Description

Fixes #34363

This PR addresses the issue where Link fields with get_query filters or permission restrictions don't validate manually pasted or typed values, allowing users to save invalid links that bypass the configured filters.

Changes Made

Frontend Changes

1. Link Control (frappe/public/js/frappe/form/controls/link.js)

   • Added paste event handler to trigger validation immediately when values are pasted
   • Enhanced validate_link_and_fetch() to pass filters, query, reference_doctype, and ignore_user_permissions to server
   • Added client-side validation feedback that marks field invalid and shows error message when server rejects the link

2. Base Control (frappe/public/js/frappe/form/controls/base_control.js)

   • Modified validate_and_set_in_model() to store pending validation promises
   • Enables save flow to detect and await in-flight validations

3. Form Save (frappe/public/js/frappe/form/save.js)

   • Added wait_for_pending_validations() to collect all pending field validation promises
   • Modified save flow to await all pending validations before calling server save
   • Added error handling to show user-friendly message if save is blocked due to invalid fields

Backend Changes

4. Client API (frappe/client.py)
   • Enhanced validate_link() to accept filters, query, reference_doctype, and ignore_user_permissions parameters
   • Added validation logic using get_list() to ensure entered docname satisfies provided filters
   • Returns empty dict and displays error message if link doesn't match filters or user lacks permissions

Tests

5. Integration Test (frappe/tests/test_client.py)
   • Added test_validate_link_with_filters_rejects_mismatch() to verify server-side filter validation
   • Tests that validate_link() correctly rejects values that don't match provided filters

How It Works

1. User pastes or types a value into a Link field
2. Paste handler immediately triggers validation (or blur event for typed values)
3. Client passes computed get_query filters/query to server validate_link() method
4. Server validates that value exists AND satisfies filters using get_list() with permissions
5. If validation fails, field is marked invalid with user-friendly error message
6. Before form save, all pending field validations are awaited
7. Save is blocked if any field is invalid

Testing

Manual Testing Steps:

1. Create a Link field with get_query filter (e.g., {filters: {enabled: 1}})
2. Paste or type a value that exists but doesn't match the filter
3. Verify error message appears and field is marked invalid
4. Verify form save is blocked until a valid value is entered

Automated Testing:

bench --site test_site run-tests frappe.tests.test_client.TestClient.test_validate_link_with_filters_rejects_mismatch

Edge Cases Covered

• ✅ Paste + immediate save (no blur) - validation is awaited before save
• ✅ Manual typing + blur - validation triggered on blur
• ✅ Dropdown selection - existing validation flow maintained
• ✅ Custom query functions - fallback to existence check for server-side queries
• ✅ Permission restrictions - enforced via get_list() permissions
• ✅ Title links and translatable fields - title_value_map handling preserved
• ✅ Child table link fields - validation applies to grid rows

Breaking Changes

None. This is a backward-compatible enhancement that only adds validation where it was previously missing.

Checklist

• Frontend changes implemented and tested
• Backend changes implemented and tested
• Integration tests added
• No breaking changes
• Code follows project conventions