/lms_batch/lms_batch.py b/lms/lms/doctype/lms_batch/lms_batch.py index 19208402..35d44a2e 100644 --- a/lms/lms/doctype/lms_batch/lms_batch.py +++ b/lms/lms/doctype/lms_batch/lms_batch.py @@ -37,7 +37,7 @@ class LMSBatch(Document): def on_update(self): if self.has_value_changed("published") and self.published: - frappe.enqueue(send_notification_for_published_batch, batch=self, now=True) + frappe.enqueue(send_notification_for_published_batch, batch=self) def autoname(self): if not self.name: From 5175050ed69c3a40407b050eaad7ba4b0dd93610 Mon Sep 17 00:00:00 2001 From: Jannat Patel Date: Mon, 19 Jan 2026 18:33:14 +0530 Subject: [PATCH 2/2] fix: allow enabled server script endpoints --- lms/auth.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lms/auth.py b/lms/auth.py index 7ad9354b..7fc9be03 100644 --- a/lms/auth.py +++ b/lms/auth.py @@ -61,6 +61,16 @@ def authenticate(): if path.startswith("/lms") or path.startswith("/api/method/lms."): return + if is_server_script_path(path): + return + if path in ALLOWED_PATHS: return frappe.throw(f"Access not allowed for this URL: {path}", frappe.PermissionError) + + +def is_server_script_path(path): + endpoint = path.split("/api/method/")[-1] + if frappe.db.exists("Server Script", {"script_type": "API", "api_method": endpoint, "disabled": 0}): + return True + return False