A Server Script lets you dynamically define a Python Script that is executed on the server on a document event or API
Introduced in Version 12
1. How to create a Server Script
To create a Server Script
If your site is being hosted on howinibs.com, contact support to activate Server Script. In case of self-hosted accounts, set server_script_enabled as true in site_config.json of your site.
To add/edit Server Script, ensure your role is System Manager.
Create a new server script via "New Server Script" in the toolbar.
Select the type of server script: Document Event, API, Permission Query.
Set the document type and event name, or method name, script and save.
2. Features
2.1 Enabling Server Script
Server script must be enabled via site_config.json
For scripts that are to be called via document events, you must set the Reference Document Type and Event Name to define the trigger
Before Insert
Before Save
After Save
Before Submit
After Submit
Before Cancel
After Cancel
Before Delete
After Delete
Before Save (Submitted Document)
After Save (Submitted Document)
2.3 API Scripts
You can create a new API that can be accessed via api/method/[methodname] by the script type "API"
If you want the guest user to access the API, you must check on "Allow Guest"
The response can be set via frappe.response["message"] object
2.4 Permission Query
This type of script allows you to add custom conditions in where clause for a DocType list query.
For example, let's say you want to show the list of ToDo records to a user only if they assigned the record or it was assigned to them. This can implemented by the following script:
conditions ='owner = {user} or assigned_by = {user}'.format(user=frappe.db.escape(user))
The resulting select query will look something like this:
Now, the list view of ToDo will show restricted records. This will also restrict the results shown in Link fields.
2.5 Security
Frappe Framework uses the RestrictedPython library to restrict access to methods available for server scripts. Only the safe methods, listed below are available in server scripts
json # json moduledict# internal dict_ # translator method_dict # frappe._dict internal methodfrappe.flags # global flags# FORMATTINGfrappe.format # frappe.format_value(value, dict(fieldtype='Currency'))frappe.format_value # frappe.format_value(value, dict(fieldtype='Currency'))frappe.date_format # default date formatfrappe.format_date # returns date as "1st September 2019"# SESSIONfrappe.form_dict # form / request parametersfrappe.request # request objectfrappe.response # response objectfrappe.session.user # current userfrappe.session.csrf_token # CSRF token of the current sessionfrappe.user # current userfrappe.get_fullname # fullname of the current userfrappe.get_gravatar # frappe.utils.get_gravatar_urlfrappe.full_name =# fullname of the current user# ORMfrappe.get_meta # get metadata objectfrappe.get_docfrappe.get_cached_docfrappe.get_listfrappe.get_allfrappe.get_system_settings# DBfrappe.db.get_listfrappe.db.get_allfrappe.db.get_valuefrappe.db.get_single_valuefrappe.db.get_defaultfrappe.db.escapefrappe.db.existsfrappe.db.commit# UTILITIESfrappe.msgprint # msgprintfrappe.get_hooks # app hooksfrappe.utils # methods in frappe.utilsfrappe.render_template # frappe.render_template,frappe.get_url # frappe.utils.get_urlfrappe.sendmail # send email via server scriptfrappe.get_print # get pdf for a docfrappe.attach_print # attach PDF to an emailsocketio_port # port for socketiostyle.border_color # '#d1d8dd'get_next_linkscrubguess_mimetype = mimetypes.guess_type,html2text = html2text,dev_server # True if in developer moderun_script # Run another server script# CACHEfrappe.cache.set_valuefrappe.cache.get_valuefrappe.cache.hsetfrappe.cache.hget